Re: x86 protection checks with 32-bit and 64-bit operands?
Posted on 2019-01-11, 23:45
I seem to remember that GP will occur first because the bounds are checked before the page access is verified. It's probably the cheaper test.
Re: x86 protection checks with 32-bit and 64-bit operands?
Posted on 2019-01-09, 20:19
It seems to make sense that only first and last bytes are checked, but to verify it would seem to require a memory-mapped device that can log the order of accesses.
Re: Good MS-DOS software for validating x86 protection emulation?
Posted on 2019-01-06, 04:48
Maybe try some games instead - Into the Shadows, Airline SImulator, Greedy...
Re: x86 BT instructions use SIGNED offsets?
Posted on 2019-01-06, 04:41
Do you mean BT [EAX], Exx where Exx is -1? Yes, that's signed. It will take Exx, SAR 3, AND -3, then add to EAX, and fault on the mis-aligned address. Otherwise it's an imm8 & 0x1F, so it's not signed. Sign is meaningless there.
Re: c++ divides signed int using sar?
Posted on 2018-12-18, 17:54
SAR of -1 does not clear the MSB. It copies the sign bit into the next bit, and retains the sign bit. Also, your comments don't match your code. SHR EDX, 1F = 1, not 7FFFFFFFF. and LEA EAX, [EDX+EAX-1] isn't encoded as 8D 04 02, it's 8D 44 02 FF.
Re: 808x MUL/IMUL/DIV/IDIV/REP cycles/operation
Posted on 2018-11-21, 20:47
Yes, interrupts get serviced during REP, and that introduces the issue that if it has more than one prefix (CS: REP: xxx), one of the prefixes will be dropped. That causes the obvious effect of the wrong data being copied. I have no idea about the cycle counts, though.
Re: JMP to call gate?
Posted on 2018-10-01, 18:29
Yes, if you have pushed the return address, perhaps as a tail-call optimisation (i.e. call to a function which links to a leaf function), then you can jump through the gate to save the size of the return instruction.
Re: DOS 7.1 How to replace primary executable for command, which has executable as part of system, without real file replace
Posted on 2018-09-10, 22:17
The com vs exe vs bat matters only for files of the same name in the same directory. The path will be traversed only once, so "win.bat" earlier in the path will still run before "win.com". If you remove the "C:\WINDOWS" from the path, and then type "PING", does the mTCP Ping run?
Re: Is it safe to turn off a computer/emulator while smartdrv is running?
Posted on 2018-09-05, 23:04
Yes, if write-caching is enabled, then without the /C switch, you'll have original content instead of updated content; or in some cases, directory entries created but no backing file or incomplete FAT links, etc.
Re: x86 exception priorities during loading and/or execution?
Posted on 2018-08-04, 23:43
I think that #NP would be favoured over #PF since if it's not present then there's no reason to fetch anything. As for the others, your order is probably correct.
Re: x86 exception priorities during loading and/or execution?
Posted on 2018-08-03, 18:03
I think that the #GPF would occur before the #PF especially when the access style is illegal, and no memory is actually accessed in that case. i.e. issue a fault as soon as possible.
Re: x86 exception priorities during loading and/or execution?
Posted on 2018-08-01, 18:15
What would be a simultaneous fault in your example? It seems more like the operations follow an order for which exceptions can happen only in that strict order.
Re: Stack overflow/underflow on x86?
Posted on 2018-06-20, 16:25
Just been thinking: Are offsets 33-bits or 32-bits+carry on 32-bit x86 processors? Otherwise, a overflow during 32-bit accesses wouldn't be detected, as it silently wra[s back to offsets 0-2? The 80286 faulted on word accesses past 0xFFFF, so it had to have a least 17-bits to detect that. It might …
Re: Stack overflow/underflow on x86?
Posted on 2018-06-19, 16:29
A push with SP=1 (for example) will fault in the same way, because the stack pointer will be reduced to FFFF, and then the write will be attempted, causing an address overflow. The same thing happens for a dword push with SP=1-3. SP=0 is fine - it will subtract to FFFC and then write as usual.
Re: x86 conditional jump disassembly of multiple choices?
Posted on 2018-06-18, 15:55
66-override works for relative instructions (short and long branches and relative jumps) as expected: (E)IP is used in inverse of the CS size. So 0000FF80 JMP+007E will branch to EIP=0, for example.
Re: Default segment for EBP as an index with SIB addressing mode?
Posted on 2018-06-18, 15:37
It's DS when EBP is used like that. EBP has implicit SS override only when used as a base register.
Re: x86 CPU emulators vs Intel patents?
Posted on 2018-05-08, 16:11
I am not aware of any patents that would restrict the use of emulation of the kind that we do, since it is all "clean room" by virtue of having no access to microcode. I think that the bigger problem is the NDAs that stop people like me from describing specific things like obscure instruction …
Re: How do I use MS-DOS DEBUG to patch EXE file?
Posted on 2018-04-13, 20:15
You can make the changes interactively, but BloodyCactus is correct that the file must be renamed first so that it is not interpreted as an EXE. Note that if the file is too large for debug to load, then there is no alternative other than a hex editor.
Re: x86 CPL when entering protected mode(setting PE bit in CR0)?
Posted on 2018-04-09, 00:08
Yes, exactly that: http://pferrie.host22.com/misc/tiny/unreal.htm Any load of segment registers once CR0.PE is set will load from GDT. Ignore what I said earlier about that. The jump doesn't need to be a jump, just anything that will cause CS to be loaded, for obvious reasons.
Re: x86 CPL when entering protected mode(setting PE bit in CR0)?
Posted on 2018-04-05, 02:16
I mean that after the MOV CR0,EAX and before JMP segment:offset, what privilege mode is the JMP itself executing at? It's still real mode. Until CS is reloaded, the mode doesn't change. Even if you load selector values into the other segment registers, they will read real-mode memory at those weird …
Page 2 of 27