Reply 20 of 20, by superfury
Hmmm... I see opcode C7 writing 00E0h at said location? That happens at 0053:13fe?
Edit: It ends up at that point because of some table with entries, looking for entry 0202h inside the table at 0053:2A80? Hmmm...
That starts at 0053:00002b58.
Edit: Hmmm... The start of said function(with some kind of function number in (E)AX being 0202h) is at 0053:00002b56? Perhaps, said value is invalid for that function, thus causing the E0 value to incorrectly be written to memory?
Edit: Nope, it finds it allright, at CS:2ACC.
It then takes the next entry(2D75h) and stores it at ds:[2a81] (physical&linear memory address 0003c541).
It then calls the function at 1899h.
Hmmm... It seems to push a new stack address and FLAGS on the stack, ...
Edit: That address of the next entry is pushed on the stack, then used RET on to jump to that location(0053:2D75h).
It finds the BL value lower than 0x10(being 0xD), then calls 0053:18ec(at 0053:00002d87 E8 02 F1 call 00001e8c).
Edit: It eventually returns to the faulting task at 0053:00002b9a.
Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io