flat assembler
Message board for the users of flat assembler.

Index > DOS > C4 C4 in NTVDM

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
Is there document about NTVDM api? With new AVX instruction set will the hack stop working?
Post 23 Jan 2019, 16:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16840
Location: In your JS exploiting you and your system
revolution
0xc4, 0xc4 = les eax,esp?

That would certainly become a new VEX prefix with AVX in the CPU.
Post 23 Jan 2019, 16:53
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
Quote:
BOP code 60 gives you the 'version' of ntvdm that's running (well. whichever antiquated version of SoftPC it's based on). Install a trap handler for invalid opcodes, and then execute c4/c4/60. If you get the version, probably 3.0, you're probably under NTVDM, and if you enter your trap handler, then you probably aren't. Obviously this wouldn't work for DosBox et al

Quote:
If you want some quick fun, manually enter "c4 c4 50 41" into debug and try to trace over it. Even though Debug will choke on the trace, you will see that the windows host name magically got put into the address specified in ds:dx.
Post 23 Jan 2019, 18:52
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16840
Location: In your JS exploiting you and your system
revolution
It should be using ud2 (or ud0/ud1) to guarantee an invalid opcode. All other encodings might be used for future instructions that don't yet exist.
Post 23 Jan 2019, 19:10
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
revolution wrote:
It should be using ud2 (or ud0/ud1) to guarantee an invalid opcode. All other encodings might be used for future instructions that don't yet exist.
ud2 may be used in program to raise exception? I'd rather use some command that exist but don't apply to virtual16(mov cr0,eax, etc)
Post 24 Jan 2019, 02:38
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16840
Location: In your JS exploiting you and your system
revolution
0xc4,0xc4 also raises an exception. It is supposed to be a invalid instruction, just like ud2.

The difference is that 0xc4,0xc4 is not guaranteed to always be invalid. Ud2 is.
Post 24 Jan 2019, 02:42
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.