Windows 3.11 setup issues in UniPCemu?

Emulation of old PCs, PC hardware, or PC peripherals.

Windows 3.11 setup issues in UniPCemu?

Postby superfury » 2018-8-06 @ 18:01

Within UniPCemu, I notice that Windows 3.0 in 386-mode triple faults at/during it's very first Page fault handling VxD driver call. I see it tries to call the VxD driver using the interrupt 0x20 VxD page driver call, but before it manages to return, it crashes.

Anyone has a bit of knowledge on Windows 3.0's page fault handling and accompanying VxD driver calls can help me out on this?
Last edited by superfury on 2018-8-14 @ 04:58, edited 2 times in total.
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults on first Paging VxD call?

Postby superfury » 2018-8-09 @ 17:27

Hmmmm.... Having fixed a bug that made limit checks against a sign extended version of the windows kernel address(8000XXXX becoming offset FFFFFFFF8000XXXX instead of it's proper checking address), it once again reaches said interrupt 0x20 VxD driver call, after which it simply somehow returns to the MS-DOS 5.0 prompt instead of continuing to boot Windows? Maybe some problem in the VxD driver or it's handler? It's ending up a 0028:80005FC2, according to the debugger(flat code segment)?

It seems that handler tries to access offset 06F4011E, which isn't mapped in the virtual memory? It seems to happen at 0028:802000BD, during a 32-bit operand size MOVZX instruction with an offset pointing there?

Edit: Looking at disassembler output, it's a "movzx eax,WORD PTR [esi]", with ESI seemingly being an invalid address according to the paging unit?

This is what happens, in a simple instruction log:
debugger_20180809_2041.zip
What happens. Common log format, no registers/memory transactions.
(263.88 KiB) Downloaded 2 times


Edit: Created a new, full log with registers/memory transactions.
debugger_20180809_2041_fulllog.zip
Improved, full log with registers/memory transactions.
(136.24 KiB) Downloaded 1 time


Anyone? What happens in your emulator Vladstamate? Or maybe even better(known to probably be having a booting Windows 3.1 installation) Hottobar?
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby hottobar » 2018-8-10 @ 16:37

0028:802000b0 8B 75 E4 mov esi,dword ss:[ebp-1c]

See what is the value in memory of ss:[ebp-1c] (30:80013294), maybe you're loading the wrong data.
Check if SS is correctly set, maybe it should not be 0x30?
Verify that the value of EBP: 800132b0 is correct.
The possibilities are countless...
User avatar
hottobar
Newbie
 
Posts: 49
Joined: 2014-4-21 @ 17:00

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-10 @ 17:20

That seems to have been loaded at line 7115:
Code: Select all
0028:8020001d 89 45 E4 mov dword ss:[ebp-1c],eax


That value originates from the instruction before it:
Code: Select all
   Paged(w):0018A284=00( ); Physical(w):0018A284=00( ); RAM(w):0018A284=00( ); Paged(w):0018A285=00( ); Physical(w):0018A285=00( ); RAM(w):0018A285=00( ); Paged(w):0018A286=00( ); Physical(w):0018A286=00( ); RAM(w):0018A286=00( ); Paged(w):0018A287=00( ); Physical(w):0018A287=00( ); RAM(w):0018A287=00( )
   RAM(p):0018F015=F3(ó); Physical(p):0018F015=F3(ó); Paged(p):0018F015=F3(ó); RAM(p):0018F016=AB(«); Physical(p):0018F016=AB(«); Paged(p):0018F016=AB(«); RAM(p):0018F017=8B(‹); Physical(p):0018F017=8B(‹); Paged(p):0018F017=8B(‹); RAM(p):0018F018=75(u); Physical(p):0018F018=75(u); Paged(p):0018F018=75(u); RAM(p):0018F019=08(); Physical(p):0018F019=08(); Paged(p):0018F019=08(); RAM(p):0018F01A=8B(‹); Physical(p):0018F01A=8B(‹); Paged(p):0018F01A=8B(‹); RAM(p):0018F01B=46(F); Physical(p):0018F01B=46(F); Paged(p):0018F01B=46(F); RAM(p):0018F01C=02(); Physical(p):0018F01C=02(); Paged(p):0018F01C=02(); RAM(p):0018F01D=89(‰); Physical(p):0018F01D=89(‰); Paged(p):0018F01D=89(‰); RAM(p):0018F01E=45(E); Physical(p):0018F01E=45(E); Paged(p):0018F01E=45(E); RAM(p):0018F01F=E4(ä); Physical(p):0018F01F=E4(ä); Paged(p):0018F01F=E4(ä); RAM(p):0018F020=8B(‹); Physical(p):0018F020=8B(‹); Paged(p):0018F020=8B(‹); RAM(p):0018F021=46(F); Physical(p):0018F021=46(F); Paged(p):0018F021=46(F); RAM(p):0018F022=06(); Physical(p):0018F022=06(); Paged(p):0018F022=06(); RAM(p):0018F023=89(‰); Physical(p):0018F023=89(‰); Paged(p):0018F023=89(‰); RAM(p):0018F024=45(E); Physical(p):0018F024=45(E); Paged(p):0018F024=45(E)
   RAM(r):0018A2B8=00( ); Physical(r):0018A2B8=00( ); Paged(r):0018A2B8=00( ); RAM(r):0018A2B9=00( ); Physical(r):0018A2B9=00( ); Paged(r):0018A2B9=00( ); RAM(r):0018A2BA=00( ); Physical(r):0018A2BA=00( ); Paged(r):0018A2BA=00( ); RAM(r):0018A2BB=00( ); Physical(r):0018A2BB=00( ); Paged(r):0018A2BB=00( ); RAM(p):0018F025=E0(à); Physical(p):0018F025=E0(à); Paged(p):0018F025=E0(à); RAM(p):0018F026=0F(); Physical(p):0018F026=0F(); Paged(p):0018F026=0F(); RAM(p):0018F027=B7(·); Physical(p):0018F027=B7(·); Paged(p):0018F027=B7(·); RAM(p):0018F028=06(); Physical(p):0018F028=06(); Paged(p):0018F028=06(); RAM(p):0018F029=A3(£); Physical(p):0018F029=A3(£); Paged(p):0018F029=A3(£)
0028:80200017 8B 75 08 mov esi,dword ss:[ebp+08]
Registers:
EAX: 00000000 EBX: 00002069 ECX: 00000000 EDX: 00008010
ESP: 800131f8 EBP: 800132b0 ESI: 00016f5a EDI: 80013288
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 80200017 EFLAGS: 00003056
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditsZ0A0P1c
   RAM(r):001BB003=00( ); Physical(r):001BB003=00( ); Paged(r):001BB003=00( ); RAM(r):001BB002=1B(); Physical(r):001BB002=1B(); Paged(r):001BB002=1B(); RAM(r):001BB001=C2(Â); Physical(r):001BB001=C2(Â); Paged(r):001BB001=C2(Â); RAM(r):001BB000=27('); Physical(r):001BB000=27('); Paged(r):001BB000=27('); RAM(r):001BC003=00( ); Physical(r):001BC003=00( ); Paged(r):001BC003=00( ); RAM(r):001BC002=00( ); Physical(r):001BC002=00( ); Paged(r):001BC002=00( ); RAM(r):001BC001=00( ); Physical(r):001BC001=00( ); Paged(r):001BC001=00( ); RAM(r):001BC000=07(); Physical(r):001BC000=07(); Paged(r):001BC000=07(); Paged(w):001BC000=27('); Paged(w):001BC001=00( ); Paged(w):001BC002=00( ); Paged(w):001BC003=00( ); RAM(r):00000002=1E(); Physical(r):00000002=1E(); Paged(r):00000002=1E(); RAM(r):00000003=01(); Physical(r):00000003=01(); Paged(r):00000003=01(); RAM(r):00000004=F4(ô); Physical(r):00000004=F4(ô); Paged(r):00000004=F4(ô); RAM(r):00000005=06(); Physical(r):00000005=06(); Paged(r):00000005=06(); Physical(w):001BC000=27('); RAM(w):001BC000=27('); Physical(w):001BC001=00( ); RAM(w):001BC001=00( ); Physical(w):001BC002=00( ); RAM(w):001BC002=00( ); Physical(w):001BC003=00( ); RAM(w):001BC003=00( )
0028:8020001a 8B 46 02 mov eax,dword ds:[esi+02]
Registers:
EAX: 00000000 EBX: 00002069 ECX: 00000000 EDX: 00008010
ESP: 800131f8 EBP: 800132b0 ESI: 00000000 EDI: 80013288
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 8020001a EFLAGS: 00003056
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditsZ0A0P1c
   RAM(p):0018F02A=80(€); Physical(p):0018F02A=80(€); Paged(p):0018F02A=80(€); RAM(p):0018F02B=B9(¹); Physical(p):0018F02B=B9(¹); Paged(p):0018F02B=B9(¹); RAM(p):0018F02C=00( ); Physical(p):0018F02C=00( ); Paged(p):0018F02C=00( ); RAM(p):0018F02D=80(€); Physical(p):0018F02D=80(€); Paged(p):0018F02D=80(€); RAM(p):0018F02E=8B(‹); Physical(p):0018F02E=8B(‹); Paged(p):0018F02E=8B(‹); RAM(p):0018F02F=46(F); Physical(p):0018F02F=46(F); Paged(p):0018F02F=46(F)
   Paged(w):0018A294=1E(); Physical(w):0018A294=1E(); RAM(w):0018A294=1E(); Paged(w):0018A295=01(); Physical(w):0018A295=01(); RAM(w):0018A295=01(); Paged(w):0018A296=F4(ô); Physical(w):0018A296=F4(ô); RAM(w):0018A296=F4(ô); Paged(w):0018A297=06(); Physical(w):0018A297=06(); RAM(w):0018A297=06()
0028:8020001d 89 45 E4 mov dword ss:[ebp-1c],eax
Registers:
EAX: 06f4011e EBX: 00002069 ECX: 00000000 EDX: 00008010
ESP: 800131f8 EBP: 800132b0 ESI: 00000000 EDI: 80013288
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 8020001d EFLAGS: 00003056
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff


So it's written at 018A1294 on the stack. It's value is read immediately before it from address 00000002 in physical RAM. That's because it points there using ESI+02, with ESI being cleared. It looks like it's reading an IVT entry there, probably one set up during boot(The MS-DOS segment 011E of the DIV0 handler as well as the offset of the NMI handler, in one dword read operation). So ESI is cleared, while it obviously shouldn't be for some reason? It doesn't make sense to read two IVT half-entries in one DWORD read operation. So it's obvious ESI should definitely NOT be zeroed there(evidenced by it returning to a fully working MS-DOS prompt after the second Page fault). Now the question: where did ESI come from?

The instruction before that solves that:
Code: Select all
0028:80200017 8B 75 08 mov esi,dword ss:[ebp+08]


So EBP+08 is the source of the 0 value loaded into ESI.

Looking for the stack frame being set up, I've found line 7239. There's 11 PUSH EAX(EAX being cleared) above that. That's quite odd? Above that, there's a PUSH push 00023000. Above that another 15 PUSH EAX(50h) instructions. Another odd part(corrupted memory?). Right above that is some setup of a GDT entry(entry 0018) for a LDT and loading said descriptor into the LDTR. Only directly after that, things go a bit weird(or at least it looks like weird code)? Or is it some odd setup for a stack frame? Maybe something being unfilled there(some stack-based variables not being set as supposed to(looking at simple stack frame for a c/c++ program)?

I see it then calling some subroutine that might be somehow translating an address into a physical one(I see a physical address endung up in ESI, if I remember the logs I've just read correctly). Hmmmm....

I see it's setting up a task at the same selector, then loading it for usage through ltr. Then another task is loaded. It's TSS is at virtual address 80010390.
Then it loads a NULL LDT. Then there's the earlier mentioned 15 0h pushes(using EAX), then 00023000(seems to be EFLAGS?), then another 11 EAX(=0) pushes. So 27 doubleword pushes on the stack and loading EBP with the stack base, with EBP+2C corresponding to EFLAGS in the TSS on the stack?

80013390 is the original EBP value of when setting up the TSS frame. the EFLAGS being located at 800133bc. So that's two DWORDs, then followed by the TSS at SS:[BP+02]. Eventually, the subroutine returns to the caller. The caller seems to load the TSS descriptor location into ESI.

The ebp seems to start at logical location 80013390. When adding the offset of EFLAGS within the same-address structure, I end up at 800133bc(assumed eflags location)-24(offset of eflags within the TSS)-80013390(the base address of the stack frame)=offset 8 within the generated stack frame, at ebp+08.

Looking in the middle, there's an ENTER instruction(which has the ebp mentioned as the stack frame, adding a8 bytes of data to a new stack frame). Immediately after that, it pushes ESI(at 80013200 paged) and then edi(at 800131fc).
It then loads the EDI register from 80013208(so EBP-A8), so it's pointing to the bottom of the newly generated stack frame(ebp-ac being esi, ebp-f0 being the edi register of the caller)?

So far so good. Then it clears the low 32-dwords of the stack frame, using a simple rep stosd.

Then it loads ESI from the value at [EBP+08]. But EBP contains the previous stack pointer, EBP+04 being the call return address, and EBP+08 being the vakue push esi pushed before that, at line 7462(value 16f5a). That invalid load happens at line 7689? Something's very wrong there? It reads zeroes instead? The original value was at logical address 800132B8. The addresses match! Something's wrong there!
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-11 @ 10:25

debugger_20180811_1211.zip
Fixed paged addressing
(151.97 KiB) Not downloaded yet

A little fix, fixing the physical addresses, also allowing page-crossing accesses on the BIU. I've also improved logging of logical("Paged" in the log) addresses, now reporting the proper address(instead of the physical addresses it logged earlier). I've also added the missing segmented("normal" in the log) logging of BIU prefetch accesses. So now all memory accesses show up properly(the memory accesses ending on the paged layer(missing it's normal layer) in a different format being special accesses(either TSS accesses or descriptor table accesses).

Although the paged layer is always active, even in real mode, since it's always used to map(directly).

Edit: Just modified it to only report the Paging layer when it's used. Now it reports Paging accesses(Page tables) only until the physical layer(as there is no Paging layer in effect for Page tables and Page Directories.

debugger_20180811_1307.zip
Improved Paging reporting, only when it's active.
(150.37 KiB) Not downloaded yet


Edit: Looking at line 7463:
Code: Select all
   RAM(p):001916DC=04(); Physical(p):001916DC=04(); Paged(p):802026DC=04(); Normal(p):802026DC=04(); RAM(p):001916DD=80(€); Physical(p):001916DD=80(€); Paged(p):802026DD=80(€); Normal(p):802026DD=80(€); RAM(p):001916DE=3D(=); Physical(p):001916DE=3D(=); Paged(p):802026DE=3D(=); Normal(p):802026DE=3D(=); RAM(p):001916DF=00( ); Physical(p):001916DF=00( ); Paged(p):802026DF=00( ); Normal(p):802026DF=00( ); RAM(p):001916E0=34(4); Physical(p):001916E0=34(4); Paged(p):802026E0=34(4); Normal(p):802026E0=34(4); RAM(p):001916E1=01(); Physical(p):001916E1=01(); Paged(p):802026E1=01(); Normal(p):802026E1=01(); RAM(p):001916E2=80(€); Physical(p):001916E2=80(€); Paged(p):802026E2=80(€); Normal(p):802026E2=80(€); RAM(p):001916E3=01(); Physical(p):001916E3=01(); Paged(p):802026E3=01(); Normal(p):802026E3=01()
   Physical(w):00191EF0=28((); RAM(w):00191EF0=28((); Physical(w):00191EF1=0F(); RAM(w):00191EF1=0F(); Paged(w):80202EF1=0F(); Physical(w):00191EF2=01(); RAM(w):00191EF2=01(); Paged(w):80202EF2=01(); Physical(w):00191EF3=00( ); RAM(w):00191EF3=00( ); Paged(w):80202EF3=00( )
0028:802026cf A3 F0 2E 20 80 mov dword ds:[80202ef0],eax
Registers:
EAX: 00010f28 EBX: 00002069 ECX: 00002fd0 EDX: 00008010
ESP: 800132b8 EBP: 80013390 ESI: 00016f5a EDI: 80100000
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 802026cf EFLAGS: 00003097
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditSz0A0P1C
   Paged(w):800132B5=6F(o); Paged(w):800132B6=01(); Paged(w):800132B7=00( ); Physical(w):0018A2B4=5A(Z); RAM(w):0018A2B4=5A(Z); Physical(w):0018A2B5=6F(o); RAM(w):0018A2B5=6F(o); Physical(w):0018A2B6=01(); RAM(w):0018A2B6=01(); Physical(w):0018A2B7=00( ); RAM(w):0018A2B7=00( )
0028:802026d4 56 push esi
Registers:
EAX: 00010f28 EBX: 00002069 ECX: 00002fd0 EDX: 00008010
ESP: 800132b8 EBP: 80013390 ESI: 00016f5a EDI: 80100000
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 802026d4 EFLAGS: 00003097
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditSz0A0P1C
   Paged(w):800132B1=26(&); Paged(w):800132B2=20( ); Paged(w):800132B3=80(€); RAM(p):001916E4=75(u); Physical(p):001916E4=75(u); Paged(p):802026E4=75(u); Normal(p):802026E4=75(u); RAM(p):001916E5=10(); Physical(p):001916E5=10(); Paged(p):802026E5=10(); Normal(p):802026E5=10(); RAM(p):001916E6=56(V); Physical(p):001916E6=56(V); Paged(p):802026E6=56(V); Normal(p):802026E6=56(V); RAM(p):001916E7=B0(°); Physical(p):001916E7=B0(°); Paged(p):802026E7=B0(°); Normal(p):802026E7=B0(°); RAM(p):001916E8=01(); Physical(p):001916E8=01(); Paged(p):802026E8=01(); Normal(p):802026E8=01(); RAM(p):001916E9=66(f); Physical(p):001916E9=66(f); Paged(p):802026E9=66(f); Normal(p):802026E9=66(f); Physical(w):0018A2B0=DA(Ú); RAM(w):0018A2B0=DA(Ú); Physical(w):0018A2B1=26(&); RAM(w):0018A2B1=26(&); Physical(w):0018A2B2=20( ); RAM(w):0018A2B2=20( ); Physical(w):0018A2B3=80(€); RAM(w):0018A2B3=80(€)
0028:802026d5 E8 26 D9 FF FF calld 80200000
Registers:
EAX: 00010f28 EBX: 00002069 ECX: 00002fd0 EDX: 00008010
ESP: 800132b4 EBP: 80013390 ESI: 00016f5a EDI: 80100000
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 802026d5 EFLAGS: 00003097
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditSz0A0P1C
   RAM(r):001BB803=00( ); Physical(r):001BB803=00( ); RAM(r):001BB802=1B(); Physical(r):001BB802=1B(); RAM(r):001BB801=D2(Ò); Physical(r):001BB801=D2(Ò); RAM(r):001BB800=27('); Physical(r):001BB800=27('); RAM(r):001BD803=00( ); Physical(r):001BD803=00( ); RAM(r):001BD802=18(); Physical(r):001BD802=18(); RAM(r):001BD801=F2(ò); Physical(r):001BD801=F2(ò); RAM(r):001BD800=07(); Physical(r):001BD800=07(); Physical(w):001BD800=27('); RAM(w):001BD800=27('); Physical(w):001BD801=F2(ò); RAM(w):001BD801=F2(ò); Physical(w):001BD802=18(); RAM(w):001BD802=18(); Physical(w):001BD803=00( ); RAM(w):001BD803=00( )
   RAM(p):0018F000=C8(È); Physical(p):0018F000=C8(È); Paged(p):80200000=C8(È); Normal(p):80200000=C8(È); RAM(p):0018F001=A8(¨); Physical(p):0018F001=A8(¨); Paged(p):80200001=A8(¨); Normal(p):80200001=A8(¨); RAM(p):0018F002=00( ); Physical(p):0018F002=00( ); Paged(p):80200002=00( ); Normal(p):80200002=00( ); RAM(p):0018F003=00( ); Physical(p):0018F003=00( ); Paged(p):80200003=00( ); Normal(p):80200003=00( ); RAM(p):0018F004=56(V); Physical(p):0018F004=56(V); Paged(p):80200004=56(V); Normal(p):80200004=56(V); RAM(p):0018F005=57(W); Physical(p):0018F005=57(W); Paged(p):80200005=57(W); Normal(p):80200005=57(W); RAM(p):0018F006=53(S); Physical(p):0018F006=53(S); Paged(p):80200006=53(S); Normal(p):80200006=53(S); RAM(p):0018F007=8D(); Physical(p):0018F007=8D(); Paged(p):80200007=8D(); Normal(p):80200007=8D(); RAM(p):0018F008=BD(½); Physical(p):0018F008=BD(½); Paged(p):80200008=BD(½); Normal(p):80200008=BD(½); RAM(p):0018F009=58(X); Physical(p):0018F009=58(X); Paged(p):80200009=58(X); Normal(p):80200009=58(X); RAM(p):0018F00A=FF(ÿ); Physical(p):0018F00A=FF(ÿ); Paged(p):8020000A=FF(ÿ); Normal(p):8020000A=FF(ÿ); RAM(p):0018F00B=FF(ÿ); Physical(p):0018F00B=FF(ÿ); Paged(p):8020000B=FF(ÿ); Normal(p):8020000B=FF(ÿ); RAM(p):0018F00C=FF(ÿ); Physical(p):0018F00C=FF(ÿ); Paged(p):8020000C=FF(ÿ); Normal(p):8020000C=FF(ÿ); RAM(p):0018F00D=33(3); Physical(p):0018F00D=33(3); Paged(p):8020000D=33(3); Normal(p):8020000D=33(3); RAM(p):0018F00E=C0(À); Physical(p):0018F00E=C0(À); Paged(p):8020000E=C0(À); Normal(p):8020000E=C0(À); RAM(p):0018F00F=B9(¹); Physical(p):0018F00F=B9(¹); Paged(p):8020000F=B9(¹); Normal(p):8020000F=B9(¹)
   RAM(p):0018F010=20( ); Physical(p):0018F010=20( ); Paged(p):80200010=20( ); Normal(p):80200010=20( ); RAM(p):0018F011=00( ); Physical(p):0018F011=00( ); Paged(p):80200011=00( ); Normal(p):80200011=00( ); RAM(p):0018F012=00( ); Physical(p):0018F012=00( ); Paged(p):80200012=00( ); Normal(p):80200012=00( ); RAM(p):0018F013=00( ); Physical(p):0018F013=00( ); Paged(p):80200013=00( ); Normal(p):80200013=00( )
   Physical(w):0018A2AC=90(); RAM(w):0018A2AC=90(); Physical(w):0018A2AD=33(3); RAM(w):0018A2AD=33(3); Paged(w):800132AD=33(3); Physical(w):0018A2AE=01(); RAM(w):0018A2AE=01(); Paged(w):800132AE=01(); Physical(w):0018A2AF=80(€); RAM(w):0018A2AF=80(€); Paged(w):800132AF=80(€)
0028:80200000 C8 A8 00 00 enterd 00a8,00
Registers:
EAX: 00010f28 EBX: 00002069 ECX: 00002fd0 EDX: 00008010
ESP: 800132b0 EBP: 80013390 ESI: 00016f5a EDI: 80100000
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 80200000 EFLAGS: 00003097
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditSz0A0P1C
   Paged(w):80013201=6F(o); Paged(w):80013202=01(); Paged(w):80013203=00( ); Physical(w):0018A200=5A(Z); RAM(w):0018A200=5A(Z); Physical(w):0018A201=6F(o); RAM(w):0018A201=6F(o); Physical(w):0018A202=01(); RAM(w):0018A202=01(); Physical(w):0018A203=00( ); RAM(w):0018A203=00( )
0028:80200004 56 push esi
Registers:
EAX: 00010f28 EBX: 00002069 ECX: 00002fd0 EDX: 00008010
ESP: 80013204 EBP: 800132b0 ESI: 00016f5a EDI: 80100000
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 80200004 EFLAGS: 00003097
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditSz0A0P1C
   Paged(w):800131FD=00( ); Paged(w):800131FE=10(); Paged(w):800131FF=80(€); Physical(w):0018A1FC=00( ); RAM(w):0018A1FC=00( ); Physical(w):0018A1FD=00( ); RAM(w):0018A1FD=00( ); Physical(w):0018A1FE=10(); RAM(w):0018A1FE=10(); Physical(w):0018A1FF=80(€); RAM(w):0018A1FF=80(€)
0028:80200005 57 push edi
Registers:
EAX: 00010f28 EBX: 00002069 ECX: 00002fd0 EDX: 00008010
ESP: 80013200 EBP: 800132b0 ESI: 00016f5a EDI: 80100000
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 80200005 EFLAGS: 00003097
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditSz0A0P1C


Then, at line 7703:
Code: Select all
   RAM(r):0018A2B8=00( ); Physical(r):0018A2B8=00( ); Paged(r):800132B8=00( ); RAM(r):0018A2B9=00( ); Physical(r):0018A2B9=00( ); Paged(r):800132B9=00( ); RAM(r):0018A2BA=00( ); Physical(r):0018A2BA=00( ); Paged(r):800132BA=00( ); RAM(r):0018A2BB=00( ); Physical(r):0018A2BB=00( ); Paged(r):800132BB=00( ); RAM(p):0018F025=E0(à); Physical(p):0018F025=E0(à); Paged(p):80200025=E0(à); Normal(p):80200025=E0(à); RAM(p):0018F026=0F(); Physical(p):0018F026=0F(); Paged(p):80200026=0F(); Normal(p):80200026=0F(); RAM(p):0018F027=B7(·); Physical(p):0018F027=B7(·); Paged(p):80200027=B7(·); Normal(p):80200027=B7(·); RAM(p):0018F028=06(); Physical(p):0018F028=06(); Paged(p):80200028=06(); Normal(p):80200028=06(); RAM(p):0018F029=A3(£); Physical(p):0018F029=A3(£); Paged(p):80200029=A3(£); Normal(p):80200029=A3(£)
0028:80200017 8B 75 08 mov esi,dword ss:[ebp+08]
Registers:
EAX: 00000000 EBX: 00002069 ECX: 00000000 EDX: 00008010
ESP: 800131f8 EBP: 800132b0 ESI: 00016f5a EDI: 80013288
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 80200017 EFLAGS: 00003056
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditsZ0A0P1c
   RAM(r):001BB003=00( ); Physical(r):001BB003=00( ); RAM(r):001BB002=1B(); Physical(r):001BB002=1B(); RAM(r):001BB001=C2(Â); Physical(r):001BB001=C2(Â); RAM(r):001BB000=27('); Physical(r):001BB000=27('); RAM(r):001BC003=00( ); Physical(r):001BC003=00( ); RAM(r):001BC002=00( ); Physical(r):001BC002=00( ); RAM(r):001BC001=00( ); Physical(r):001BC001=00( ); RAM(r):001BC000=07(); Physical(r):001BC000=07(); RAM(r):00000002=1E(); Physical(r):00000002=1E(); Paged(r):00000002=1E(); RAM(r):00000003=01(); Physical(r):00000003=01(); Paged(r):00000003=01(); RAM(r):00000004=F4(ô); Physical(r):00000004=F4(ô); Paged(r):00000004=F4(ô); RAM(r):00000005=06(); Physical(r):00000005=06(); Paged(r):00000005=06(); Physical(w):001BC000=27('); RAM(w):001BC000=27('); Physical(w):001BC001=00( ); RAM(w):001BC001=00( ); Physical(w):001BC002=00( ); RAM(w):001BC002=00( ); Physical(w):001BC003=00( ); RAM(w):001BC003=00( )
0028:8020001a 8B 46 02 mov eax,dword ds:[esi+02]
Registers:
EAX: 00000000 EBX: 00002069 ECX: 00000000 EDX: 00008010
ESP: 800131f8 EBP: 800132b0 ESI: 00000000 EDI: 80013288
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 8020001a EFLAGS: 00003056
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditsZ0A0P1c
   RAM(p):0018F02A=80(€); Physical(p):0018F02A=80(€); Paged(p):8020002A=80(€); Normal(p):8020002A=80(€); RAM(p):0018F02B=B9(¹); Physical(p):0018F02B=B9(¹); Paged(p):8020002B=B9(¹); Normal(p):8020002B=B9(¹); RAM(p):0018F02C=00( ); Physical(p):0018F02C=00( ); Paged(p):8020002C=00( ); Normal(p):8020002C=00( ); RAM(p):0018F02D=80(€); Physical(p):0018F02D=80(€); Paged(p):8020002D=80(€); Normal(p):8020002D=80(€); RAM(p):0018F02E=8B(‹); Physical(p):0018F02E=8B(‹); Paged(p):8020002E=8B(‹); Normal(p):8020002E=8B(‹); RAM(p):0018F02F=46(F); Physical(p):0018F02F=46(F); Paged(p):8020002F=46(F); Normal(p):8020002F=46(F)
   Physical(w):0018A294=1E(); RAM(w):0018A294=1E(); Physical(w):0018A295=01(); RAM(w):0018A295=01(); Paged(w):80013295=01(); Physical(w):0018A296=F4(ô); RAM(w):0018A296=F4(ô); Paged(w):80013296=F4(ô); Physical(w):0018A297=06(); RAM(w):0018A297=06(); Paged(w):80013297=06()
0028:8020001d 89 45 E4 mov dword ss:[ebp-1c],eax
Registers:
EAX: 06f4011e EBX: 00002069 ECX: 00000000 EDX: 00008010
ESP: 800131f8 EBP: 800132b0 ESI: 00000000 EDI: 80013288
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: 8020001d EFLAGS: 00003056
CR0: 8000fff1 CR1: 00000000 CR2: 00000000 CR3: 001bb000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00008010011c010f IDTR: 00008001008c02ff
FLAGSINFO: 00000000000000vr0n11oditsZ0A0P1c


Those two seem to be the cause of said data being lost...
Edit: Found a little bug causing the missing log of the first paged byte of multi-byte accesses requested by the BIU(e.g. the push esi and enter instructions above show that). They're still performed though(see the physical and RAM layer before the remaining three bytes).

The eventual ESI value is first loaded in EAX using logical address 800132B8. Looking further up, I see that's the value of ESP BEFORE pushing ESI, so that's something wrong. That one is written to the stack at 800132B4 properly.

Then CALL. It seems to go fine as well, writing it's return address at 800132B0.

Then ENTER. That one's going horribly wrong: EBP becomes ESP(incorrect) and ESP decreased by A8+4(the pushed EBP). So the pushes work correctly, but EBP is loaded with the value BEFORE executing the ENTER instruction, updating it to be the value of ESP BEFORE pushing EBP, instead of it's correct AFTER pushing EBP! :S
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-11 @ 12:41

Having fixed that Enter instruction bug, it now no longer faults on that point! :D

Although I eventually see it faulting on descriptor loading and eventually stack/double/triple faulting on something else further on?

debugger_20180811_1430.7z
Later error.
(849.07 KiB) Not downloaded yet
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-11 @ 13:42

A small update, throwing #GP(16B) etc. faults(set of three interrupts) in a loop? Added logging of double/triple faults and removed V86 interrupt logging.

debugger_20180811_1524.7z
Execution of Windows 3.0 until return to the command prompt?
(2.16 MiB) Not downloaded yet
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-11 @ 18:33

@barotto: Could you make a common log format log of Windows 3.0 booting in 80386 mode? Then maybe I can compare those to my logs and find out why it's crashing(double faulting on infinite faulting causing stack overflow) my emulator(it's booting fine in real mode and with /r parameter from the EMM386 being loaded(V86-mode running real-mode Windows). 80286 and 80386 both stack&triple fault(80386 on linear memory address 80201002 for a BT modr/m,10h instruction(modrm pointing to 80201000), then more faults(on interrupts in V86 mode) until eventually another page fault and double fault/triple fault).

Edit: Yay! Wfw3.11 setup finally starts without the "invalid parameter:<linebreak>" error back to MS-DOS prompt! :D
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-11 @ 19:46

I manage to get Windows 3.11 through the first two disks, but when it tries to start the graphics part, it gives me an error it cannot start Windows in Standard mode and to run "win /3" instead. It's unresponsive to input.

After restarting the emulator, win.com/exe is missing from the Windows 3.11 directory?

The exact message it gives(no faults thrown in protected mode, translation from Dutch):
Code: Select all
Cannot start Windows in Standard mode.
Try starting Windows in 386 ""enhanced""-mode by typing win /3.


563.jpg
Windows 3.11 erroring out with missing win.com.


Do you know anything about this case? I see no protected mode faults happening.
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-12 @ 11:57

Hmmmm... Immediately after starting protected mode, it checks some byte that has the value 3(jump if less(jc), which isn't taken), then immediately drops out of protected mode and seems to abort???

Edit: Another small CPU bugfix: iret/retf to higher privilege levels(resulting CS.RPL<old CPL) now properly throws a #GP(segment|table|EXT) fault(didn't before).

Booting Windows 3.11 during setup on the 80386 somehow fails? I see some interrupt 2F requests for cannonicalizing filenames(according to Ralf Brown's interrupt list), but no actual executables being loaded? Maybe that's the issue somehow?

Can you see what's going wrong(according to the interrupts thrown?)?

debugger_20180812_1343.7z
Windows 3.11 booting fails
(1.66 MiB) Not downloaded yet


Edit: Hmmm... Interresting. I see a http://www.ctyme.com/intr/rb-4498.htm call. So DosX.exe is starting up! That's one!

Edit: Just improved my CPU identification a bit based on your article on Identifying Processors(mainly adding stuck CR0 bit on 80286-, additional DX values on reset, SGDT/SIDT ignoring operand size(knew about it for the LMSW/SMSW but somehow forgot to implement it for SGDT/SIDT, including the 80286 stuck high bits:S ).

Edit: Whoops. The ET bit wasn't stuck to 1, instead it was forcing the TS bit to 1 instead. :S

Edit: Improved log after implementing said processor detection support(also mapping 80286 MSW writes to 80386 CR0 writes, adding improved detection support for stuck bits easier(also added CR0 stuck bits to the 80286).
debugger_20180812_1745.7z
Improved processor detection implemented.
(2.23 MiB) Not downloaded yet
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-12 @ 20:04

Just made a little improved log(fixing a bug that incorrectly handled logging type(affecting how it's reported) of prefetcher BIU reads from physical memory(during it's accompanying T CPU-cycles).

Also got a different copy of Windows 3.11(from a youtube video describing the setup's validity) that has less disks(6 disks instead of 9), while also being the english version instead of my earlier Dutch version(maybe a bit better for cross-referencing here, since there's not many Dutch people here afaik(save for a few I know of)).

It's the "Windows 3.11 (OEM) (3.5)" version from Winworld(that was what it was called) for reference on the used version for the log.

debugger_20180812_2006.7z
Improved logging.
(2.11 MiB) Not downloaded yet


For reference: https://www.youtube.com/watch?v=y34WhpjSLPg&t=110s at ~1:50 (when starting Windows) is the point my emulator craps out and gives me a black screen with the message Windows couldn't be started and run with /3 parameter(even though win.com/win.exe isn't copied yet:S ) instead of going into graphics mode(crashing before doing that).

Can you make a log of Windows 3.0 starting from the point it enters protected mode and onwards? Then I can compare it with my log and see what's going wrong(maybe minus the HDD/FLOPPY/CD-ROM reading part, as that's system and timing-specific). I'm running it at 3000kIPS(Dosbox-style cycles, with the BIU Prefetch Queue constantly filled after/during each instruction to perform a Dosbox-style prefetch buffer in IPS mode).

Edit: Although the memory writes look odd(being split apart by the PIQ filling from memory), the cause of that is that only after the full cycle block in IPS-mode is processed(so the memory access plus any remaining cycles that are spent on filling the PIQ FIFO) the memory writes are flushed to memory(the physical (and RAM if not a memory mapped device) layer(s)). It looks a bit odd, but that's actually the way the CPU handles memory writes atm(to prevent the writes from immediately affecting the PIQ in front of it, affecting SMC in a simple way).

So the Paged layer you see is actually writing to a simple FIFO instead of the physical layer. Said FIFO is written to the Physical layer each time the CPU finishes a block to process(either a cycle or a non-terminating cycle(a cycle that doesn't take any time, so an unfinished IPS-mode instruction still undergoing execution). Of course, any cycle(both terminating and non-terminating) can have PIQ fetches in between the processing blocks, if allowed(depending on the actual cycle timing provided by the EU in cycle-accurate mode). The Dosbox-style IPS mode is actually just a simple hack/wrapper around the cycle-accurate core(just modifying external BUS timings relative to the CPU clock), while the EU still runs in a cycle-accurate way(the IPS-clocking is applied to the hardware timing and realtime synchonization(being either 1(finished instruction) or 0(unfinished instruction) cycles). Of course, there's security preventing infinite loops there(if you were to have an infinite unfinished instruction(thus always processing 0 cycles)), which simply breaks the main loop to allow surrounding timing to update the real-time synchonization. This keeps the EU simple and portable with the IPS clocking easy to apply(for a significant speedup compared to cycle-accurate mode), while keeping maximum compatibility for the EU(which it's all about) for simple updating of code(without needing two fully implemented cores for each CPU mode).
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-12 @ 22:13

Somethings terribly wrong at an IRET at line 57762...

Code: Select all
054c:000001a9 83 C4 02 add sp,0002   RAM(p):00005676=12(); Physical(p):00005676=12(); Paged(p):00005676=12(); Normal(p):000001B6=12(); RAM(p):00005677=00( ); Physical(p):00005677=00( ); Paged(p):00005677=00( ); Normal(p):000001B7=00( ); RAM(p):00005678=EB(ë); Physical(p):00005678=EB(ë); Paged(p):00005678=EB(ë); Normal(p):000001B8=EB(ë); RAM(p):00005679=AA(ª); Physical(p):00005679=AA(ª); Paged(p):00005679=AA(ª); Normal(p):000001B9=AA(ª); RAM(p):0000567A=2E(.); Physical(p):0000567A=2E(.); Paged(p):0000567A=2E(.); Normal(p):000001BA=2E(.); RAM(p):0000567B=3B(;); Physical(p):0000567B=3B(;); Paged(p):0000567B=3B(;); Normal(p):000001BB=3B(;)
Registers:
EAX: 00000000 EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 00000045 EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 054c DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 000001a9 EFLAGS: 00003046
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsZ0a0P1c
   RAM(r):0000ED17=02(); Physical(r):0000ED17=02(); Paged(r):0000ED17=02()
   RAM(r):0000ED18=00( ); Physical(r):0000ED18=00( ); Paged(r):0000ED18=00( )
   RAM(r):0000ED19=F8(ø); Physical(r):0000ED19=F8(ø); Paged(r):0000ED19=F8(ø); RAM(r):0000ED1A=12(); Physical(r):0000ED1A=12(); Paged(r):0000ED1A=12()
   RAM(r):0000ED1B=06(); Physical(r):0000ED1B=06(); Paged(r):0000ED1B=06()
   RAM(r):0000ED1C=30(0); Physical(r):0000ED1C=30(0); Paged(r):0000ED1C=30(0)
054c:000001ac CF iret   RAM(p):00012F82=00( ); Physical(p):00012F82=00( ); Paged(p):00012F82=00( ); Normal(p):00000002=00( ); RAM(p):00012F83=00( ); Physical(p):00012F83=00( ); Paged(p):00012F83=00( ); Normal(p):00000003=00( ); RAM(p):00012F84=00( ); Physical(p):00012F84=00( ); Paged(p):00012F84=00( ); Normal(p):00000004=00( ); RAM(p):00012F85=00( ); Physical(p):00012F85=00( ); Paged(p):00012F85=00( ); Normal(p):00000005=00( ); RAM(p):00012F86=00( ); Physical(p):00012F86=00( ); Paged(p):00012F86=00( ); Normal(p):00000006=00( ); RAM(p):00012F87=00( ); Physical(p):00012F87=00( ); Paged(p):00012F87=00( ); Normal(p):00000007=00( ); RAM(p):00012F88=00( ); Physical(p):00012F88=00( ); Paged(p):00012F88=00( ); Normal(p):00000008=00( ); RAM(p):00012F89=00( ); Physical(p):00012F89=00( ); Paged(p):00012F89=00( ); Normal(p):00000009=00( ); RAM(p):00012F8A=B8(¸); Physical(p):00012F8A=B8(¸); Paged(p):00012F8A=B8(¸); Normal(p):0000000A=B8(¸); RAM(p):00012F8B=CD(Í); Physical(p):00012F8B=CD(Í); Paged(p):00012F8B=CD(Í); Normal(p):0000000B=CD(Í); RAM(p):00012F8C=0E(); Physical(p):00012F8C=0E(); Paged(p):00012F8C=0E(); Normal(p):0000000C=0E(); RAM(p):00012F8D=8E(Ž); Physical(p):00012F8D=8E(Ž); Paged(p):00012F8D=8E(Ž); Normal(p):0000000D=8E(Ž); RAM(p):00012F8E=D8(Ø); Physical(p):00012F8E=D8(Ø); Paged(p):00012F8E=D8(Ø); Normal(p):0000000E=D8(Ø); RAM(p):00012F8F=8C(Œ); Physical(p):00012F8F=8C(Œ); Paged(p):00012F8F=8C(Œ); Normal(p):0000000F=8C(Œ); RAM(p):00012F90=06(); Physical(p):00012F90=06(); Paged(p):00012F90=06(); Normal(p):00000010=06(); RAM(p):00012F91=36(6); Physical(p):00012F91=36(6); Paged(p):00012F91=36(6); Normal(p):00000011=36(6)
Registers:
EAX: 00000000 EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 00000047 EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 054c DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 000001ac EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
   RAM(r):00013189=0A( ); Physical(r):00013189=0A( ); Paged(r):00013189=0A( )
   Physical(w):00013189=0A( ); RAM(w):00013189=0A( ); Paged(w):00013189=0A( )
12f8:00000002 00 00 add byte ds:[bx+si],al
Registers:
EAX: 00000000 EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 00000002 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
   RAM(r):00013189=0A( ); Physical(r):00013189=0A( ); Paged(r):00013189=0A( ); RAM(p):00012F92=01(); Physical(p):00012F92=01(); Paged(p):00012F92=01(); Normal(p):00000012=01(); RAM(p):00012F93=8E(Ž); Physical(p):00012F93=8E(Ž); Paged(p):00012F93=8E(Ž); Normal(p):00000013=8E(Ž); RAM(p):00012F94=D0(Ð); Physical(p):00012F94=D0(Ð); Paged(p):00012F94=D0(Ð); Normal(p):00000014=D0(Ð); RAM(p):00012F95=BC(¼); Physical(p):00012F95=BC(¼); Paged(p):00012F95=BC(¼); Normal(p):00000015=BC(¼)
   Physical(w):00013189=0A( ); RAM(w):00013189=0A( ); Paged(w):00013189=0A( )
12f8:00000004 00 00 add byte ds:[bx+si],al
Registers:
EAX: 00000000 EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 00000004 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
   RAM(r):00013189=0A( ); Physical(r):00013189=0A( ); Paged(r):00013189=0A( )
   Physical(w):00013189=0A( ); RAM(w):00013189=0A( ); Paged(w):00013189=0A( )
12f8:00000006 00 00 add byte ds:[bx+si],al
Registers:
EAX: 00000000 EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 00000006 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
   RAM(r):00013189=0A( ); Physical(r):00013189=0A( ); Paged(r):00013189=0A( ); RAM(p):00012F96=00( ); Physical(p):00012F96=00( ); Paged(p):00012F96=00( ); Normal(p):00000016=00( ); RAM(p):00012F97=01(); Physical(p):00012F97=01(); Paged(p):00012F97=01(); Normal(p):00000017=01(); RAM(p):00012F98=E8(è); Physical(p):00012F98=E8(è); Paged(p):00012F98=E8(è); Normal(p):00000018=E8(è); RAM(p):00012F99=56(V); Physical(p):00012F99=56(V); Paged(p):00012F99=56(V); Normal(p):00000019=56(V)
   Physical(w):00013189=0A( ); RAM(w):00013189=0A( ); Paged(w):00013189=0A( )
12f8:00000008 00 00 add byte ds:[bx+si],al
Registers:
EAX: 00000000 EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 00000008 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
12f8:0000000a B8 CD 0E mov ax,0ecd
Registers:
EAX: 00000000 EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 0000000a EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
12f8:0000000d 8E D8 mov ds,ax   RAM(p):00012F9A=29()); Physical(p):00012F9A=29()); Paged(p):00012F9A=29()); Normal(p):0000001A=29()); RAM(p):00012F9B=0B( ); Physical(p):00012F9B=0B( ); Paged(p):00012F9B=0B( ); Normal(p):0000001B=0B( ); RAM(p):00012F9C=C0(À); Physical(p):00012F9C=C0(À); Paged(p):00012F9C=C0(À); Normal(p):0000001C=C0(À); RAM(p):00012F9D=75(u); Physical(p):00012F9D=75(u); Paged(p):00012F9D=75(u); Normal(p):0000001D=75(u); RAM(p):00012F9E=03(); Physical(p):00012F9E=03(); Paged(p):00012F9E=03(); Normal(p):0000001E=03()
Registers:
EAX: 00000ecd EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 0000000d EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
   RAM(p):00012F9F=E8(è); Physical(p):00012F9F=E8(è); Paged(p):00012F9F=E8(è); Normal(p):0000001F=E8(è); RAM(p):00012FA0=6E(n); Physical(p):00012FA0=6E(n); Paged(p):00012FA0=6E(n); Normal(p):00000020=6E(n); RAM(p):00012FA1=29()); Physical(p):00012FA1=29()); Paged(p):00012FA1=29()); Normal(p):00000021=29()); RAM(p):00012FA2=1E(); Physical(p):00012FA2=1E(); Paged(p):00012FA2=1E(); Normal(p):00000022=1E()
   Physical(w):0000EE06=CD(Í); RAM(w):0000EE06=CD(Í); Paged(w):0000EE06=CD(Í); Physical(w):0000EE07=0E(); RAM(w):0000EE07=0E(); Paged(w):0000EE07=0E()
12f8:0000000f 8C 06 36 01 mov word ds:[0136],es
Registers:
EAX: 00000ecd EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 0000000f EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
12f8:00000013 8E D0 mov ss,ax
Registers:
EAX: 00000ecd EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 00000013 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
12f8:00000015 BC 00 01 mov sp,0100   RAM(p):00012FA3=B8(¸); Physical(p):00012FA3=B8(¸); Paged(p):00012FA3=B8(¸); Normal(p):00000023=B8(¸); RAM(p):00012FA4=05(); Physical(p):00012FA4=05(); Paged(p):00012FA4=05(); Normal(p):00000024=05(); RAM(p):00012FA5=16(); Physical(p):00012FA5=16(); Paged(p):00012FA5=16(); Normal(p):00000025=16(); RAM(p):00012FA6=33(3); Physical(p):00012FA6=33(3); Paged(p):00012FA6=33(3); Normal(p):00000026=33(3); RAM(p):00012FA7=DB(Û); Physical(p):00012FA7=DB(Û); Paged(p):00012FA7=DB(Û); Normal(p):00000027=DB(Û)
Registers:
EAX: 00000ecd EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 0000004d EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 00000015 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
   Paged(w):0000EDCE=1B(); Paged(w):0000EDCF=00( ); Physical(w):0000EDCE=1B(); RAM(w):0000EDCE=1B(); Physical(w):0000EDCF=00( ); RAM(w):0000EDCF=00( )
12f8:00000018 E8 56 29 call 00002971   RAM(p):000158F1=E8(è); Physical(p):000158F1=E8(è); Paged(p):000158F1=E8(è); Normal(p):00002971=E8(è); RAM(p):000158F2=5A(Z); Physical(p):000158F2=5A(Z); Paged(p):000158F2=5A(Z); Normal(p):00002972=5A(Z); RAM(p):000158F3=FF(ÿ); Physical(p):000158F3=FF(ÿ); Paged(p):000158F3=FF(ÿ); Normal(p):00002973=FF(ÿ); RAM(p):000158F4=0B( ); Physical(p):000158F4=0B( ); Paged(p):000158F4=0B( ); Normal(p):00002974=0B( ); RAM(p):000158F5=C0(À); Physical(p):000158F5=C0(À); Paged(p):000158F5=C0(À); Normal(p):00002975=C0(À); RAM(p):000158F6=74(t); Physical(p):000158F6=74(t); Paged(p):000158F6=74(t); Normal(p):00002976=74(t); RAM(p):000158F7=13(); Physical(p):000158F7=13(); Paged(p):000158F7=13(); Normal(p):00002977=13(); RAM(p):000158F8=FE(þ); Physical(p):000158F8=FE(þ); Paged(p):000158F8=FE(þ); Normal(p):00002978=FE(þ); RAM(p):000158F9=06(); Physical(p):000158F9=06(); Paged(p):000158F9=06(); Normal(p):00002979=06(); RAM(p):000158FA=33(3); Physical(p):000158FA=33(3); Paged(p):000158FA=33(3); Normal(p):0000297A=33(3); RAM(p):000158FB=2B(+); Physical(p):000158FB=2B(+); Paged(p):000158FB=2B(+); Normal(p):0000297B=2B(+); RAM(p):000158FC=3D(=); Physical(p):000158FC=3D(=); Paged(p):000158FC=3D(=); Normal(p):0000297C=3D(=); RAM(p):000158FD=10(); Physical(p):000158FD=10(); Paged(p):000158FD=10(); Normal(p):0000297D=10(); RAM(p):000158FE=05(); Physical(p):000158FE=05(); Paged(p):000158FE=05(); Normal(p):0000297E=05(); RAM(p):000158FF=72(r); Physical(p):000158FF=72(r); Paged(p):000158FF=72(r); Normal(p):0000297F=72(r); RAM(p):00015900=0A( ); Physical(p):00015900=0A( ); Paged(p):00015900=0A( ); Normal(p):00002980=0A( )
Registers:
EAX: 00000ecd EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 00000100 EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 00000018 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
   Paged(w):0000EDCC=74(t); Paged(w):0000EDCD=29()); Physical(w):0000EDCC=74(t); RAM(w):0000EDCC=74(t); Physical(w):0000EDCD=29()); RAM(w):0000EDCD=29())
12f8:00002971 E8 5A FF call 000028ce   RAM(p):0001584E=B8(¸); Physical(p):0001584E=B8(¸); Paged(p):0001584E=B8(¸); Normal(p):000028CE=B8(¸); RAM(p):0001584F=2F(/); Physical(p):0001584F=2F(/); Paged(p):0001584F=2F(/); Normal(p):000028CF=2F(/); RAM(p):00015850=35(5); Physical(p):00015850=35(5); Paged(p):00015850=35(5); Normal(p):000028D0=35(5); RAM(p):00015851=CD(Í); Physical(p):00015851=CD(Í); Paged(p):00015851=CD(Í); Normal(p):000028D1=CD(Í); RAM(p):00015852=21(!); Physical(p):00015852=21(!); Paged(p):00015852=21(!); Normal(p):000028D2=21(!); RAM(p):00015853=8C(Œ); Physical(p):00015853=8C(Œ); Paged(p):00015853=8C(Œ); Normal(p):000028D3=8C(Œ); RAM(p):00015854=C1(Á); Physical(p):00015854=C1(Á); Paged(p):00015854=C1(Á); Normal(p):000028D4=C1(Á); RAM(p):00015855=E3(ã); Physical(p):00015855=E3(ã); Paged(p):00015855=E3(ã); Normal(p):000028D5=E3(ã); RAM(p):00015856=4D(M); Physical(p):00015856=4D(M); Paged(p):00015856=4D(M); Normal(p):000028D6=4D(M); RAM(p):00015857=8A(Š); Physical(p):00015857=8A(Š); Paged(p):00015857=8A(Š); Normal(p):000028D7=8A(Š); RAM(p):00015858=26(&); Physical(p):00015858=26(&); Paged(p):00015858=26(&); Normal(p):000028D8=26(&); RAM(p):00015859=80(€); Physical(p):00015859=80(€); Paged(p):00015859=80(€); Normal(p):000028D9=80(€); RAM(p):0001585A=2E(.); Physical(p):0001585A=2E(.); Paged(p):0001585A=2E(.); Normal(p):000028DA=2E(.); RAM(p):0001585B=84(„); Physical(p):0001585B=84(„); Paged(p):0001585B=84(„); Normal(p):000028DB=84(„); RAM(p):0001585C=E4(ä); Physical(p):0001585C=E4(ä); Paged(p):0001585C=E4(ä); Normal(p):000028DC=E4(ä); RAM(p):0001585D=75(u); Physical(p):0001585D=75(u); Paged(p):0001585D=75(u); Normal(p):000028DD=75(u)
Registers:
EAX: 00000ecd EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 000000fe EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 00002971 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
12f8:000028ce B8 2F 35 mov ax,352f
Registers:
EAX: 00000ecd EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 000000fc EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 000028ce EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c
   Paged(w):0000EDCA=06(); Paged(w):0000EDCB=30(0); RAM(p):0001585E=02(); Physical(p):0001585E=02(); Paged(p):0001585E=02(); Normal(p):000028DE=02(); RAM(p):0001585F=B4(´); Physical(p):0001585F=B4(´); Paged(p):0001585F=B4(´); Normal(p):000028DF=B4(´); RAM(p):00015860=D2(Ò); Physical(p):00015860=D2(Ò); Paged(p):00015860=D2(Ò); Normal(p):000028E0=D2(Ò); RAM(p):00015861=B0(°); Physical(p):00015861=B0(°); Paged(p):00015861=B0(°); Normal(p):000028E1=B0(°); RAM(p):00015862=00( ); Physical(p):00015862=00( ); Paged(p):00015862=00( ); Normal(p):000028E2=00( ); Physical(w):0000EDCA=06(); RAM(w):0000EDCA=06(); Physical(w):0000EDCB=30(0); RAM(w):0000EDCB=30(0)
   Physical(w):0000EDC8=F8(ø); RAM(w):0000EDC8=F8(ø); Paged(w):0000EDC8=F8(ø); Physical(w):0000EDC9=12(); RAM(w):0000EDC9=12(); Paged(w):0000EDC9=12()
   Physical(w):0000EDC6=D3(Ó); RAM(w):0000EDC6=D3(Ó); Paged(w):0000EDC6=D3(Ó); Physical(w):0000EDC7=28((); RAM(w):0000EDC7=28((); Paged(w):0000EDC7=28(()
   RAM(r):00000084=9E(ž); Physical(r):00000084=9E(ž); RAM(r):00000085=10(); Physical(r):00000085=10()
   RAM(r):00000086=1E(); Physical(r):00000086=1E(); RAM(r):00000087=01(); Physical(r):00000087=01()
01:34:52:39.02448: Interrupt 21=011E:0000109E@12F8:28D3(CD); ERRORCODE: FFFFFFFE
12f8:000028d1 CD 21 int 21   RAM(p):0000227E=90(); Physical(p):0000227E=90(); Paged(p):0000227E=90(); Normal(p):0000109E=90(); RAM(p):0000227F=90(); Physical(p):0000227F=90(); Paged(p):0000227F=90(); Normal(p):0000109F=90(); RAM(p):00002280=E8(è); Physical(p):00002280=E8(è); Paged(p):00002280=E8(è); Normal(p):000010A0=E8(è); RAM(p):00002281=CC(Ì); Physical(p):00002281=CC(Ì); Paged(p):00002281=CC(Ì); Normal(p):000010A1=CC(Ì); RAM(p):00002282=00( ); Physical(p):00002282=00( ); Paged(p):00002282=00( ); Normal(p):000010A2=00( ); RAM(p):00002283=2E(.); Physical(p):00002283=2E(.); Paged(p):00002283=2E(.); Normal(p):000010A3=2E(.); RAM(p):00002284=FF(ÿ); Physical(p):00002284=FF(ÿ); Paged(p):00002284=FF(ÿ); Normal(p):000010A4=FF(ÿ); RAM(p):00002285=2E(.); Physical(p):00002285=2E(.); Paged(p):00002285=2E(.); Normal(p):000010A5=2E(.); RAM(p):00002286=6A(j); Physical(p):00002286=6A(j); Paged(p):00002286=6A(j); Normal(p):000010A6=6A(j); RAM(p):00002287=10(); Physical(p):00002287=10(); Paged(p):00002287=10(); Normal(p):000010A7=10(); RAM(p):00002288=90(); Physical(p):00002288=90(); Paged(p):00002288=90(); Normal(p):000010A8=90(); RAM(p):00002289=90(); Physical(p):00002289=90(); Paged(p):00002289=90(); Normal(p):000010A9=90(); RAM(p):0000228A=E8(è); Physical(p):0000228A=E8(è); Paged(p):0000228A=E8(è); Normal(p):000010AA=E8(è); RAM(p):0000228B=C2(Â); Physical(p):0000228B=C2(Â); Paged(p):0000228B=C2(Â); Normal(p):000010AB=C2(Â); RAM(p):0000228C=00( ); Physical(p):0000228C=00( ); Paged(p):0000228C=00( ); Normal(p):000010AC=00( ); RAM(p):0000228D=2E(.); Physical(p):0000228D=2E(.); Paged(p):0000228D=2E(.); Normal(p):000010AD=2E(.)
Registers:
EAX: 0000352f EBX: 00000ecd ECX: 00000000 EDX: 00000001
ESP: 000000fc EBP: 00000000 ESI: 000035ec EDI: 00000078
CS: 12f8 DS: 0ecd ES: 0ecd FS: 0000 GS: 0303 SS: 0ecd TR: 0088 LDTR: 0038
EIP: 000028d1 EFLAGS: 00003006
CR0: 0000fff0 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 000000110800011f IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n11oditsz0a0P1c


Sounds like the stack got wrong somewhere in there?
Edit: Looking back up the code, that's the correct address after all(an INT 0Eh at 12F8:00000000).

Edit: Maybe that very interrupt isn't supposed to happen? It doesn't make that much sense to be calling it anyway?

It looks like it's just the value that's loaded earlier with some padding data, after which a block of code is located that was ran earlier in the code(if you look upwards from that point on), I believe it was still in protected mode there? So maybe the INT 0Eh was already an invalid instruction location to start with(EIP=0)? Maybe some uninitialized(probably unfinished) far pointer(or pointer data) somewhere? RET(F) going awry because of stack issues? Or maybe an invalid jump?

Hmmmm... Just found this: https://jdebp.eu/FGA/dos-windows-boot-process.html

The DPMI server is definitely installed. It's probably that thing that switches it back to real mode? Or maybe there's a problem within krnl386.exe or kernel.exe?

Edit: Hmmmm.... Line 56704...

Edit: Hmmmm.... Line 56679. It's data is pushed almost immediately after a call through a call gate... Maybe the call gate itself is the problem somehow?
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby Stenzek » 2018-8-13 @ 11:29

Recorded a trace of Windows 3.0 starting from the first pmode switch on my emulator, if it's any help: https://drive.google.com/file/d/1Y3fD0Q ... sp=sharing (3GB uncompressed).
It's not in the same format, but if you're looking for the processor state after a specific instruction, it might give you some clue.
Stenzek
Newbie
 
Posts: 2
Joined: 2017-12-08 @ 08:30

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-13 @ 11:49

Thanks. Just found out one problem: call gates and retf had ss and esp reversed on the stack(pushes and pop in wrong order). That might fix that issue(since pop sp works correctly now, untested though).
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.0 triple faults within first Paging VxD call?

Postby superfury » 2018-8-13 @ 12:58

Progress(No more page faults/displayed error)! But now it eventually faults on verifying a descriptor that's loaded(not looked at why yet), and after that I see lots(infinite?) of Divide by Zero exceptions?

Edit: Apparently, the cause of this is an IRET POPPing 0h values for CS&EIP(EFLAGS might be fine, though, but I doubt that(as it can be forced depending on the CPL).

Edit: The DIV0 fault happens at 0053:000013E1, apparently(continuous fault).

This is what happens in my case:
debugger_20180813_1420.7z
Log of Windows 3.11 booting from the setup.exe(from first protected mode onwards).
(932.1 KiB) Not downloaded yet


What does your emulator do with Windows 3.11 booting from setup.exe(until the graphics mode is started should be enough for now(getting the basic environment running))? Can you make a log of that?

Edit: A slight logging improvement on the BIU part of the logging process(it was incorrectly logging the previous byte written with the current address applied to it, instead of the current byte that's being written).

debugger_20180813_1842.7z
Fixed logging to log the correct byte with the used logical address.
(842.09 KiB) Not downloaded yet


Edit: Btw, could you make it in the common log format, if your emulator supports it? That's a bit more readable to compare to my emulation(since it's logging in common log format(with the addition of memory accesses, which haven't been made 'official'(as official as you can get from a WIP standard) yet)).

Edit: Hmmm... Looking for "0000EE24=" within the log reveals the times SS0 is actually looked up in the TSS. But I see non CPL0 loading it?
superfury
l33t
 
Posts: 2479
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: Windows 3.11 setup issues in UniPCemu?

Postby Stenzek » 2018-8-15 @ 03:50

I quickly modified my tracing to dump in the common log format, but there's probably still some differences in my disassembler.

Trace of Win 3.11 starting after the file copy portion (AFAICT that's all in real mode, so I'm doubting your issue is there), up until the mode switch: https://drive.google.com/file/d/1TmtaNU ... sp=sharing
Stenzek
Newbie
 
Posts: 2
Joined: 2017-12-08 @ 08:30


Return to PC Emulation

Who is online

Users browsing this forum: No registered users and 1 guest