VOGONS


First post, by superfury

User metadata
Rank l33t++
Rank
l33t++

I'm trying to get Debian running on UniPCemu, in order to run xoreaxeaxeax's Sandsifter testsuite to verify my instruction emulation length, but somehow Linux still refuses to boot?

See also: https://github.com/xoreaxeaxeax/sandsifter/issues/61

The original disk image seems to have been corrupted. After putting fresh files from the distro server on the disk image, it seems to boot a bit further, past the "Now booting the kernel" message.

Eventually, it crashes in the kernel process itself it seems(process number #0)? Although the exception handler seems to print a very long (if not never ending) call trace?

The attachment 987-starting Debian.jpg is no longer available

It's the current release that's on itch.io if people want to try it for themselves(and generate execution logs).

So it's Debian 1.3.1, which uses Linux 2.0.33 as it's base (Debian Bo)? Can't seem to pull the linux repo from github using SmartGiy, though(too large?)?

Last edited by superfury on 2018-12-16, 17:13. Edited 6 times in total.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 1 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Checking the very first paging being applied, it's at 0010:0000021A. CR3 is 0x00101000.

Eventually I see it faulting loading descriptor selector 445F into the FS register? That happens at 0010:0010AD09(the kernel startup code)?

Then, same address value 5300h.
Then, 7375h.
Then, 0064h.
Then, 7375h.
Then, 666Fh.
Then, 6E45h.
Then, 6100h.
Then, 6E6Fh.
Then, 7070h.

TR is set to 0x40, base 0xc021cbd4.

That really sounds odd?

Also, the trap flag is oddly set, thus single-stepping through every instruction(IN THE KERNEL)!?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 3 of 25, by Stenzek

User metadata
Rank Newbie
Rank
Newbie

I couldn't find a disk image with that specific kernel version, so can't check the IP, but FWIW I'm only seeing 0x002B and 0x0018 loaded into FS. The only exception I'm seeing raised during early boot is a page fault for 0xC0000000.

Reply 4 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

It's just a hard disk with Windows 98 formatted MS-DOS on it and the Debian 1.3.1 files copied over, as in the documentation( https://hackaday.com/2011/08/12/installing-li … on-a-386-laptop ). Only himem.sys is loaded. Then it's started by executing loadlin as instructed.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 5 of 25, by Stenzek

User metadata
Rank Newbie
Rank
Newbie

Still not seeing that IP executed. Kernel version is 2.0.29.

Reply 6 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Looking at the very first fault that's raised on the latest commit(paging TLB being improved to only replace existing TLB entries based on present bit and page number and reads/writes being optimized to only be called once instead of twice(it was once for dirty&writable TLB read and once again when reading memory and the first lookup failed(the dirty&written TLB lookup). Now it just reads the TLB once: either dirty&writable for writes or any combination of TLB settings for reads)), it's a #GP(0) on a add (0000) instruction? That means it's executing some incorrectly/invalid(uninitialized) memory?

https://www.dropbox.com/s/cwl3sc9udn7rif1/deb … 20_1435.7z?dl=0

As far as I can find out the kernel used in my distro is Linux 2.0.33(according to https://wiki.debian.org/DebianBo ).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 7 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Looking at the log, it's probably already executing wrong code at 0010:00219842, since it seems to lead to an odd JS +00h instruction, after which it executes 0000h instructions(uninitialized memory)?

Perhaps a stack issue? That's probably it? So just searching up from the "0000 mov [eax],al" I find a ret instruction. So between that and it's call somewhere upwards of that is supposed to be an error?

Edit: Well, the stack pointer(21c1a0) is definitely wrong when executing said RET instruction. I can't find such value after ANY call instruction.

Looking upwards, I see a PUSH EBP below there, but a CALL resulting it as well?

0010:0010a8cd CF iretd	RealRAM(p):000AA8EA=74(t); RAM(p):0010A8EA=74(t); Physical(p):0010A8EA=74(t); Paged(p):C010A8EA=74(t); Normal(p):0010A8EA=74(t); RealRAM(p):000AA8EB=0B(); RAM(p):0010A8EB=0B(); Physical(p):0010A8EB=0B(); Paged(p):C010A8EB=0B(); Normal(p):0010A8EB=0B(); RealRAM(p):000AA8EC=A1(?); RAM(p):0010A8EC=A1(?); Physical(p):0010A8EC=A1(?); Paged(p):C010A8EC=A1(?); Normal(p):0010A8EC=A1(?); RealRAM(r):001BC198=9B(?); RAM(r):0021C198=9B(?); Physical(r):0021C198=9B(?); Paged(r):0021C198=9B(?); Normal(r):C021C198=9B(?); RealRAM(r):001BC199=8D(?); RAM(r):0021C199=8D(?); Physical(r):0021C199=8D(?); Paged(r):0021C199=8D(?); Normal(r):C021C199=8D(?); RealRAM(r):001BC19A=10(); RAM(r):0021C19A=10(); Physical(r):0021C19A=10(); Paged(r):0021C19A=10(); Normal(r):C021C19A=10(); RealRAM(r):001BC19B=00( ); RAM(r):0021C19B=00( ); Physical(r):0021C19B=00( ); Paged(r):0021C19B=00( ); Normal(r):C021C19B=00( ); RealRAM(r):001BC19C=10(); RAM(r):0021C19C=10(); Physical(r):0021C19C=10(); Paged(r):0021C19C=10(); Normal(r):C021C19C=10(); RealRAM(r):001BC19D=00( ); RAM(r):0021C19D=00( ); Physical(r):0021C19D=00( ); Paged(r):0021C19D=00( ); Normal(r):C021C19D=00( ); RealRAM(r):001BC1A0=02(); RAM(r):0021C1A0=02(); Physical(r):0021C1A0=02(); Paged(r):0021C1A0=02(); Normal(r):C021C1A0=02(); RealRAM(r):001BC1A1=03(); RAM(r):0021C1A1=03(); Physical(r):0021C1A1=03(); Paged(r):0021C1A1=03(); Normal(r):C021C1A1=03(); RealRAM(r):001BC1A2=01(); RAM(r):0021C1A2=01(); Physical(r):0021C1A2=01(); Paged(r):0021C1A2=01(); Normal(r):C021C1A2=01(); RealRAM(r):001BC1A3=00( ); RAM(r):0021C1A3=00( ); Physical(r):0021C1A3=00( ); Paged(r):0021C1A3=00( ); Normal(r):C021C1A3=00( ); RealRAM(p):000A8D9B=55(U); RAM(p):00108D9B=55(U); Physical(p):00108D9B=55(U); Paged(p):C0108D9B=55(U); Normal(p):00108D9B=55(U); RealRAM(p):000A8D9C=57(W); RAM(p):00108D9C=57(W); Physical(p):00108D9C=57(W); Paged(p):C0108D9C=57(W); Normal(p):00108D9C=57(W); RealRAM(p):000A8D9D=56(V); RAM(p):00108D9D=56(V); Physical(p):00108D9D=56(V); Paged(p):C0108D9D=56(V); Normal(p):00108D9D=56(V); RealRAM(p):000A8D9E=53(S); RAM(p):00108D9E=53(S); Physical(p):00108D9E=53(S); Paged(p):C0108D9E=53(S); Normal(p):00108D9E=53(S); RealRAM(p):000A8D9F=8B(?); RAM(p):00108D9F=8B(?); Physical(p):00108D9F=8B(?); Paged(p):C0108D9F=8B(?); Normal(p):00108D9F=8B(?); RealRAM(p):000A8DA0=6C(l); RAM(p):00108DA0=6C(l); Physical(p):00108DA0=6C(l); Paged(p):C0108DA0=6C(l); Normal(p):00108DA0=6C(l); RealRAM(p):000A8DA1=24($); RAM(p):00108DA1=24($); Physical(p):00108DA1=24($); Paged(p):C0108DA1=24($); Normal(p):00108DA1=24($); RealRAM(p):000A8DA2=1C(); RAM(p):00108DA2=1C(); Physical(p):00108DA2=1C(); Paged(p):C0108DA2=1C(); Normal(p):00108DA2=1C(); RealRAM(p):000A8DA3=C7(?); RAM(p):00108DA3=C7(?); Physical(p):00108DA3=C7(?); Paged(p):C0108DA3=C7(?); Normal(p):00108DA3=C7(?); RealRAM(p):000A8DA4=44(D); RAM(p):00108DA4=44(D); Physical(p):00108DA4=44(D); Paged(p):C0108DA4=44(D); Normal(p):00108DA4=44(D); RealRAM(p):000A8DA5=24($); RAM(p):00108DA5=24($); Physical(p):00108DA5=24($); Paged(p):C0108DA5=24($); Normal(p):00108DA5=24($); RealRAM(p):000A8DA6=14(); RAM(p):00108DA6=14(); Physical(p):00108DA6=14(); Paged(p):C0108DA6=14(); Normal(p):00108DA6=14(); RealRAM(p):000A8DA7=00( ); RAM(p):00108DA7=00( ); Physical(p):00108DA7=00( ); Paged(p):C0108DA7=00( ); Normal(p):00108DA7=00( ); RealRAM(p):000A8DA8=00( ); RAM(p):00108DA8=00( ); Physical(p):00108DA8=00( ); Paged(p):C0108DA8=00( ); Normal(p):00108DA8=00( ); RealRAM(p):000A8DA9=00( ); RAM(p):00108DA9=00( ); Physical(p):00108DA9=00( ); Paged(p):C0108DA9=00( ); Normal(p):00108DA9=00( ); RealRAM(p):000A8DAA=00( ); RAM(p):00108DAA=00( ); Physical(p):00108DAA=00( ); Paged(p):C0108DAA=00( ); Normal(p):00108DAA=00( ); RealRAM(p):000A8DAB=89(?); RAM(p):00108DAB=89(?); Physical(p):00108DAB=89(?); Paged(p):C0108DAB=89(?); Normal(p):00108DAB=89(?); RealRAM(p):000A8DAC=EE(?); RAM(p):00108DAC=EE(?); Physical(p):00108DAC=EE(?); Paged(p):C0108DAC=EE(?); Normal(p):00108DAC=EE(?); RealRAM(p):000A8DAD=BF(?); RAM(p):00108DAD=BF(?); Physical(p):00108DAD=BF(?); Paged(p):C0108DAD=BF(?); Normal(p):00108DAD=BF(?); RealRAM(p):000A8DAE=6D(m); RAM(p):00108DAE=6D(m); Physical(p):00108DAE=6D(m); Paged(p):C0108DAE=6D(m); Normal(p):00108DAE=6D(m); RealRAM(p):000A8DAF=EF(?); RAM(p):00108DAF=EF(?); Physical(p):00108DAF=EF(?); Paged(p):C0108DAF=EF(?); Normal(p):00108DAF=EF(?); RealRAM(p):000A8DB0=1E(); RAM(p):00108DB0=1E(); Physical(p):00108DB0=1E(); Paged(p):C0108DB0=1E(); Normal(p):00108DB0=1E(); RealRAM(p):000A8DB1=00( ); RAM(p):00108DB1=00( ); Physical(p):00108DB1=00( ); Paged(p):C0108DB1=00( ); Normal(p):00108DB1=00( ); RealRAM(p):000A8DB2=B9(?); RAM(p):00108DB2=B9(?); Physical(p):00108DB2=B9(?); Paged(p):C0108DB2=B9(?); Normal(p):00108DB2=B9(?); RealRAM(p):000A8DB3=05(); RAM(p):00108DB3=05(); Physical(p):00108DB3=05(); Paged(p):C0108DB3=05(); Normal(p):00108DB3=05(); RealRAM(p):000A8DB4=00( ); RAM(p):00108DB4=00( ); Physical(p):00108DB4=00( ); Paged(p):C0108DB4=00( ); Normal(p):00108DB4=00( ); RealRAM(p):000A8DB5=00( ); RAM(p):00108DB5=00( ); Physical(p):00108DB5=00( ); Paged(p):C0108DB5=00( ); Normal(p):00108DB5=00( ); RealRAM(p):000A8DB6=00( ); RAM(p):00108DB6=00( ); Physical(p):00108DB6=00( ); Paged(p):C0108DB6=00( ); Normal(p):00108DB6=00( ); RealRAM(p):000A8DB7=FC(?); RAM(p):00108DB7=FC(?); Physical(p):00108DB7=FC(?); Paged(p):C0108DB7=FC(?); Normal(p):00108DB7=FC(?); RealRAM(p):000A8DB8=49(I); RAM(p):00108DB8=49(I); Physical(p):00108DB8=49(I); Paged(p):C0108DB8=49(I); Normal(p):00108DB8=49(I); RealRAM(p):000A8DB9=78(x); RAM(p):00108DB9=78(x); Physical(p):00108DB9=78(x); Paged(p):C0108DB9=78(x); Normal(p):00108DB9=78(x); RealRAM(p):000A8DBA=08(); RAM(p):00108DBA=08(); Physical(p):00108DBA=08(); Paged(p):C0108DBA=08(); Normal(p):00108DBA=08(); RealRAM(p):000A8D9B=55(U); RAM(p):00108D9B=55(U); Physical(p):00108D9B=55(U); Paged(p):C0108D9B=55(U); Normal(p):00108D9B=55(U); RealRAM(p):000A8D9C=57(W); RAM(p):00108D9C=57(W); Physical(p):00108D9C=57(W); Paged(p):C0108D9C=57(W); Normal(p):00108D9C=57(W); RealRAM(p):000A8D9D=56(V); RAM(p):00108D9D=56(V); Physical(p):00108D9D=56(V); Paged(p):C0108D9D=56(V); Normal(p):00108D9D=56(V); RealRAM(p):000A8D9E=53(S); RAM(p):00108D9E=53(S); Physical(p):00108D9E=53(S); Paged(p):C0108D9E=53(S); Normal(p):00108D9E=53(S); RealRAM(p):000A8D9F=8B(?); RAM(p):00108D9F=8B(?); Physical(p):00108D9F=8B(?); Paged(p):C0108D9F=8B(?); Normal(p):00108D9F=8B(?); RealRAM(p):000A8DA0=6C(l); RAM(p):00108DA0=6C(l); Physical(p):00108DA0=6C(l); Paged(p):C0108DA0=6C(l); Normal(p):00108DA0=6C(l); RealRAM(p):000A8DA1=24($); RAM(p):00108DA1=24($); Physical(p):00108DA1=24($); Paged(p):C0108DA1=24($); Normal(p):00108DA1=24($); RealRAM(p):000A8DA2=1C(); RAM(p):00108DA2=1C(); Physical(p):00108DA2=1C(); Paged(p):C0108DA2=1C(); Normal(p):00108DA2=1C(); RealRAM(p):000A8DA3=C7(?); RAM(p):00108DA3=C7(?); Physical(p):00108DA3=C7(?); Paged(p):C0108DA3=C7(?); Normal(p):00108DA3=C7(?); RealRAM(p):000A8DA4=44(D); RAM(p):00108DA4=44(D); Physical(p):00108DA4=44(D); Paged(p):C0108DA4=44(D); Normal(p):00108DA4=44(D); RealRAM(p):000A8DA5=24($); RAM(p):00108DA5=24($); Physical(p):00108DA5=24($); Paged(p):C0108DA5=24($); Normal(p):00108DA5=24($); RealRAM(p):000A8DA6=14(); RAM(p):00108DA6=14(); Physical(p):00108DA6=14(); Paged(p):C0108DA6=14(); Normal(p):00108DA6=14(); RealRAM(p):000A8DA7=00( ); RAM(p):00108DA7=00( ); Physical(p):00108DA7=00( ); Paged(p):C0108DA7=00( ); Normal(p):00108DA7=00( ); RealRAM(p):000A8DA8=00( ); RAM(p):00108DA8=00( ); Physical(p):00108DA8=00( ); Paged(p):C0108DA8=00( ); Normal(p):00108DA8=00( ); RealRAM(p):000A8DA9=00( ); RAM(p):00108DA9=00( ); Physical(p):00108DA9=00( ); Paged(p):C0108DA9=00( ); Normal(p):00108DA9=00( ); RealRAM(p):000A8DAA=00( ); RAM(p):00108DAA=00( ); Physical(p):00108DAA=00( ); Paged(p):C0108DAA=00( ); Normal(p):00108DAA=00( ); RealRAM(p):000A8DAB=89(?); RAM(p):00108DAB=89(?); Physical(p):00108DAB=89(?); Paged(p):C0108DAB=89(?); Normal(p):00108DAB=89(?); RealRAM(p):000A8DAC=EE(?); RAM(p):00108DAC=EE(?); Physical(p):00108DAC=EE(?); Paged(p):C0108DAC=EE(?); Normal(p):00108DAC=EE(?); RealRAM(p):000A8DAD=BF(?); RAM(p):00108DAD=BF
Registers:
EAX: 00219839 EBX: 00219834 ECX: ffffffff EDX: 00000000
ESP: 0021c198 EBP: 00219842 ESI: 00219839 EDI: 001eef78
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 0010a8cd EFLAGS: 00000202
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00avr0n00odItsz0a0p1c
MMU: Reading from real(r): 000A6058=DC (?)
Reading from RAM(r): 00106058=DC (?)
Reading from physical memory(r): 00106058=DC (?)
Reading from paged memory(r): 00106058=DC (?)
MMU: Reading from real(r): 000A6059=A9 (?)
Reading from RAM(r): 00106059=A9 (?)
Reading from physical memory(r): 00106059=A9 (?)
Reading from paged memory(r): 00106059=A9 (?)
MMU: Reading from real(r): 000A605A=10 ()
Reading from RAM(r): 0010605A=10 ()
Reading from physical memory(r): 0010605A=10 ()
Reading from paged memory(r): 0010605A=10 ()
MMU: Reading from real(r): 000A605B=00 ( )
Reading from RAM(r): 0010605B=00 ( )
Reading from physical memory(r): 0010605B=00 ( )
Reading from paged memory(r): 0010605B=00 ( )
MMU: Reading from real(r): 000A605C=00 ( )
Reading from RAM(r): 0010605C=00 ( )
Reading from physical memory(r): 0010605C=00 ( )
Reading from paged memory(r): 0010605C=00 ( )
MMU: Reading from real(r): 000A605D=8F (?)
Reading from RAM(r): 0010605D=8F (?)
Reading from physical memory(r): 0010605D=8F (?)
Reading from paged memory(r): 0010605D=8F (?)
MMU: Reading from real(r): 000A605E=10 ()
Reading from RAM(r): 0010605E=10 ()
Reading from physical memory(r): 0010605E=10 ()
Reading from paged memory(r): 0010605E=10 ()
MMU: Reading from real(r): 000A605F=00 ( )
Reading from RAM(r): 0010605F=00 ( )
Reading from physical memory(r): 0010605F=00 ( )
Reading from paged memory(r): 0010605F=00 ( )
MMU: Reading from real(r): 000A6868=FF (?)
Reading from RAM(r): 00106868=FF (?)
Reading from physical memory(r): 00106868=FF (?)
Reading from paged memory(r): 00106868=FF (?)
MMU: Reading from real(r): 000A6869=FF (?)
Reading from RAM(r): 00106869=FF (?)
Reading from physical memory(r): 00106869=FF (?)
Reading from paged memory(r): 00106869=FF (?)
MMU: Reading from real(r): 000A686A=00 ( )
Reading from RAM(r): 0010686A=00 ( )
Reading from physical memory(r): 0010686A=00 ( )
Reading from paged memory(r): 0010686A=00 ( )
MMU: Reading from real(r): 000A686B=00 ( )
Reading from RAM(r): 0010686B=00 ( )
Reading from physical memory(r): 0010686B=00 ( )
Reading from paged memory(r): 0010686B=00 ( )
Show last 65 lines
MMU: Reading from real(r): 000A686C=00 ( )
Reading from RAM(r): 0010686C=00 ( )
Reading from physical memory(r): 0010686C=00 ( )
Reading from paged memory(r): 0010686C=00 ( )
MMU: Reading from real(r): 000A686D=9B (?)
Reading from RAM(r): 0010686D=9B (?)
Reading from physical memory(r): 0010686D=9B (?)
Reading from paged memory(r): 0010686D=9B (?)
MMU: Reading from real(r): 000A686E=C3 (?)
Reading from RAM(r): 0010686E=C3 (?)
Reading from physical memory(r): 0010686E=C3 (?)
Reading from paged memory(r): 0010686E=C3 (?)
MMU: Reading from real(r): 000A686F=C0 (?)
Reading from RAM(r): 0010686F=C0 (?)
Reading from physical memory(r): 0010686F=C0 (?)
Reading from paged memory(r): 0010686F=C0 (?)
0010:00108d9b 55 push ebp Paged(w):C021C1A0=42(B); Paged(w):C021C1A1=98(?); Paged(w):C021C1A2=21(!); Paged(w):C021C1A3=00( ); Normal(w):C021C19C=02(); Paged(w):0021C19C=02(); Normal(w):C021C19D=03(); Paged(w):0021C19D=03(); Normal(w):C021C19E=01(); Paged(w):0021C19E=01(); Normal(w):C021C19F=00( ); Paged(w):0021C19F=00( ); Normal(w):C021C198=10(); Paged(w):0021C198=10(); Normal(w):C021C199=00( ); Paged(w):0021C199=00( ); Normal(w):C021C19A=00( ); Paged(w):0021C19A=00( ); Normal(w):C021C19B=00( ); Paged(w):0021C19B=00( ); Normal(w):C021C194=9C(?); Paged(w):0021C194=9C(?); Normal(w):C021C195=8D(?); Paged(w):0021C195=8D(?); Normal(w):C021C196=10(); Paged(w):0021C196=10(); Normal(w):C021C197=00( ); Paged(w):0021C197=00( ); RealRAM(p):000AA9DC=6A(j); RAM(p):0010A9DC=6A(j); Physical(p):0010A9DC=6A(j); Paged(p):C010A9DC=6A(j); Normal(p):0010A9DC=6A(j); RealRAM(p):000AA9DD=00( ); RAM(p):0010A9DD=00( ); Physical(p):0010A9DD=00( ); Paged(p):C010A9DD=00( ); Normal(p):0010A9DD=00( ); RealRAM(p):000AA9DE=68(h); RAM(p):0010A9DE=68(h); Physical(p):0010A9DE=68(h); Paged(p):C010A9DE=68(h); Normal(p):0010A9DE=68(h); RealRAM(p):000AA9DF=88(?); RAM(p):0010A9DF=88(?); Physical(p):0010A9DF=88(?); Paged(p):C010A9DF=88(?); Normal(p):0010A9DF=88(?); RealRAM(p):000AA9E0=B1(?); RAM(p):0010A9E0=B1(?); Physical(p):0010A9E0=B1(?); Paged(p):C010A9E0=B1(?); Normal(p):0010A9E0=B1(?); RealRAM(p):000AA9E1=10(); RAM(p):0010A9E1=10(); Physical(p):0010A9E1=10(); Paged(p):C010A9E1=10(); Normal(p):0010A9E1=10(); RealRAM(p):000AA9E2=00( ); RAM(p):0010A9E2=00( ); Physical(p):0010A9E2=00( ); Paged(p):C010A9E2=00( ); Normal(p):0010A9E2=00( ); RealRAM(p):000AA9E3=E9(?); RAM(p):0010A9E3=E9(?); Physical(p):0010A9E3=E9(?); Paged(p):C010A9E3=E9(?); Normal(p):0010A9E3=E9(?); RealRAM(p):000AA9E4=5C(\); RAM(p):0010A9E4=5C(\); Physical(p):0010A9E4=5C(\); Paged(p):C010A9E4=5C(\); Normal(p):0010A9E4=5C(\); RealRAM(p):000AA9E5=FF(?); RAM(p):0010A9E5=FF(?); Physical(p):0010A9E5=FF(?); Paged(p):C010A9E5=FF(?); Normal(p):0010A9E5=FF(?); RealRAM(p):000AA9E6=FF(?); RAM(p):0010A9E6=FF(?); Physical(p):0010A9E6=FF(?); Paged(p):C010A9E6=FF(?); Normal(p):0010A9E6=FF(?); RealRAM(p):000AA9E7=FF(?); RAM(p):0010A9E7=FF(?); Physical(p):0010A9E7=FF(?); Paged(p):C010A9E7=FF(?); Normal(p):0010A9E7=FF(?); RealRAM(p):000AA9E8=6A(j); RAM(p):0010A9E8=6A(j); Physical(p):0010A9E8=6A(j); Paged(p):C010A9E8=6A(j); Normal(p):0010A9E8=6A(j); RealRAM(p):000AA9E9=00( ); RAM(p):0010A9E9=00( ); Physical(p):0010A9E9=00( ); Paged(p):C010A9E9=00( ); Normal(p):0010A9E9=00( ); RealRAM(p):000AA9EA=68(h); RAM(p):0010A9EA=68(h); Physical(p):0010A9EA=68(h); Paged(p):C010A9EA=68(h); Normal(p):0010A9EA=68(h); RealRAM(p):000AA9EB=80(?); RAM(p):0010A9EB=80(?); Physical(p):0010A9EB=80(?); Paged(p):C010A9EB=80(?); Normal(p):0010A9EB=80(?); RealRAM(p):000AA9EC=B1(?); RAM(p):0010A9EC=B1(?); Physical(p):0010A9EC=B1(?); Paged(p):C010A9EC=B1(?); Normal(p):0010A9EC=B1(?); RealRAM(p):000AA9ED=10(); RAM(p):0010A9ED=10(); Physical(p):0010A9ED=10(); Paged(p):C010A9ED=10(); Normal(p):0010A9ED=10(); RealRAM(p):000AA9EE=00( ); RAM(p):0010A9EE=00( ); Physical(p):0010A9EE=00( ); Paged(p):C010A9EE=00( ); Normal(p):0010A9EE=00( ); RealRAM(p):000AA9EF=E9(?); RAM(p):0010A9EF=E9(?); Physical(p):0010A9EF=E9(?); Paged(p):C010A9EF=E9(?); Normal(p):0010A9EF=E9(?); RealRAM(p):000AA9F0=50(P); RAM(p):0010A9F0=50(P); Physical(p):0010A9F0=50(P); Paged(p):C010A9F0=50(P); Normal(p):0010A9F0=50(P); RealRAM(p):000AA9F1=FF(?); RAM(p):0010A9F1=FF(?); Physical(p):0010A9F1=FF(?); Paged(p):C010A9F1=FF(?); Normal(p):0010A9F1=FF(?); RealRAM(p):000AA9F2=FF(?); RAM(p):0010A9F2=FF(?); Physical(p):0010A9F2=FF(?); Paged(p):C010A9F2=FF(?); Normal(p):0010A9F2=FF(?); RealRAM(p):000AA9F3=FF(?); RAM(p):0010A9F3=FF(?); Physical(p):0010A9F3=FF(?); Paged(p):C010A9F3=FF(?); Normal(p):0010A9F3=FF(?); RealRAM(p):000AA9F4=6A(j); RAM(p):0010A9F4=6A(j); Physical(p):0010A9F4=6A(j); Paged(p):C010A9F4=6A(j); Normal(p):0010A9F4=6A(j); RealRAM(p):000AA9F5=00( ); RAM(p):0010A9F5=00( ); Physical(p):0010A9F5=00( ); Paged(p):C010A9F5=00( ); Normal(p):0010A9F5=00( ); RealRAM(p):000AA9F6=68(h); RAM(p):0010A9F6=68(h); Physical(p):0010A9F6=68(h); Paged(p):C010A9F6=68(h); Normal(p):0010A9F6=68(h); RealRAM(p):000AA9F7=A4(?); RAM(p):0010A9F7=A4(?); Physical(p):0010A9F7=A4(?); Paged(p):C010A9F7=A4(?); Normal(p):0010A9F7=A4(?); RealRAM(p):000AA9F8=AD(?); RAM(p):0010A9F8=AD(?); Physical(p):0010A9F8=AD(?); Paged(p):C010A9F8=AD(?); Normal(p):0010A9F8=AD(?); RealRAM(p):000AA9F9=10(); RAM(p):0010A9F9=10(); Physical(p):0010A9F9=10(); Paged(p):C010A9F9=10(); Normal(p):0010A9F9=10(); RealRAM(p):000AA9FA=00( ); RAM(p):0010A9FA=00( ); Physical(p):0010A9FA=00( ); Paged(p):C010A9FA=00( ); Normal(p):0010A9FA=00( ); RealRAM(p):000AA9FB=E9(?); RAM(p):0010A9FB=E9(?); Physical(p):0010A9FB=E9(?); Paged(p):C010A9FB=E9(?); Normal(p):0010A9FB=E9(?); Physical(w):0021C1A0=42(B); RAM(w):0021C1A0=42(B); RealRAM(w):001BC1A0=42(B); Physical(w):0021C1A1=98(?); RAM(w):0021C1A1=98(?); RealRAM(w):001BC1A1=98(?); Physical(w):0021C1A2=21(!); RAM(w):0021C1A2=21(!); RealRAM(w):001BC1A2=21(!); Physical(w):0021C1A3=00( ); RAM(w):0021C1A3=00( ); RealRAM(w):001BC1A3=00( ); Physical(w):0021C19C=02(); RAM(w):0021C19C=02(); RealRAM(w):001BC19C=02(); Physical(w):0021C19D=03(); RAM(w):0021C19D=03(); RealRAM(w):001BC19D=03(); Physical(w):0021C19E=01(); RAM(w):0021C19E=01(); RealRAM(w):001BC19E=01(); Physical(w):0021C19F=00( ); RAM(w):0021C19F=00( ); RealRAM(w):001BC19F=00( ); Physical(w):0021C198=10(); RAM(w):0021C198=10(); RealRAM(w):001BC198=10(); Physical(w):0021C199=00( ); RAM(w):0021C199=00( ); RealRAM(w):001BC199=00( ); Physical(w):0021C19A=00( ); RAM(w):0021C19A=00( ); RealRAM(w):001BC19A=00( ); Physical(w):0021C19B=00( ); RAM(w):0021C19B=00( ); RealRAM(w):001BC19B=00( ); Physical(w):0021C194=9C(?); RAM(w):0021C194=9C(?); RealRAM(w):001BC194=9C(?); Physical(w):0021C195=8D(?); RAM(w):0021C195=8D(?); RealRAM(w):001BC195=8D(?); Physical(w):0021C196=10(); RAM(w):0021C196=10(); RealRAM(w):001BC196=10(); Physical(w):0021C197=00( ); RAM(w):0021C197=00( ); RealRAM(w):001BC197=00( )
Registers:
EAX: 00219839 EBX: 00219834 ECX: ffffffff EDX: 00000000
ESP: 0021c1a4 EBP: 00219842 ESI: 00219839 EDI: 001eef78
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 00108d9b EFLAGS: 00000302
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00avr0n00odITsz0a0p1c
0010:0010a9dc 6A 00 push 00 Paged(w):C021C190=00( ); Paged(w):C021C191=00( ); Paged(w):C021C192=00( ); Paged(w):C021C193=00( ); Physical(w):0021C190=00( ); RAM(w):0021C190=00( ); RealRAM(w):001BC190=00( ); Physical(w):0021C191=00( ); RAM(w):0021C191=00( ); RealRAM(w):001BC191=00( ); Physical(w):0021C192=00( ); RAM(w):0021C192=00( ); RealRAM(w):001BC192=00( ); Physical(w):0021C193=00( ); RAM(w):0021C193=00( ); RealRAM(w):001BC193=00( )
Registers:
EAX: 00219839 EBX: 00219834 ECX: ffffffff EDX: 00000000
ESP: 0021c194 EBP: 00219842 ESI: 00219839 EDI: 001eef78
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 0010a9dc EFLAGS: 00000202
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00avr0n00odItsz0a0p1c
0010:0010a9de 68 88 B1 10 00 push 0010b188 RealRAM(p):000AA9FC=44(D); RAM(p):0010A9FC=44(D); Physical(p):0010A9FC=44(D); Paged(p):C010A9FC=44(D); Normal(p):0010A9FC=44(D); RealRAM(p):000AA9FD=FF(?); RAM(p):0010A9FD=FF(?); Physical(p):0010A9FD=FF(?); Paged(p):C010A9FD=FF(?); Normal(p):0010A9FD=FF(?); Paged(w):C021C18C=88(?); Paged(w):C021C18D=B1(?); Paged(w):C021C18E=10(); Paged(w):C021C18F=00( ); Physical(w):0021C18C=88(?); RAM(w):0021C18C=88(?); RealRAM(w):001BC18C=88(?); Physical(w):0021C18D=B1(?); RAM(w):0021C18D=B1(?); RealRAM(w):001BC18D=B1(?); Physical(w):0021C18E=10(); RAM(w):0021C18E=10(); RealRAM(w):001BC18E=10(); Physical(w):0021C18F=00( ); RAM(w):0021C18F=00( ); RealRAM(w):001BC18F=00( )
Registers:
EAX: 00219839 EBX: 00219834 ECX: ffffffff EDX: 00000000
ESP: 0021c190 EBP: 00219842 ESI: 00219839 EDI: 001eef78
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 0010a9de EFLAGS: 00000202
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00avr0n00odItsz0a0p1c
0010:0010a9e3 E9 5C FF FF FF jmpd 0010a944 RealRAM(p):000AA9FE=FF(?); RAM(p):0010A9FE=FF(?); Physical(p):0010A9FE=FF(?); Paged(p):C010A9FE=FF(?); Normal(p):0010A9FE=FF(?); RealRAM(p):000AA9FF=FF(?); RAM(p):0010A9FF=FF(?); Physical(p):0010A9FF=FF(?); Paged(p):C010A9FF=FF(?); Normal(p):0010A9FF=FF(?); RealRAM(p):000AAA00=6A(j); RAM(p):0010AA00=6A(j); Physical(p):0010AA00=6A(j); Paged(p):C010AA00=6A(j); Normal(p):0010AA00=6A(j); RealRAM(p):000AAA01=00( ); RAM(p):0010AA01=00( ); Physical(p):0010AA01=00( ); Paged(p):C010AA01=00( ); Normal(p):0010AA01=00( ); RealRAM(p):000AAA02=68(h); RAM(p):0010AA02=68(h); Physical(p):0010AA02=68(h); Paged(p):C010AA02=68(h); Normal(p):0010AA02=68(h); RealRAM(p):000AA944=0F(); RAM(p):0010A944=0F(); Physical(p):0010A944=0F(); Paged(p):C010A944=0F(); Normal(p):0010A944=0F(); RealRAM(p):000AA945=A0(?); RAM(p):0010A945=A0(?); Physical(p):0010A945=A0(?); Paged(p):C010A945=A0(?); Normal(p):0010A945=A0(?); RealRAM(p):000AA946=06(); RAM(p):0010A946=06(); Physical(p):0010A946=06(); Paged(p):C010A946=06(); Normal(p):0010A946=06(); RealRAM(p):000AA947=1E(); RAM(p):0010A947=1E(); Physical(p):0010A947=1E(); Paged(p):C010A947=1E(); Normal(p):0010A947=1E(); RealRAM(p):000AA948=50(P); RAM(p):0010A948=50(P); Physical(p):0010A948=50(P); Paged(p):C010A948=50(P); Normal(p):0010A948=50(P); RealRAM(p):000AA949=31(1); RAM(p):0010A949=31(1); Physical(p):0010A949=31(1); Paged(p):C010A949=31(1); Normal(p):0010A949=31(1); RealRAM(p):000AA94A=C0(?); RAM(p):0010A94A=C0(?); Physical(p):0010A94A=C0(?); Paged(p):C010A94A=C0(?); Normal(p):0010A94A=C0(?); RealRAM(p):000AA94B=55(U); RAM(p):0010A94B=55(U); Physical(p):0010A94B=55(U); Paged(p):C010A94B=55(U); Normal(p):0010A94B=55(U); RealRAM(p):000AA94C=57(W); RAM(p):0010A94C=57(W); Physical(p):0010A94C=57(W); Paged(p):C010A94C=57(W); Normal(p):0010A94C=57(W); RealRAM(p):000AA94D=56(V); RAM(p):0010A94D=56(V); Physical(p):0010A94D=56(V); Paged(p):C010A94D=56(V); Normal(p):0010A94D=56(V); RealRAM(p):000AA94E=52(R); RAM(p):0010A94E=52(R); Physical(p):0010A94E=52(R); Paged(p):C010A94E=52(R); Normal(p):0010A94E=52(R); RealRAM(p):000AA94F=48(H); RAM(p):0010A94F=48(H); Physical(p):0010A94F=48(H); Paged(p):C010A94F=48(H); Normal(p):0010A94F=48(H); RealRAM(p):000AA950=51(Q); RAM(p):0010A950=51(Q); Physical(p):0010A950=51(Q); Paged(p):C010A950=51(Q); Normal(p):0010A950=51(Q); RealRAM(p):000AA951=53(S); RAM(p):0010A951=53(S); Physical(p):0010A951=53(S); Paged(p):C010A951=53(S); Normal(p):0010A951=53(S); RealRAM(p):000AA952=FC(?); RAM(p):0010A952=FC(?); Physical(p):0010A952=FC(?); Paged(p):C010A952=FC(?); Normal(p):0010A952=FC(?); RealRAM(p):000AA953=31(1); RAM(p):0010A953=31(1); Physical(p):0010A953=31(1); Paged(p):C010A953=31(1); Normal(p):0010A953=31(1); RealRAM(p):000AA954=DB(?); RAM(p):0010A954=DB(?); Physical(p):0010A954=DB(?); Paged(p):C010A954=DB(?); Normal(p):0010A954=DB(?); RealRAM(p):000AA955=87(?); RAM(p):0010A955=87(?); Physical(p):0010A955=87(?); Paged(p):C010A955=87(?); Normal(p):0010A955=87(?); RealRAM(p):000AA956=44(D); RAM(p):0010A956=44(D); Physical(p):0010A956=44(D); Paged(p):C010A956=44(D); Normal(p):0010A956=44(D); RealRAM(p):000AA957=24($); RAM(p):0010A957=24($); Physical(p):0010A957=24($); Paged(p):C010A957=24($); Normal(p):0010A957=24($); RealRAM(p):000AA958=2C(,); RAM(p):0010A958=2C(,); Physical(p):0010A958=2C(,); Paged(p):C010A958=2C(,); Normal(p):0010A958=2C(,); RealRAM(p):000AA959=66(f); RAM(p):0010A959=66(f); Physical(p):0010A959=66(f); Paged(p):C010A959=66(f); Normal(p):0010A959=66(f); RealRAM(p):000AA95A=8C(?); RAM(p):0010A95A=8C(?); Physical(p):0010A95A=8C(?); Paged(p):C010A95A=8C(?); Normal(p):0010A95A=8C(?); RealRAM(p):000AA95B=EB(?); RAM(p):0010A95B=EB(?); Physical(p):0010A95B=EB(?); Paged(p):C010A95B=EB(?); Normal(p):0010A95B=EB(?); RealRAM(p):000AA95C=89(?); RAM(p):0010A95C=89(?); Physical(p):0010A95C=89(?); Paged(p):C010A95C=89(?); Normal(p):0010A95C=89(?); RealRAM(p):000AA95D=E2(?); RAM(p):0010A95D=E2(?); Physical(p):0010A95D=E2(?); Paged(p):C010A95D=E2(?); Normal(p):0010A95D=E2(?); RealRAM(p):000AA95E=87(?); RAM(p):0010A95E=87(?); Physical(p):0010A95E=87(?); Paged(p):C010A95E=87(?); Normal(p):0010A95E=87(?); RealRAM(p):000AA95F=5C(\); RAM(p):0010A95F=5C(\); Physical(p):0010A95F=5C(\); Paged(p):C010A95F=5C(\); Normal(p):0010A95F=5C(\); RealRAM(p):000AA960=24($); RAM(p):0010A960=24($); Physical(p):0010A960=24($); Paged(p):C010A960=24($); Normal(p):0010A960=24($); RealRAM(p):000AA961=28((); RAM(p):0010A961=28((); Physical(p):0010A961=28((); Paged(p):C010A961=28((); Normal(p):0010A961=28((); RealRAM(p):000AA962=50(P); RAM(p):0010A962=50(P); Physical(p):0010A962=50(P); Paged(p):C010A962=50(P); Normal(p):0010A962=50(P); RealRAM(p):000AA963=52(R); RAM(p):0010A963=52(R); Physical(p):0010A963=52(R); Paged(p):C010A963=52(R); Normal(p):0010A963=52(R)
Registers:
EAX: 00219839 EBX: 00219834 ECX: ffffffff EDX: 00000000
ESP: 0021c18c EBP: 00219842 ESI: 00219839 EDI: 001eef78
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 0010a9e3 EFLAGS: 00000202
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00avr0n00odItsz0a0p1c

So that seems to overwrite the CALL data somehow?

Further up, there's an IRETD which seems to read location 0021c1a0.

Further up, at 0010:0010a862, I see it being read at 8B 44 24 38 mov eax,dword ss:[esp+38] (ESP=21C168).

Even further up, I see it being written:

:0010a8cd CF iretd	RealRAM(p):000AA8EA=74(t); RAM(p):0010A8EA=74(t); Physical(p):0010A8EA=74(t); Paged(p):C010A8EA=74(t); Normal(p):0010A8EA=74(t); RealRAM(p):000AA8EB=0B(); RAM(p):0010A8EB=0B(); Physical(p):0010A8EB=0B(); Paged(p):C010A8EB=0B(); Normal(p):0010A8EB=0B(); RealRAM(p):000AA8EC=A1(?); RAM(p):0010A8EC=A1(?); Physical(p):0010A8EC=A1(?); Paged(p):C010A8EC=A1(?); Normal(p):0010A8EC=A1(?); RealRAM(r):001BC1A0=98(?); RAM(r):0021C1A0=98(?); Physical(r):0021C1A0=98(?); Paged(r):0021C1A0=98(?); Normal(r):C021C1A0=98(?); RealRAM(r):001BC1A1=8D(?); RAM(r):0021C1A1=8D(?); Physical(r):0021C1A1=8D(?); Paged(r):0021C1A1=8D(?); Normal(r):C021C1A1=8D(?); RealRAM(r):001BC1A2=10(); RAM(r):0021C1A2=10(); Physical(r):0021C1A2=10(); Paged(r):0021C1A2=10(); Normal(r):C021C1A2=10(); RealRAM(r):001BC1A3=00( ); RAM(r):0021C1A3=00( ); Physical(r):0021C1A3=00( ); Paged(r):0021C1A3=00( ); Normal(r):C021C1A3=00( ); RealRAM(r):001BC1A4=10(); RAM(r):0021C1A4=10(); Physical(r):0021C1A4=10(); Paged(r):0021C1A4=10(); Normal(r):C021C1A4=10(); RealRAM(r):001BC1A5=00( ); RAM(r):0021C1A5=00( ); Physical(r):0021C1A5=00( ); Paged(r):0021C1A5=00( ); Normal(r):C021C1A5=00( ); RealRAM(r):001BC1A8=46(F); RAM(r):0021C1A8=46(F); Physical(r):0021C1A8=46(F); Paged(r):0021C1A8=46(F); Normal(r):C021C1A8=46(F); RealRAM(r):001BC1A9=03(); RAM(r):0021C1A9=03(); Physical(r):0021C1A9=03(); Paged(r):0021C1A9=03(); Normal(r):C021C1A9=03(); RealRAM(r):001BC1AA=01(); RAM(r):0021C1AA=01(); Physical(r):0021C1AA=01(); Paged(r):0021C1AA=01(); Normal(r):C021C1AA=01(); RealRAM(r):001BC1AB=00( ); RAM(r):0021C1AB=00( ); Physical(r):0021C1AB=00( ); Paged(r):0021C1AB=00( ); Normal(r):C021C1AB=00( ); RealRAM(p):000A8D98=83(?); RAM(p):00108D98=83(?); Physical(p):00108D98=83(?); Paged(p):C0108D98=83(?); Normal(p):00108D98=83(?); RealRAM(p):000A8D99=EC(?); RAM(p):00108D99=EC(?); Physical(p):00108D99=EC(?); Paged(p):C0108D99=EC(?); Normal(p):00108D99=EC(?); RealRAM(p):000A8D9A=08(); RAM(p):00108D9A=08(); Physical(p):00108D9A=08(); Paged(p):C0108D9A=08(); Normal(p):00108D9A=08(); RealRAM(p):000A8D9B=55(U); RAM(p):00108D9B=55(U); Physical(p):00108D9B=55(U); Paged(p):C0108D9B=55(U); Normal(p):00108D9B=55(U); RealRAM(p):000A8D9C=57(W); RAM(p):00108D9C=57(W); Physical(p):00108D9C=57(W); Paged(p):C0108D9C=57(W); Normal(p):00108D9C=57(W); RealRAM(p):000A8D9D=56(V); RAM(p):00108D9D=56(V); Physical(p):00108D9D=56(V); Paged(p):C0108D9D=56(V); Normal(p):00108D9D=56(V); RealRAM(p):000A8D9E=53(S); RAM(p):00108D9E=53(S); Physical(p):00108D9E=53(S); Paged(p):C0108D9E=53(S); Normal(p):00108D9E=53(S); RealRAM(p):000A8D9F=8B(?); RAM(p):00108D9F=8B(?); Physical(p):00108D9F=8B(?); Paged(p):C0108D9F=8B(?); Normal(p):00108D9F=8B(?); RealRAM(p):000A8DA0=6C(l); RAM(p):00108DA0=6C(l); Physical(p):00108DA0=6C(l); Paged(p):C0108DA0=6C(l); Normal(p):00108DA0=6C(l); RealRAM(p):000A8DA1=24($); RAM(p):00108DA1=24($); Physical(p):00108DA1=24($); Paged(p):C0108DA1=24($); Normal(p):00108DA1=24($); RealRAM(p):000A8DA2=1C(); RAM(p):00108DA2=1C(); Physical(p):00108DA2=1C(); Paged(p):C0108DA2=1C(); Normal(p):00108DA2=1C(); RealRAM(p):000A8DA3=C7(?); RAM(p):00108DA3=C7(?); Physical(p):00108DA3=C7(?); Paged(p):C0108DA3=C7(?); Normal(p):00108DA3=C7(?); RealRAM(p):000A8DA4=44(D); RAM(p):00108DA4=44(D); Physical(p):00108DA4=44(D); Paged(p):C0108DA4=44(D); Normal(p):00108DA4=44(D); RealRAM(p):000A8DA5=24($); RAM(p):00108DA5=24($); Physical(p):00108DA5=24($); Paged(p):C0108DA5=24($); Normal(p):00108DA5=24($); RealRAM(p):000A8DA6=14(); RAM(p):00108DA6=14(); Physical(p):00108DA6=14(); Paged(p):C0108DA6=14(); Normal(p):00108DA6=14(); RealRAM(p):000A8DA7=00( ); RAM(p):00108DA7=00( ); Physical(p):00108DA7=00( ); Paged(p):C0108DA7=00( ); Normal(p):00108DA7=00( ); RealRAM(p):000A8DA8=00( ); RAM(p):00108DA8=00( ); Physical(p):00108DA8=00( ); Paged(p):C0108DA8=00( ); Normal(p):00108DA8=00( ); RealRAM(p):000A8DA9=00( ); RAM(p):00108DA9=00( ); Physical(p):00108DA9=00( ); Paged(p):C0108DA9=00( ); Normal(p):00108DA9=00( ); RealRAM(p):000A8DAA=00( ); RAM(p):00108DAA=00( ); Physical(p):00108DAA=00( ); Paged(p):C0108DAA=00( ); Normal(p):00108DAA=00( ); RealRAM(p):000A8DAB=89(?); RAM(p):00108DAB=89(?); Physical(p):00108DAB=89(?); Paged(p):C0108DAB=89(?); Normal(p):00108DAB=89(?); RealRAM(p):000A8DAC=EE(?); RAM(p):00108DAC=EE(?); Physical(p):00108DAC=EE(?); Paged(p):C0108DAC=EE(?); Normal(p):00108DAC=EE(?); RealRAM(p):000A8DAD=BF(?); RAM(p):00108DAD=BF(?); Physical(p):00108DAD=BF(?); Paged(p):C0108DAD=BF(?); Normal(p):00108DAD=BF(?); RealRAM(p):000A8DAE=6D(m); RAM(p):00108DAE=6D(m); Physical(p):00108DAE=6D(m); Paged(p):C0108DAE=6D(m); Normal(p):00108DAE=6D(m); RealRAM(p):000A8DAF=EF(?); RAM(p):00108DAF=EF(?); Physical(p):00108DAF=EF(?); Paged(p):C0108DAF=EF(?); Normal(p):00108DAF=EF(?); RealRAM(p):000A8DB0=1E(); RAM(p):00108DB0=1E(); Physical(p):00108DB0=1E(); Paged(p):C0108DB0=1E(); Normal(p):00108DB0=1E(); RealRAM(p):000A8DB1=00( ); RAM(p):00108DB1=00( ); Physical(p):00108DB1=00( ); Paged(p):C0108DB1=00( ); Normal(p):00108DB1=00( ); RealRAM(p):000A8DB2=B9(?); RAM(p):00108DB2=B9(?); Physical(p):00108DB2=B9(?); Paged(p):C0108DB2=B9(?); Normal(p):00108DB2=B9(?); RealRAM(p):000A8DB3=05(); RAM(p):00108DB3=05(); Physical(p):00108DB3=05(); Paged(p):C0108DB3=05(); Normal(p):00108DB3=05(); RealRAM(p):000A8DB4=00( ); RAM(p):00108DB4=00( ); Physical(p):00108DB4=00( ); Paged(p):C0108DB4=00( ); Normal(p):00108DB4=00( ); RealRAM(p):000A8DB5=00( ); RAM(p):00108DB5=00( ); Physical(p):00108DB5=00( ); Paged(p):C0108DB5=00( ); Normal(p):00108DB5=00( ); RealRAM(p):000A8DB6=00( ); RAM(p):00108DB6=00( ); Physical(p):00108DB6=00( ); Paged(p):C0108DB6=00( ); Normal(p):00108DB6=00( ); RealRAM(p):000A8DB7=FC(?); RAM(p):00108DB7=FC(?); Physical(p):00108DB7=FC(?); Paged(p):C0108DB7=FC(?); Normal(p):00108DB7=FC(?); RealRAM(p):000A8D98=83(?); RAM(p):00108D98=83(?); Physical(p):00108D98=83(?); Paged(p):C0108D98=83(?); Normal(p):00108D98=83(?); RealRAM(p):000A8D99=EC(?); RAM(p):00108D99=EC(?); Physical(p):00108D99=EC(?); Paged(p):C0108D99=EC(?); Normal(p):00108D99=EC(?); RealRAM(p):000A8D9A=08(); RAM(p):00108D9A=08(); Physical(p):00108D9A=08(); Paged(p):C0108D9A=08(); Normal(p):00108D9A=08(); RealRAM(p):000A8D9B=55(U); RAM(p):00108D9B=55(U); Physical(p):00108D9B=55(U); Paged(p):C0108D9B=55(U); Normal(p):00108D9B=55(U); RealRAM(p):000A8D9C=57(W); RAM(p):00108D9C=57(W); Physical(p):00108D9C=57(W); Paged(p):C0108D9C=57(W); Normal(p):00108D9C=57(W); RealRAM(p):000A8D9D=56(V); RAM(p):00108D9D=56(V); Physical(p):00108D9D=56(V); Paged(p):C0108D9D=56(V); Normal(p):00108D9D=56(V); RealRAM(p):000A8D9E=53(S); RAM(p):00108D9E=53(S); Physical(p):00108D9E=53(S); Paged(p):C0108D9E=53(S); Normal(p):00108D9E=53(S); RealRAM(p):000A8D9F=8B(?); RAM(p):00108D9F=8B(?); Physical(p):00108D9F=8B(?); Paged(p):C0108D9F=8B(?); Normal(p):00108D9F=8B(?); RealRAM(p):000A8DA0=6C(l); RAM(p):00108DA0=6C(l); Physical(p):00108DA0=6C(l); Paged(p):C0108DA0=6C(l); Normal(p):00108DA0=6C(l); RealRAM(p):000A8DA1=24($); RAM(p):00108DA1=24($); Physical(p):00108DA1=24($); Paged(p):C0108DA1=24($); Normal(p):00108DA1=24($); RealRAM(p):000A8DA2=1C(); RAM(p):00108DA2=1C(); Physical(p):00108DA2=1C(); Paged(p):C0108DA2=1C(); Normal(p):00108DA2=1C(); RealRAM(p):000A8DA3=C7(?); RAM(p):00108DA3=C7(?); Physical(p):00108DA3=C7(?); Paged(p):C0108DA3=C7(?); Normal(p):00108DA3=C7(?); RealRAM(p):000A8DA4=44(D); RAM(p):00108DA4=44(D); Physical(p):00108DA4=44(D); Paged(p):C0108DA4=44(D); Normal(p):00108DA4=44(D); RealRAM(p):000A8DA5=24($); RAM(p):00108DA5=24($); Physical(p):00108DA5=24($); Paged(p):C0108DA5=24($); Normal(p):00108DA5=24($); RealRAM(p):000A8DA6=14(); RAM(p):00108DA6=14(); Physical(p):00108DA6=14(); Paged(p):C0108DA6=14(); Normal(p):00108DA6=14(); RealRAM(p):000A8DA7=00( ); RAM(p):00108DA7=00( ); Physical(p):00108DA7=00( ); Paged(p):C0108DA7=00( ); Normal(p):00108DA7=00( ); RealRAM(p):000A8DA8=00( ); RAM(p):00108DA8=00( ); Physical(p):00108DA8=00( ); Paged(p):C0108DA8=00( ); Normal(p):00108DA8=00( ); RealRAM(p):000A8DA9=00( ); RAM(p):00108DA9=00( ); Physical(p):00108DA9=00( ); Paged(p):C0108DA9=00( ); Normal(p):00108DA9=00( ); RealRAM(p):000A8DAA=00( ); RAM(p):00108DAA=00
Registers:
EAX: 00219839 EBX: 00219834 ECX: ffffffff EDX: 00000000
ESP: 0021c1a0 EBP: 00219842 ESI: 00219839 EDI: 001eef78
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 0010a8cd EFLAGS: 00000216
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00avr0n00odItsz0A0P1c
MMU: Reading from real(r): 000A6058=DC (?)
Reading from RAM(r): 00106058=DC (?)
Reading from physical memory(r): 00106058=DC (?)
Reading from paged memory(r): 00106058=DC (?)
MMU: Reading from real(r): 000A6059=A9 (?)
Reading from RAM(r): 00106059=A9 (?)
Reading from physical memory(r): 00106059=A9 (?)
Reading from paged memory(r): 00106059=A9 (?)
MMU: Reading from real(r): 000A605A=10 ()
Reading from RAM(r): 0010605A=10 ()
Reading from physical memory(r): 0010605A=10 ()
Reading from paged memory(r): 0010605A=10 ()
MMU: Reading from real(r): 000A605B=00 ( )
Reading from RAM(r): 0010605B=00 ( )
Reading from physical memory(r): 0010605B=00 ( )
Reading from paged memory(r): 0010605B=00 ( )
MMU: Reading from real(r): 000A605C=00 ( )
Reading from RAM(r): 0010605C=00 ( )
Reading from physical memory(r): 0010605C=00 ( )
Reading from paged memory(r): 0010605C=00 ( )
MMU: Reading from real(r): 000A605D=8F (?)
Reading from RAM(r): 0010605D=8F (?)
Reading from physical memory(r): 0010605D=8F (?)
Reading from paged memory(r): 0010605D=8F (?)
MMU: Reading from real(r): 000A605E=10 ()
Reading from RAM(r): 0010605E=10 ()
Reading from physical memory(r): 0010605E=10 ()
Reading from paged memory(r): 0010605E=10 ()
MMU: Reading from real(r): 000A605F=00 ( )
Reading from RAM(r): 0010605F=00 ( )
Reading from physical memory(r): 0010605F=00 ( )
Reading from paged memory(r): 0010605F=00 ( )
MMU: Reading from real(r): 000A6868=FF (?)
Reading from RAM(r): 00106868=FF (?)
Reading from physical memory(r): 00106868=FF (?)
Reading from paged memory(r): 00106868=FF (?)
MMU: Reading from real(r): 000A6869=FF (?)
Reading from RAM(r): 00106869=FF (?)
Reading from physical memory(r): 00106869=FF (?)
Reading from paged memory(r): 00106869=FF (?)
MMU: Reading from real(r): 000A686A=00 ( )
Reading from RAM(r): 0010686A=00 ( )
Reading from physical memory(r): 0010686A=00 ( )
Reading from paged memory(r): 0010686A=00 ( )
MMU: Reading from real(r): 000A686B=00 ( )
Reading from RAM(r): 0010686B=00 ( )
Reading from physical memory(r): 0010686B=00 ( )
Reading from paged memory(r): 0010686B=00 ( )
Show last 29 lines
MMU: Reading from real(r): 000A686C=00 ( )
Reading from RAM(r): 0010686C=00 ( )
Reading from physical memory(r): 0010686C=00 ( )
Reading from paged memory(r): 0010686C=00 ( )
MMU: Reading from real(r): 000A686D=9B (?)
Reading from RAM(r): 0010686D=9B (?)
Reading from physical memory(r): 0010686D=9B (?)
Reading from paged memory(r): 0010686D=9B (?)
MMU: Reading from real(r): 000A686E=C3 (?)
Reading from RAM(r): 0010686E=C3 (?)
Reading from physical memory(r): 0010686E=C3 (?)
Reading from paged memory(r): 0010686E=C3 (?)
MMU: Reading from real(r): 000A686F=C0 (?)
Reading from RAM(r): 0010686F=C0 (?)
Reading from physical memory(r): 0010686F=C0 (?)
Reading from paged memory(r): 0010686F=C0 (?)
0010:00108d98 83 EC 08 sub esp,08 Normal(w):C021C1A0=02(); Paged(w):0021C1A0=02(); Normal(w):C021C1A1=03(); Paged(w):0021C1A1=03(); Normal(w):C021C1A2=01(); Paged(w):0021C1A2=01(); Normal(w):C021C1A3=00( ); Paged(w):0021C1A3=00( ); Normal(w):C021C19C=10(); Paged(w):0021C19C=10(); Normal(w):C021C19D=00( ); Paged(w):0021C19D=00( ); Normal(w):C021C19E=00( ); Paged(w):0021C19E=00( ); Normal(w):C021C19F=00( ); Paged(w):0021C19F=00( ); Normal(w):C021C198=9B(?); Paged(w):0021C198=9B(?); Normal(w):C021C199=8D(?); Paged(w):0021C199=8D(?); Normal(w):C021C19A=10(); Paged(w):0021C19A=10(); Normal(w):C021C19B=00( ); Paged(w):0021C19B=00( ); RealRAM(p):000AA9DC=6A(j); RAM(p):0010A9DC=6A(j); Physical(p):0010A9DC=6A(j); Paged(p):C010A9DC=6A(j); Normal(p):0010A9DC=6A(j); RealRAM(p):000AA9DD=00( ); RAM(p):0010A9DD=00( ); Physical(p):0010A9DD=00( ); Paged(p):C010A9DD=00( ); Normal(p):0010A9DD=00( ); RealRAM(p):000AA9DE=68(h); RAM(p):0010A9DE=68(h); Physical(p):0010A9DE=68(h); Paged(p):C010A9DE=68(h); Normal(p):0010A9DE=68(h); RealRAM(p):000AA9DF=88(?); RAM(p):0010A9DF=88(?); Physical(p):0010A9DF=88(?); Paged(p):C010A9DF=88(?); Normal(p):0010A9DF=88(?); RealRAM(p):000AA9E0=B1(?); RAM(p):0010A9E0=B1(?); Physical(p):0010A9E0=B1(?); Paged(p):C010A9E0=B1(?); Normal(p):0010A9E0=B1(?); RealRAM(p):000AA9E1=10(); RAM(p):0010A9E1=10(); Physical(p):0010A9E1=10(); Paged(p):C010A9E1=10(); Normal(p):0010A9E1=10(); RealRAM(p):000AA9E2=00( ); RAM(p):0010A9E2=00( ); Physical(p):0010A9E2=00( ); Paged(p):C010A9E2=00( ); Normal(p):0010A9E2=00( ); RealRAM(p):000AA9E3=E9(?); RAM(p):0010A9E3=E9(?); Physical(p):0010A9E3=E9(?); Paged(p):C010A9E3=E9(?); Normal(p):0010A9E3=E9(?); RealRAM(p):000AA9E4=5C(\); RAM(p):0010A9E4=5C(\); Physical(p):0010A9E4=5C(\); Paged(p):C010A9E4=5C(\); Normal(p):0010A9E4=5C(\); RealRAM(p):000AA9E5=FF(?); RAM(p):0010A9E5=FF(?); Physical(p):0010A9E5=FF(?); Paged(p):C010A9E5=FF(?); Normal(p):0010A9E5=FF(?); RealRAM(p):000AA9E6=FF(?); RAM(p):0010A9E6=FF(?); Physical(p):0010A9E6=FF(?); Paged(p):C010A9E6=FF(?); Normal(p):0010A9E6=FF(?); RealRAM(p):000AA9E7=FF(?); RAM(p):0010A9E7=FF(?); Physical(p):0010A9E7=FF(?); Paged(p):C010A9E7=FF(?); Normal(p):0010A9E7=FF(?); RealRAM(p):000AA9E8=6A(j); RAM(p):0010A9E8=6A(j); Physical(p):0010A9E8=6A(j); Paged(p):C010A9E8=6A(j); Normal(p):0010A9E8=6A(j); RealRAM(p):000AA9E9=00( ); RAM(p):0010A9E9=00( ); Physical(p):0010A9E9=00( ); Paged(p):C010A9E9=00( ); Normal(p):0010A9E9=00( ); RealRAM(p):000AA9EA=68(h); RAM(p):0010A9EA=68(h); Physical(p):0010A9EA=68(h); Paged(p):C010A9EA=68(h); Normal(p):0010A9EA=68(h); RealRAM(p):000AA9EB=80(?); RAM(p):0010A9EB=80(?); Physical(p):0010A9EB=80(?); Paged(p):C010A9EB=80(?); Normal(p):0010A9EB=80(?); RealRAM(p):000AA9EC=B1(?); RAM(p):0010A9EC=B1(?); Physical(p):0010A9EC=B1(?); Paged(p):C010A9EC=B1(?); Normal(p):0010A9EC=B1(?); RealRAM(p):000AA9ED=10(); RAM(p):0010A9ED=10(); Physical(p):0010A9ED=10(); Paged(p):C010A9ED=10(); Normal(p):0010A9ED=10(); RealRAM(p):000AA9EE=00( ); RAM(p):0010A9EE=00( ); Physical(p):0010A9EE=00( ); Paged(p):C010A9EE=00( ); Normal(p):0010A9EE=00( ); RealRAM(p):000AA9EF=E9(?); RAM(p):0010A9EF=E9(?); Physical(p):0010A9EF=E9(?); Paged(p):C010A9EF=E9(?); Normal(p):0010A9EF=E9(?); RealRAM(p):000AA9F0=50(P); RAM(p):0010A9F0=50(P); Physical(p):0010A9F0=50(P); Paged(p):C010A9F0=50(P); Normal(p):0010A9F0=50(P); RealRAM(p):000AA9F1=FF(?); RAM(p):0010A9F1=FF(?); Physical(p):0010A9F1=FF(?); Paged(p):C010A9F1=FF(?); Normal(p):0010A9F1=FF(?); RealRAM(p):000AA9F2=FF(?); RAM(p):0010A9F2=FF(?); Physical(p):0010A9F2=FF(?); Paged(p):C010A9F2=FF(?); Normal(p):0010A9F2=FF(?); RealRAM(p):000AA9F3=FF(?); RAM(p):0010A9F3=FF(?); Physical(p):0010A9F3=FF(?); Paged(p):C010A9F3=FF(?); Normal(p):0010A9F3=FF(?); RealRAM(p):000AA9F4=6A(j); RAM(p):0010A9F4=6A(j); Physical(p):0010A9F4=6A(j); Paged(p):C010A9F4=6A(j); Normal(p):0010A9F4=6A(j); RealRAM(p):000AA9F5=00( ); RAM(p):0010A9F5=00( ); Physical(p):0010A9F5=00( ); Paged(p):C010A9F5=00( ); Normal(p):0010A9F5=00( ); RealRAM(p):000AA9F6=68(h); RAM(p):0010A9F6=68(h); Physical(p):0010A9F6=68(h); Paged(p):C010A9F6=68(h); Normal(p):0010A9F6=68(h); RealRAM(p):000AA9F7=A4(?); RAM(p):0010A9F7=A4(?); Physical(p):0010A9F7=A4(?); Paged(p):C010A9F7=A4(?); Normal(p):0010A9F7=A4(?); RealRAM(p):000AA9F8=AD(?); RAM(p):0010A9F8=AD(?); Physical(p):0010A9F8=AD(?); Paged(p):C010A9F8=AD(?); Normal(p):0010A9F8=AD(?); RealRAM(p):000AA9F9=10(); RAM(p):0010A9F9=10(); Physical(p):0010A9F9=10(); Paged(p):C010A9F9=10(); Normal(p):0010A9F9=10(); RealRAM(p):000AA9FA=00( ); RAM(p):0010A9FA=00( ); Physical(p):0010A9FA=00( ); Paged(p):C010A9FA=00( ); Normal(p):0010A9FA=00( ); RealRAM(p):000AA9FB=E9(?); RAM(p):0010A9FB=E9(?); Physical(p):0010A9FB=E9(?); Paged(p):C010A9FB=E9(?); Normal(p):0010A9FB=E9(?); Physical(w):0021C1A0=02(); RAM(w):0021C1A0=02(); RealRAM(w):001BC1A0=02(); Physical(w):0021C1A1=03(); RAM(w):0021C1A1=03(); RealRAM(w):001BC1A1=03(); Physical(w):0021C1A2=01(); RAM(w):0021C1A2=01(); RealRAM(w):001BC1A2=01(); Physical(w):0021C1A3=00( ); RAM(w):0021C1A3=00( ); RealRAM(w):001BC1A3=00( ); Physical(w):0021C19C=10(); RAM(w):0021C19C=10(); RealRAM(w):001BC19C=10(); Physical(w):0021C19D=00( ); RAM(w):0021C19D=00( ); RealRAM(w):001BC19D=00( ); Physical(w):0021C19E=00( ); RAM(w):0021C19E=00( ); RealRAM(w):001BC19E=00( ); Physical(w):0021C19F=00( ); RAM(w):0021C19F=00( ); RealRAM(w):001BC19F=00( ); Physical(w):0021C198=9B(?); RAM(w):0021C198=9B(?); RealRAM(w):001BC198=9B(?); Physical(w):0021C199=8D(?); RAM(w):0021C199=8D(?); RealRAM(w):001BC199=8D(?); Physical(w):0021C19A=10(); RAM(w):0021C19A=10(); RealRAM(w):001BC19A=10(); Physical(w):0021C19B=00( ); RAM(w):0021C19B=00( ); RealRAM(w):001BC19B=00( )
Registers:
EAX: 00219839 EBX: 00219834 ECX: ffffffff EDX: 00000000
ESP: 0021c1ac EBP: 00219842 ESI: 00219839 EDI: 001eef78
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 00108d98 EFLAGS: 00000346
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00avr0n00odITsZ0a0P1c

Why would a SUB instruction try to write(all those memory locations)???

Edit: So either opcode 83h(SUB) is overwriting said memory location, or the IRET is incorrectly writing to said memory location somehow? IRET isn't supposed to write to any memory, just read it? Nor is a SUB instruction using a register supposed to write to memory(opcode 83h)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 8 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just found out something odd: emulating a 80386 makes loadlin complain about not having enough memory(1MB memory installed, according to it)? But the 80486SX emulation actually succeeds and starts loading and executing Linux(partially, see above posts).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 9 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Looking at the debugging of the "add esp,08", I see it isn't writing memory. So, the offending instruction must be the IRET instruction that's doing something strange?

Edit: Odd, I see various instructions modifying said memory address, but those are simply PUSH instructions that should have been logged? But instead, it's logging a write in there when it isn't supposed to be written(except during filtered out instructions, which don't match said process completely(wrong TSS, Code segment(being in user mode instead of the filtered kernel mode used for the logs(supposed to be segment 0x23 instead of 0x10)) or different PDBR(which should be mapped differently).

So perhaps the issue is somewhere in user mode instead? I can't imagine it would switch to a different PDBR with same-memory mapping. The same could be said about the TSS(which should be a static address in Linux?).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 10 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

I've made a new log, with a paging enabled filter(previously only filtering on the CR3 value, not checking the CR0's PG bit(bit 31)).

https://www.dropbox.com/s/x1icmwy6t5ftuig/deb … 25_2127.7z?dl=0

I've disabled filtering on the code segment, so that it logs both kernel mode and user mode activity. Somewhere in user mode, said value on the stack is overwritten with a push?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 11 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Looking at it, it's managed to initialize PCI devices and detect the VGA, it seems to be somewhere inside step 16 (http://glennastory.net/boot/linux.html)? Anyone can see what's going wrong?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 12 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

This is the current full log(with memory accesses, common log format), with oddly enough not having any faults reported(which it should, as it's conditions for logging those are the same as for memory access logging(which IS logged))?

https://www.dropbox.com/s/hgn6rvac3a3j6nd/deb … 26_1659.7z?dl=0

It's booting Linux 2.0.33 ( http://archive.debian.org/debian/dists/Debian … 997-10-13/linux ) as Debian in the specified page(Debian 1.3.1).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 13 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Managed to fix the logging. One problem is that the log now is HUGE (172GB). At about 90% of the file is the first fault(searching for the 'fault'-keyword). Compressing it now...
Edit: It's uploaded now:
https://www.dropbox.com/s/4kdo0d5hmwmyte7/deb … 29_2110.7z?dl=0

Last edited by superfury on 2018-11-30, 15:18. Edited 1 time in total.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 14 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

The log contains these, leading up to the invalid memory addressing:

The attachment excerpt.txt is no longer available

Can anyone see what's happening and/or going wrong?

Looking at it executing, the stack seems to contain:

EBP 21C1A0 Some return address to an invalid function(=00219842, which is incorrect?)
??? 21C19C
??? 21C198
EBP? 21C194
EDI? 21C190
ESI? 21C18C
EBX? 21C188
ESI? 21C184
EBP? 21C180
EBX? 21C17C
EIP 21C178 (CALL returns address=00108e32) <- ESP
EBP 21C174
EDI 21C170
ESI 21C16C
EBX 21C168

Edit: Looking at that code that's going wrong, nothing seems wrong? So the cause of it is the location said value was pushed on the stack?
Edit: Said block can be found in the large 172GB (extracted) file in my previous post.

Last edited by superfury on 2018-11-30, 21:20. Edited 1 time in total.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 15 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Strange, Looking at the very first occurance of the top EIP location at 21C1A0 being written is actually a PUSH EBP instruction???

Edit: Looking from the top of the log file, the only instruction writing to said location IS the PUSH EBP instruction? So it's messing up the stack somehow? Something is pushed when it isn't supposed to?

That push instruction happens at 0010:00108d9b.

The incorrect return address that it's jumping to eventually on the RET is actually the EBP value that's pushed on the stack! Why would it be jumping back to a value that was in EBP? Jumping to the middle of the kernel stack incorrectly? Unless there's something special to execute there, but I think there's an bug somewhere in said function(though I don't have a clue which one it is in linux 2.0.33)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 16 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Hmmmm... Looking up for the cause of said instruction leads me to this:

0010:00108d98 83 EC 08 sub esp,08	Normal(w):C021C1A0=02(); Paged(w):0021C1A0=02(); Normal(w):C021C1A1=13(); Paged(w):0021C1A1=13(); Normal(w):C021C1A2=01(); Paged(w):0021C1A2=01(); Normal(w):C021C1A3=00( ); Paged(w):0021C1A3=00( ); Normal(w):C021C19C=10(); Paged(w):0021C19C=10(); Normal(w):C021C19D=00( ); Paged(w):0021C19D=00( ); Normal(w):C021C19E=00( ); Paged(w):0021C19E=00( ); Normal(w):C021C19F=00( ); Paged(w):0021C19F=00( ); Normal(w):C021C198=9B(?); Paged(w):0021C198=9B(?); Normal(w):C021C199=8D(?); Paged(w):0021C199=8D(?); Normal(w):C021C19A=10(); Paged(w):0021C19A=10(); Normal(w):C021C19B=00( ); Paged(w):0021C19B=00( ); RealRAM(p):000AA9DC=6A(j); RAM(p):0010A9DC=6A(j); Physical(p):0010A9DC=6A(j); Paged(p):C010A9DC=6A(j); Normal(p):0010A9DC=6A(j); RealRAM(p):000AA9DD=00( ); RAM(p):0010A9DD=00( ); Physical(p):0010A9DD=00( ); Paged(p):C010A9DD=00( ); Normal(p):0010A9DD=00( ); RealRAM(p):000AA9DE=68(h); RAM(p):0010A9DE=68(h); Physical(p):0010A9DE=68(h); Paged(p):C010A9DE=68(h); Normal(p):0010A9DE=68(h); RealRAM(p):000AA9DF=88(?); RAM(p):0010A9DF=88(?); Physical(p):0010A9DF=88(?); Paged(p):C010A9DF=88(?); Normal(p):0010A9DF=88(?); RealRAM(p):000AA9E0=B1(?); RAM(p):0010A9E0=B1(?); Physical(p):0010A9E0=B1(?); Paged(p):C010A9E0=B1(?); Normal(p):0010A9E0=B1(?); RealRAM(p):000AA9E1=10(); RAM(p):0010A9E1=10(); Physical(p):0010A9E1=10(); Paged(p):C010A9E1=10(); Normal(p):0010A9E1=10(); RealRAM(p):000AA9E2=00( ); RAM(p):0010A9E2=00( ); Physical(p):0010A9E2=00( ); Paged(p):C010A9E2=00( ); Normal(p):0010A9E2=00( ); RealRAM(p):000AA9E3=E9(?); RAM(p):0010A9E3=E9(?); Physical(p):0010A9E3=E9(?); Paged(p):C010A9E3=E9(?); Normal(p):0010A9E3=E9(?); RealRAM(p):000AA9E4=5C(\); RAM(p):0010A9E4=5C(\); Physical(p):0010A9E4=5C(\); Paged(p):C010A9E4=5C(\); Normal(p):0010A9E4=5C(\); RealRAM(p):000AA9E5=FF(?); RAM(p):0010A9E5=FF(?); Physical(p):0010A9E5=FF(?); Paged(p):C010A9E5=FF(?); Normal(p):0010A9E5=FF(?); RealRAM(p):000AA9E6=FF(?); RAM(p):0010A9E6=FF(?); Physical(p):0010A9E6=FF(?); Paged(p):C010A9E6=FF(?); Normal(p):0010A9E6=FF(?); RealRAM(p):000AA9E7=FF(?); RAM(p):0010A9E7=FF(?); Physical(p):0010A9E7=FF(?); Paged(p):C010A9E7=FF(?); Normal(p):0010A9E7=FF(?); RealRAM(p):000AA9E8=6A(j); RAM(p):0010A9E8=6A(j); Physical(p):0010A9E8=6A(j); Paged(p):C010A9E8=6A(j); Normal(p):0010A9E8=6A(j); RealRAM(p):000AA9E9=00( ); RAM(p):0010A9E9=00( ); Physical(p):0010A9E9=00( ); Paged(p):C010A9E9=00( ); Normal(p):0010A9E9=00( ); RealRAM(p):000AA9EA=68(h); RAM(p):0010A9EA=68(h); Physical(p):0010A9EA=68(h); Paged(p):C010A9EA=68(h); Normal(p):0010A9EA=68(h); RealRAM(p):000AA9EB=80(?); RAM(p):0010A9EB=80(?); Physical(p):0010A9EB=80(?); Paged(p):C010A9EB=80(?); Normal(p):0010A9EB=80(?); RealRAM(p):000AA9EC=B1(?); RAM(p):0010A9EC=B1(?); Physical(p):0010A9EC=B1(?); Paged(p):C010A9EC=B1(?); Normal(p):0010A9EC=B1(?); RealRAM(p):000AA9ED=10(); RAM(p):0010A9ED=10(); Physical(p):0010A9ED=10(); Paged(p):C010A9ED=10(); Normal(p):0010A9ED=10(); RealRAM(p):000AA9EE=00( ); RAM(p):0010A9EE=00( ); Physical(p):0010A9EE=00( ); Paged(p):C010A9EE=00( ); Normal(p):0010A9EE=00( ); RealRAM(p):000AA9EF=E9(?); RAM(p):0010A9EF=E9(?); Physical(p):0010A9EF=E9(?); Paged(p):C010A9EF=E9(?); Normal(p):0010A9EF=E9(?); RealRAM(p):000AA9F0=50(P); RAM(p):0010A9F0=50(P); Physical(p):0010A9F0=50(P); Paged(p):C010A9F0=50(P); Normal(p):0010A9F0=50(P); RealRAM(p):000AA9F1=FF(?); RAM(p):0010A9F1=FF(?); Physical(p):0010A9F1=FF(?); Paged(p):C010A9F1=FF(?); Normal(p):0010A9F1=FF(?); RealRAM(p):000AA9F2=FF(?); RAM(p):0010A9F2=FF(?); Physical(p):0010A9F2=FF(?); Paged(p):C010A9F2=FF(?); Normal(p):0010A9F2=FF(?); RealRAM(p):000AA9F3=FF(?); RAM(p):0010A9F3=FF(?); Physical(p):0010A9F3=FF(?); Paged(p):C010A9F3=FF(?); Normal(p):0010A9F3=FF(?); RealRAM(p):000AA9F4=6A(j); RAM(p):0010A9F4=6A(j); Physical(p):0010A9F4=6A(j); Paged(p):C010A9F4=6A(j); Normal(p):0010A9F4=6A(j); RealRAM(p):000AA9F5=00( ); RAM(p):0010A9F5=00( ); Physical(p):0010A9F5=00( ); Paged(p):C010A9F5=00( ); Normal(p):0010A9F5=00( ); RealRAM(p):000AA9F6=68(h); RAM(p):0010A9F6=68(h); Physical(p):0010A9F6=68(h); Paged(p):C010A9F6=68(h); Normal(p):0010A9F6=68(h); RealRAM(p):000AA9F7=A4(?); RAM(p):0010A9F7=A4(?); Physical(p):0010A9F7=A4(?); Paged(p):C010A9F7=A4(?); Normal(p):0010A9F7=A4(?); RealRAM(p):000AA9F8=AD(?); RAM(p):0010A9F8=AD(?); Physical(p):0010A9F8=AD(?); Paged(p):C010A9F8=AD(?); Normal(p):0010A9F8=AD(?); RealRAM(p):000AA9F9=10(); RAM(p):0010A9F9=10(); Physical(p):0010A9F9=10(); Paged(p):C010A9F9=10(); Normal(p):0010A9F9=10(); RealRAM(p):000AA9FA=00( ); RAM(p):0010A9FA=00( ); Physical(p):0010A9FA=00( ); Paged(p):C010A9FA=00( ); Normal(p):0010A9FA=00( ); RealRAM(p):000AA9FB=E9(?); RAM(p):0010A9FB=E9(?); Physical(p):0010A9FB=E9(?); Paged(p):C010A9FB=E9(?); Normal(p):0010A9FB=E9(?); Physical(w):0021C1A0=02(); RAM(w):0021C1A0=02(); RealRAM(w):001BC1A0=02(); Physical(w):0021C1A1=13(); RAM(w):0021C1A1=13(); RealRAM(w):001BC1A1=13(); Physical(w):0021C1A2=01(); RAM(w):0021C1A2=01(); RealRAM(w):001BC1A2=01(); Physical(w):0021C1A3=00( ); RAM(w):0021C1A3=00( ); RealRAM(w):001BC1A3=00( ); Physical(w):0021C19C=10(); RAM(w):0021C19C=10(); RealRAM(w):001BC19C=10(); Physical(w):0021C19D=00( ); RAM(w):0021C19D=00( ); RealRAM(w):001BC19D=00( ); Physical(w):0021C19E=00( ); RAM(w):0021C19E=00( ); RealRAM(w):001BC19E=00( ); Physical(w):0021C19F=00( ); RAM(w):0021C19F=00( ); RealRAM(w):001BC19F=00( ); Physical(w):0021C198=9B(?); RAM(w):0021C198=9B(?); RealRAM(w):001BC198=9B(?); Physical(w):0021C199=8D(?); RAM(w):0021C199=8D(?); RealRAM(w):001BC199=8D(?); Physical(w):0021C19A=10(); RAM(w):0021C19A=10(); RealRAM(w):001BC19A=10(); Physical(w):0021C19B=00( ); RAM(w):0021C19B=00( ); RealRAM(w):001BC19B=00( )
Registers:
EAX: 00219839 EBX: 00219834 ECX: ffffffff EDX: 00000000
ESP: 0021c1ac EBP: 00219842 ESI: 00219839 EDI: 001eef78
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 00108d98 EFLAGS: 00001346
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00avr0n01odITsZ0a0P1c

Said SUB doesn't throw interruots itself, but what do I see there? The Trap flag is set, which seems to throw an Single-step interrupt immediately after the ESP is decremented by 8. That might be the cause of said problem? Why is said flag set to begin with?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 17 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

I've searched for the very first occurence of the trap flag being set. First searching for trap and interrupt flag being set, then searching upwards for b0th being set.

This lead me to the following instruction at 0010:0010CA6C(POPFD) popping 9F50 into EFLAGS? Said value is at memory location 1BC19C.

Said source seems to be the following code:

0010:0010fbaf 8D 14 40 lea edx,dword ds:[eax+eax*2]	RealRAM(p):000AFBCB=D9(?); RAM(p):0010FBCB=D9(?); Physical(p):0010FBCB=D9(?); Paged(p):C010FBCB=D9(?); Normal(p):0010FBCB=D9(?); RealRAM(p):000AFBCC=FD(?); RAM(p):0010FBCC=FD(?); Physical(p):0010FBCC=FD(?); Paged(p):C010FBCC=FD(?); Normal(p):0010FBCC=FD(?); RealRAM(p):000AFBCD=FF(?); RAM(p):0010FBCD=FF(?); Physical(p):0010FBCD=FF(?); Paged(p):C010FBCD=FF(?); Normal(p):0010FBCD=FF(?); RealRAM(p):000AFBCE=FF(?); RAM(p):0010FBCE=FF(?); Physical(p):0010FBCE=FF(?); Paged(p):C010FBCE=FF(?); Normal(p):0010FBCE=FF(?)
Registers:
EAX: 01888a70 EBX: 00023f72 ECX: 00000ce7 EDX: 0013a085
ESP: 0021c1a0 EBP: 0000001d ESI: 00622299 EDI: 0000000a
CS: 0010 DS: 0018 ES: 0018 FS: 0018 GS: 0018 SS: 0018 TR: 0040 LDTR: 0048
EIP: 0010fbaf EFLAGS: 00047412
CR0: 80050037 CR1: 00000000 CR2: 00000000 CR3: 00101000
CR4: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0106858203f IDTR: 0000c010605007ff
FLAGSINFO: 0000000000i00Avr0N11oDitsz0A0p1c

Multiplying some 32-bit value with 3, then simply loading it in the flags can't be correct? That's not something sane code will do, clobbering the flags?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 18 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Can anyone see why such a strange value is loaded into the EFLAGS? Afaik such a thing shouldn't happen on a real CPU? Vladstamate? Jepael? Reenigne?

Edit: Just tried running the 386 testsuite(the one with CWSDPMI) from the QEMU thread. It immediately triple faults?
Edit: Looking at the logs of it (it's the testsuite from the 7z archive on x86 CPU emulation test suite? ), I see a task switch to 0070:0000 being executed over and over again, eventually triple faulting? It's in the middle of the task switch, loading the new task register descriptor from RAM(after the steps before that), which is the last step before committing to the new task, at which point it seems to fault on the descriptor being invalid somehow using a general protection fault?

Last edited by superfury on 2018-12-15, 12:48. Edited 1 time in total.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 19 of 25, by superfury

User metadata
Rank l33t++
Rank
l33t++

Would it be possible to use the most recent stack frame being setup(together with memory dumps) to determine the cause of the problem(using the linux source code) somehow? That way I at least know what it's trying to do(and maybe able to find the point it's faulting on, using the base loaded address(0x100000))? CWSDPMI(Since the test-i386.c doesn't contain such code afaik) is trying to JMP from task 0070 to task 0070? That isn't allowed to happen? I see that happening over and over again?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io