flat assembler
Message board for the users of flat assembler.

Index > DOS > C4 C4 in NTVDM

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 23 Jan 2019, 16:31
Is there document about NTVDM api? With new AVX instruction set will the hack stop working?
Post 23 Jan 2019, 16:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 23 Jan 2019, 16:53
0xc4, 0xc4 = les eax,esp?

That would certainly become a new VEX prefix with AVX in the CPU.
Post 23 Jan 2019, 16:53
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 23 Jan 2019, 18:52
Quote:
BOP code 60 gives you the 'version' of ntvdm that's running (well. whichever antiquated version of SoftPC it's based on). Install a trap handler for invalid opcodes, and then execute c4/c4/60. If you get the version, probably 3.0, you're probably under NTVDM, and if you enter your trap handler, then you probably aren't. Obviously this wouldn't work for DosBox et al

Quote:
If you want some quick fun, manually enter "c4 c4 50 41" into debug and try to trace over it. Even though Debug will choke on the trace, you will see that the windows host name magically got put into the address specified in ds:dx.
Post 23 Jan 2019, 18:52
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 23 Jan 2019, 19:10
It should be using ud2 (or ud0/ud1) to guarantee an invalid opcode. All other encodings might be used for future instructions that don't yet exist.
Post 23 Jan 2019, 19:10
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 24 Jan 2019, 02:38
revolution wrote:
It should be using ud2 (or ud0/ud1) to guarantee an invalid opcode. All other encodings might be used for future instructions that don't yet exist.
ud2 may be used in program to raise exception? I'd rather use some command that exist but don't apply to virtual16(mov cr0,eax, etc)
Post 24 Jan 2019, 02:38
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20461
Location: In your JS exploiting you and your system
revolution 24 Jan 2019, 02:42
0xc4,0xc4 also raises an exception. It is supposed to be a invalid instruction, just like ud2.

The difference is that 0xc4,0xc4 is not guaranteed to always be invalid. Ud2 is.
Post 24 Jan 2019, 02:42
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 24 Dec 2022, 16:35
revolution wrote:
0xc4, 0xc4 = les eax,esp?

That would certainly become a new VEX prefix with AVX in the CPU.



[quote=https://www.agner.org/optimize/blog/read.php?i=25]
Microsoft is using the code C4 C4 in Windows for such a purpose. This code now conflicts with the new VEX instructions, which is the reason why Intel had to disable VEX instructions in 16-bit real and virtual mode.[/quote]
Post 24 Dec 2022, 16:35
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.