I am trying to analyze this program. This is the beginning code.

What I have learned is that the program uses a DOS extender.

If someone has time could you help me step through this so I can learn what it is doing.

It doesn't have the normal MZ signature. It stops interrupts for a while and uses the extra segment.

Thanks.

cs:0000 FA cli
cs:0001 16 push ss
cs:0002 1F pop ds
cs:0003 26A10200 mov ax,es:[0002]
cs:0007 83E840 sub ax,0040
cs:000A 8ED0 mov ss,ax
cs:000C FB sti
cs:000D 06 push es
cs:000E 16 push ss
cs:000F 07 pop es
cs:0010 BEF003 mov si,03F0
cs:0013 8BFE mov di,si
cs:0015 B91000 mov cx,0010
cs:0018 F3A4 rep movsb
cs:001A 07 pop es
Posted on 2004-02-22 08:39:43 by skywalker
This code sets up a 1024 byte stack at the end of the memory and copies 16 bytes from the previous stack to the new stack. The cli and sti are pointless. Are you sure it is not an EXE file? If it isn't, then the addresses should start at 0x100.

Edit: Actually, the board rules might not permit this kind of research for fear of the US law. But as long as you're not attempting to bypass protection mechanisms, you are probably not doing anything unlawful.
Posted on 2004-02-22 09:38:50 by Sephiroth3

This code sets up a 1024 byte stack at the end of the memory and copies 16 bytes from the previous stack to the new stack. The cli and sti are pointless. Are you sure it is not an EXE file? If it isn't, then the addresses should start at 0x100.

Edit: Actually, the board rules might not permit this kind of research for fear of the US law. But as long as you're not attempting to bypass protection mechanisms, you are probably not doing anything unlawful.



Here is the next section of code.
Thanks. If the stack was made bigger would it run faster.

The program runs my 256M memory down to zero while it's running, then later it is restored upon program
termination.


110F:001B 36 SS:
110F:001C 8C06FC03 MOV [03FC],ES
-u
110F:0020 8BD8 MOV BX,AX
110F:0022 8CCA MOV DX,CS
110F:0024 36 SS:
110F:0025 0316F003 ADD DX,[03F0]
110F:0029 36 SS:
110F:002A 8B2EF203 MOV BP,[03F2]
110F:002E FD STD
110F:002F 8BC5 MOV AX,BP
110F:0031 3D0010 CMP AX,1000
110F:0034 7603 JBE 0039
110F:0036 B80010 MOV AX,1000
110F:0039 2BE8 SUB BP,AX
110F:003B 2BD0 SUB DX,AX
110F:003D 2BD8 SUB BX,AX
110F:003F 8EDA MOV DS,DX
-
Posted on 2004-02-22 10:20:02 by skywalker
Lol, no, it wouldn't :P
It's difficult to tell what the code is supposed to do. Maybe you could upload the program somewhere and PM or email me the address?
Posted on 2004-02-22 11:19:36 by Sephiroth3