flat assembler
Message board for the users of flat assembler.

Index > DOS > Hot-patching?

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 21 Feb 2015, 15:00
debugging INT 21 it is
Code:
90     NOP
90     NOP
E8**** CALL ****    
I guessed it must be hot patching, but the 5 bytes before aren't
Code:
90 90 90 90 90    
.So are they still hooken code?[/code]
Post 21 Feb 2015, 15:00
View user's profile Send private message Reply with quote
nop



Joined: 01 Sep 2008
Posts: 165
Location: right here left there
nop 21 Feb 2015, 23:11
are you sugesting microsoft would use self modifying code inside a dos interupt Question you maybe right and the 2 nops could be replaced by a near jmp to bypass the subroutine call
Post 21 Feb 2015, 23:11
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 22 Feb 2015, 06:21
nop wrote:
are you sugesting microsoft would use self modifying code inside a dos interupt Question you maybe right and the 2 nops could be replaced by a near jmp to bypass the subroutine call
I know the one in Windows which is just after 5 nops and is
Code:
Mov edi, edi    
Post 22 Feb 2015, 06:21
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 22 Feb 2015, 09:00
l4m2,

That could be alignment due to linker involved.
Post 22 Feb 2015, 09:00
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 22 Feb 2015, 09:38
baldr wrote:
l4m2,

That could be alignment due to linker involved.
so why not directly go to the third command
Post 22 Feb 2015, 09:38
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 22 Feb 2015, 09:45
l4m2,

It seems to me that you didn't understand neither 'alignment' nor 'linker'.
Post 22 Feb 2015, 09:45
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 790
Location: Adelaide
sinsi 22 Feb 2015, 19:18
l4m2 wrote:
debugging INT 21 it is
Code:
90     NOP
90     NOP
E8**** CALL ****    
I guessed it must be hot patching, but the 5 bytes before aren't
Code:
90 90 90 90 90    
.So are they still hooken code?[/code]

I think that code is when DOS is loaded high, it calls himem's a20 enable then jumps to FDxx:xxxx, if not high the two nops become a short jump past the E8
Post 22 Feb 2015, 19:18
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.