VOGONS


Reply 80 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

One interesting thing to note: When running certain MS-DOS games(alley cat, ultima ii) in full screen, then switching to windows using alt-carriage return works fine, starting it from the MS-DOS prompt(perhaps graphics mode switching itself) in windowed mode inside 3.1(1) causes it to somehow crash saying an invalid instruction has been encountered and to please shut down Windows and reboot?

Any idea what the cause of that might be? Does that happen in your emulator as well?

Edit: I needed to apply the following filter(excluding certain instructions from the breakpoint) until none were triggering during executing Alley Cat inside the MS-DOS prompt inside a window(WFW 3.11):
(CPU[0].oldCPUmode==3) && ((!((CPU[0].lastopcode==0xE6) || (CPU[0].lastopcode==0xCF) || (CPU[0].lastopcode==0x9C) || (CPU[0].lastopcode==0x9D) || (CPU[0].lastopcode==0xFA) || (CPU[0].lastopcode==0xFB) || (CPU[0].lastopcode==0xCD) || (CPU[0].lastopcode==0xEC) || (CPU[0].lastopcode==0xEE) || (CPU[0].lastopcode==0xE4)) && (CPU[0].lastopcode0F==0)) || (CPU[0].lastopcode0F))

oldCPUmode being the CPU mode(0=real,1=protected,3=V86), lastopcode being the current opcode that's executing, lastopcode0F being a 1-bit flag that is set during 0F-prefixed instructions.
I saw the exceptions occurring in said order(and immediately excluded them from future triggers by adding them).

Why can't alley cat run inside the MS-DOS window(when ran from the command prompt this happens, but when in fullscreen it doesn't crash)?
Edit: Could it be that the default MS-DOS prompt PIF file needs some extra settings enabled to allow graphics inside the window to be used? It seems to default to only enable text mode(it's the only one crossed in the Advanced PIF settings, the default mode being text mode)?

Edit: Changing the mode to high graphics mode, then enabling all required features(all video modes available and Alt-Enter and Alt-tab key combination), it seems to run those games fine now(so far tested Alley cat, California Games seems to hang in VGA mode(it does show itself in Full screen, though)).

Edit: After terminating California Games using Ctrl-Alt-Del then pressing Enter on the BSOD to terminate the application, MS-DOS prompt no longer starts(it immediately gives the message that an invalid instruction had been executed)?

Edit: Trying to terminate Windows after that results in it trying to execute a GRP5 /7 instruction(probably instruction 0xFFFF)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 81 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just saw something interesting running Windows 3.0a in 386 enhanced mode(just before it crashes to the MS-DOS prompt): I see it's throwing a #GP(0) fault on accessing the DS segment, which is a descriptor loaded with a limit of 0? That seems kind of strange? It's base is 0x20(which is strange as well). It's trying to access DS:[0001] at privilege level 1. The value of DS is 0x17D. The GDTR is at 0x8010011C with a limit of 0x010F. The LDTR is 0x60, with a base of 0x80636000 and a limit of 0xFFF. So that seems to be valid as well?

Comparing it to the logs, I don't see said value occurring. Perhaps it's because it's a log of Windows 3.0 instead of 3.0a(which I'm using)?
Edit: Just made another disk image with Windows 3.0(not the a-update) installed on it. Now I've still got to test if it's working...
Edit: I also see it happening at plain vanilla Windows 3.0. So there's a problem somewhere that's causing said invalid segment to be loaded into DS? Some wrong calculation somehow(although all instructions are already tested in the test386.asm testsuite)? So perhaps stack mismanagement? Or something interrupt-related?

Edit: I see it loaded for the first time at 0105:56CF. DS is 0xBD at that point during execution. The opcode is 0x8EDB. So MOV DS,BX.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 82 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just completed the Pentium emulation by implementing the few 0F opcodes that were added with it(0F30-0F32 and 0FC7, the P1+ tagged instructions at x86.refasm.net's coder32 edition). Now the only Pentium features left unimplemented are the VME extensions(PVI and the V86-mode extensions) and Machine Check Enable bits in CR4 and it's functionality(and CPUID reports 0 for them in it's leaf 1 results, so unsupported).

So that means that the basic minimum Pentium(with all known basic documented features(see CR4 register bits for it) but PVI, VME and FPU) is now feature complete(newer opcodes and all other bits and functionality in CR4 bits 2-4 are implemented now)? Or is there more needed for a minimum Pentium emulation?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 83 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just finished the improvements on the Pentium CPU emulation to also include the VME enhancements. I've based it on the below (undocumented) documentation:
https://www.felixcloutier.com/x86/
http://www.rcollins.org/articles/vme1/VME_Overview.html
http://www.rcollins.org/articles/pvi1/pvi1.html
http://www.rcollins.org/ddj/May98/May98.html
http://www.drdobbs.com/undocumented-corner/184410520
https://www.felixcloutier.com/x86/intn:into:int3:int1

It's so far untested, but a simple run and perhaps using jemm386 again(since it tries to use it by default, unlike EMM386 that's with MS-DOS and Windows 3.x) for the VME support should do the trick?

Edit: Hmmm... Strangely, on the Pentium CPU emulation, the MS-DOS prompt inside WFW 3.11 seems to hang the entire system when it starts(directly after displaying the message how to return to Windows etc.(and other information about shortcut keys), with the cursor on the next row?

Edit: Simple solution for that: just use the FreeDOS floppy disk image:D

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 84 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Hmmm... The freeDOS boot image boots fine. Then, quitting the setup and returning to the MS-DOS prompt goes fine as well. Then I tried to run "jemm386 LOAD"(of course without quotes). I see in my debugger that it's actually using the V86 VME functionality of the Pentium emulation:D

Then I see something strange on the screen. I see it throwing exception 03, then 08, Then 09, Then 08 again. Perhaps that's telling me something about the emulation correctness?

Edit: The CPU then seems to be waiting in a HLT state, perhaps for an interrupt from the interrupt controller(The interrupt flag is enabled), but I don't see any interrupts being triggered?

Edit: The 80386 seems to still run fine.
Edit: So does the Pentium with "jemm386 LOAD NOVME" from MS-DOS 6.22.
Edit: And it also runs without NOVME on MS-DOS 6.22.
So the problem is FreeDOS itself?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 85 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Hmmm... Bochs' Pragma Linux seems to triple fault almost immediately on a stack fault loading SS using LSS(on what looks like a BIOS segment(0xfxxx) and with a very strange offset(0x9xxxxxxx)? That's at what seems to be the end of the initial loading dots(boot loader?)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 86 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just found some little bugs in the 0F00 instructions: it wasn't throwing an #UD for Virtual 8086 mode execution, just using the protected-mode rules when that's the case(getcpumode()==CPU_MODE_REAL must be getcpumode()!=CPU_MODE_PROTECTED).
So now it's properly #UD faulting in V86 mode.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 87 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just tried running Doom on the Windows 3.11 MS=DOS box in windowed mode on the Pentium emulation. It seems to load until it starts the timer(the final step before graphics mode afaik?) at the bottom of the screen(or close), at which point everything seems to hang? Display doesn't change anymore and Windows is unresponsive? Ctrl+Alt+Del has no effect anymore.

Anyone?

Also, this is what happens booting Pragma Linux(just protected mode logged; from the Bochs website disks page):

Filename
debugger_pragmalinux_protectedmode_bootcrash.7z
File size
28.35 KiB
Downloads
83 downloads
File comment
Pragma Linux protected mode crash log
File license
Fair use/fair dealing exception

Anyone? It seems to load ESP,SS from RAM at 46A8 and onwards?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 88 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just tried Minix 3.3.0(minix_R3.3.0-588a35b.iso). It double faults once it starts it's kernel(init)?

1-Minix on Pentium crashes.jpg
Filename
1-Minix on Pentium crashes.jpg
File size
92.68 KiB
Views
1969 views
File comment
Minix crash on UniPCemu's Pentium emulation.
File license
Fair use/fair dealing exception

It seems to have reached a double fault in the "vm" process?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 89 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Interestingly, I see that invalid SS value during the Linux boot(Pragma Linux from the Bochs' website) being written by a REP MOVSW instruction at 9020:01CA. DS is 1300h, ES is 400h, ESI and EDI are both 0x6AC? So it's copying that invalid value from 136AC to 46AC?

Edit: Loading that address, I see some read from the hard disk drive(primary master), which is my dynamic disk image containing various apps I use to test my emulator. It writes the value 0xB0FE to said location(0x136AC)?
Edit: Whoops, that's not the linux kernel booting. It's the MS-DOS one from my hard disk image.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 90 of 591, by rasz_pl

User metadata
Rank l33t
Rank
l33t
superfury wrote:

Just tried running Doom on the Windows 3.11 MS=DOS box in windowed mode

afaik this doesnt work on real hardware either

Open Source AT&T Globalyst/NCR/FIC 486-GAC-2 proprietary Cache Module reproduction

Reply 91 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Hmmm.... I see the DMA controller writing those values to those RAM locations at 136AC and 136AD? According to the DMA transfer that does that, it's the FDC channel(DMA controller #0, channel 2)? The FDC start position of the current transfer is 0x2600, so Cylinder 0, Head 1, Sector 2(It's a normal 1.44MB formatted disk, so 80 tracks, 2 heads and 18 sectors per track). So that's LBA 19? It's the 0xAD offset within the sector. Looking at the disk image using a hex editor, it's indeed 0xD8FA at that location? So perhaps it's loading the kernel from disk into memory(as one large block read), then tries to execute/boot it, but it fails?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 92 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Hmmm... Are there any other processor test suites I can run against my Pentium emulation(or 386DX/486SX emulation)? Like Checkit Diagnostics etc.?

Edit: Just gave OS/2 warp 4 a try again. It now seems to crash on an INT 70h(IRQ8, according to the second PIC's ICW2)? The IDTR is pointing to some memory (E30FBE with a limit of 3FFh) that's not in memory? Thus it's triple faulting. Anyone?

Edit: It's FFE30FBE for all LIDT loads until the crash. Then, suddenly, the FFh byte is cleared, but the rest is set?

That happens at 160:fff615a4. It points to SS:FEE4(SS has a limit of 48BB, base ffe0c744). That would result in a linear address of FFE1C628. That's at physical address 2A628(according to the paging TLB).

Edit: One interesting thing I see happening is that it keeps loading the IDTR with a sub-4GB base(FFxxxxxxh) or 0, back and forth. Probably switching between real mode BIOS and protected-mode OS(like Windows 3.x does as well). But just before the crashing interrupt, it suddenly switches to 00xxxxxxh(the xxxxxxh part is always E30FBE), which isn't paged in, thus triple faulting on the IRQ handler interrupt itself. So perhaps it's loading an invalid IDTR for some reason? Something incorrectly clearing the highest byte?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 93 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just tried logging the 160 code segment instead of the whole thing. Then I, looking upwards from the invalid (L)IDT base being loaded, I arrive at some "0160:fff8c95b (F3A5)REP MOVSD" instruction, that's seemingly moving a block of memory? That instruction seems to overwrite said memory, writing data from another chunk of memory there? That happens at timestamp 03:02:22:82.02400.

The log of the 160 segment(until just before said crash on the IRQ8 being started, but including the invalid LIDT instruction):
https://www.dropbox.com/s/hdfn2frtlnnv8lp/deb … otingv2.7z?dl=0

Edit: Hmmm.... Looking at the REP MOVSW instruction it's running, it seems to somehow keep prefetching the very same block of memory at 160:fff8c95b into the prefetch buffer. That isn't supposed to happen during a REP instruction that's running? I also see no interrupts being raised, so the prefetch buffer isn't being cleared in that way.

The Pentium is in IPS clocking mode, so it keeps prefetching until the prefetch buffer is filled, but it isn't supposed to be cleared while the REP instruction is doing it's repeating, since it doesn't exactly jump to another location in memory?

So perhaps there's a prefetch issue right there?

Edit: It did have to do with the prefetch, as well as the REPeating instructions itself! The prefetch buffer was cleared and reset each time an REPeated instruction was doing one repeated action.
The REPeating instructions itself were essentially processing dummy instruction handlers from the second repeat and onwards(the first ran normally(like any other instruction, except with blocking option to prevent it from executing), the second one and onwards were executing without the execution phase handler being notified that a new instruction is to be started(loading the pointer to the current instruction handler, which is either an interrupt, instruction or task switch handler). Since the first instruction actually zeroes out said handler(since it's done it's work) after the last execution phase of the current action of the EU is finished(and the opcode is finished as well), any following phases(the rest of the repeated instruction, as there is no more instruction fetching and decoding after the first instruction) will cause it to effectively execute a NOP(since the pointer is zeroed, it counts execution as invalid, logs a warning that the EU has nothing to do(Literally "Warning: nothing to do?") and aborts handling the opcode, leaving the executed state set to 1, thus finishing the currently executing instruction with one cycle as it's duration(actually 0, but it's patched to 1 since a 0-cycle duration can't exist).

So, having solved that, those REP instructions should be a lot lighter to be emulated now, as well as properly using the PIQ.

Edit: Perhaps that also caused the bug in 8088 MPH? Since the STOSW instruction, when prefixed with REP, didn't fully execute(only the first one actually did. The rest were effectively NOP instructions).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 94 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Anyone knows what might cause the Compaq Deskpro 386 BIOS to become very slow during it's memory check of 99XX through 12000KB? I have 12MB of RAM installed(of which ~380K is made into a ROM(actually write-protected RAM) by the BIOS) in UniPCemu. The RAM between 640K-1M and any between 15M-16M and 3G-4G is remapped to the end of RAM, of which the final ~380K is mapped as mentioned above(the Compaq BIOS' shadow RAM, although the Compaq manuals might call it differently). Said RAM is controlled(remapped and Read-Only flags) by the register at memory location 80C00000(write-only register).

Edit: Just tried again running Pink Panther in Hocus Pocus Pink. Now, it displays a white window(about the size of the installer's window), after which Windows crashes and displays a message saying that it has insufficient memory to allocate and unable to load COMMAND.COM?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 95 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just tried reinstalling Windows 95 with the latest bugfixes on my Pentium emulation(without FPU).

It resulted in the next button during the User Information setup step giving a:

Error SU995029

Error in System Detection services
(0x13a5)

Inside a Dialog with the titel bar saying "Setup".

Edit: Hmmm.... The 80386 emulation without the Plop BIOS ROM seems to continue on correctly?
Edit: With Plop and 80386 as well. So perhaps a Pentium-specific bug?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 96 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Installing Windows 95a on the 80386 emulation goes fine until just after the reboot. But eventually it still crashes on some unknown user-mode driver. I see exactly one page fault, at DS(30):CB1008? It happens directly after the B drive motor has spinned up(propably the floppy PDR driver), when it's trying to initialize the (second) IDE driver(the ESDI_506.PDR driver being loaded a second time)?

Edit: The first boot only throws exactly one page fault: at 30(DS):CB1008?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 97 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Hmmm... The Pink Panther in Hocus Pocus Pink has changed somewhat. It now doesn't even start, crashing WFW 3.11 to the MS-DOS prompt?

Edit: I also tried running the QEMU testsuite again. Both the testsuite and CWSDPMI now crash with a Double fault?

Edit: Interestingly enough, after running the QEMU testsuite a few times, the error disappears and it just runs once, then further until the end?

I've made a log of the testsuite running inside UniPCemu, being an as "i386_n~1>output.log" from the MS-DOS prompt:

Filename
debugger_QEMU_testsuite_crashing.7z
File size
736.8 KiB
Downloads
74 downloads
File comment
QEMU testsuite running on UniPCemu crashing?
File license
Fair use/fair dealing exception

Cam anyone see what's going wrong? Or some fault that's supposed to happen that's missing?
Edit: Hmmm.... The page fault at the end, It's returning properly to real mode, then does it's thing, and returns to protected mode and executes a TSS-based hardware task switch back to the software that was originally interrupted? That happens at 00:05:30:44.06656.

Edit: The debugger acts a bit strange on the 66h 67h REP MOVSD when it returns to said task, loading the data that's been read for the application into memory. It keeps logging the task-switching JMP instruction for that one?
The PTE's page frame loaded for that memory address seems to be at 01A000.

Edit: Looking at the disassembly what's executing, I keep seeing task switching from 68->60->70(which transfers back to 68h again)?

Edit: It looks like while it's transferring the data for the application, an hardware interrupt arrives(interrupt 0x40 seems to be triggered, according to the descriptor's address substracted with the IDTR base address)?
Edit: Thus the TSS returns it to EIP=0x3C5.

Edit: The main (executable loading I think) loading loop ends at 0087:000003c9, with a POP ES instruction following the data load from the Paging part of the executable at 10001000 and onwards. That's at line 0087:000003c9. So the page faults until then are fine. That's at line 159884. So up until then, there isn't supposed to be anything wrong yet. So the problem should be somewhere in the remaining 28047 lines:

Filename
debugger_QEMU_testsuite_remainder.7z
File size
132.02 KiB
Downloads
78 downloads
File comment
Remainder after the REP MOVSD loading data from the disk/executable.
File license
Fair use/fair dealing exception

Edit: Hmmm.... At line 286 of the remainder log, I see it trying to execute a DPMI "Simulate Real Mode Interrupt" DPMI host call? (See http://www.delorie.com/djgpp/doc/dpmi/api/310300.html )

0087:00000486 CD 31 int 31	RealRAM(p):00010e80=89(‰); RAM(p):00010e80=89(‰); Physical(p):00010e80=89(‰); Paged(p):00010e80=89(‰); Normal(p):00000490=89(‰); RealRAM(p):00010e81=de(Þ); RAM(p):00010e81=de(Þ); Physical(p):00010e81=de(Þ); Paged(p):00010e81=de(Þ); Normal(p):00000491=de(Þ); RealRAM(p):00010e82=8b(‹); RAM(p):00010e82=8b(‹); Physical(p):00010e82=8b(‹); Paged(p):00010e82=8b(‹); Normal(p):00000492=8b(‹); RealRAM(p):00010e83=3e(>); RAM(p):00010e83=3e(>); Physical(p):00010e83=3e(>); Paged(p):00010e83=3e(>); Normal(p):00000493=3e(>); RealRAM(p):00010e84=89(‰); RAM(p):00010e84=89(‰); Physical(p):00010e84=89(‰); Paged(p):00010e84=89(‰); Normal(p):00000494=89(‰); RealRAM(p):00010e85=04(); RAM(p):00010e85=04(); Physical(p):00010e85=04(); Paged(p):00010e85=04(); Normal(p):00000495=04(); RealRAM(r):00027003=00( ); RAM(r):00027003=00( ); Physical(r):00027003=00( ); RealRAM(r):00027002=02(); RAM(r):00027002=02(); Physical(r):00027002=02(); RealRAM(r):00027001=62(b); RAM(r):00027001=62(b); Physical(r):00027001=62(b); RealRAM(r):00027000=27('); RAM(r):00027000=27('); Physical(r):00027000=27('); RealRAM(r):00026067=00( ); RAM(r):00026067=00( ); Physical(r):00026067=00( ); RealRAM(r):00026066=01(); RAM(r):00026066=01(); Physical(r):00026066=01(); RealRAM(r):00026065=90(); RAM(r):00026065=90(); Physical(r):00026065=90(); RealRAM(r):00026064=27('); RAM(r):00026064=27('); Physical(r):00026064=27('); Normal(w):00000758=46(F); Paged(w):00011148=46(F); Physical(w):00011148=46(F); RAM(w):00011148=46(F); RealRAM(w):00011148=46(F); Normal(w):00000759=32(2); Paged(w):00011149=32(2); Physical(w):00011149=32(2); RAM(w):00011149=32(2); RealRAM(w):00011149=32(2); Normal(w):0000075a=00( ); Paged(w):0001114a=00( ); Physical(w):0001114a=00( ); RAM(w):0001114a=00( ); RealRAM(w):0001114a=00( ); Normal(w):0000075b=00( ); Paged(w):0001114b=00( ); Physical(w):0001114b=00( ); RAM(w):0001114b=00( ); RealRAM(w):0001114b=00( ); Normal(w):00000754=87(‡); Paged(w):00011144=87(‡); Physical(w):00011144=87(‡); RAM(w):00011144=87(‡); RealRAM(w):00011144=87(‡); Normal(w):00000755=00( ); Paged(w):00011145=00( ); Physical(w):00011145=00( ); RAM(w):00011145=00( ); RealRAM(w):00011145=00( ); Normal(w):00000756=00( ); Paged(w):00011146=00( ); Physical(w):00011146=00( ); RAM(w):00011146=00( ); RealRAM(w):00011146=00( ); Normal(w):00000757=00( ); Paged(w):00011147=00( ); Physical(w):00011147=00( ); RAM(w):00011147=00( ); RealRAM(w):00011147=00( ); Normal(w):00000750=88(ˆ); Paged(w):00011140=88(ˆ); Physical(w):00011140=88(ˆ); RAM(w):00011140=88(ˆ); RealRAM(w):00011140=88(ˆ); Normal(w):00000751=04(); Paged(w):00011141=04(); Physical(w):00011141=04(); RAM(w):00011141=04(); RealRAM(w):00011141=04(); Normal(w):00000752=00( ); Paged(w):00011142=00( ); Physical(w):00011142=00( ); RAM(w):00011142=00( ); RealRAM(w):00011142=00( ); Normal(w):00000753=00( ); Paged(w):00011143=00( ); Physical(w):00011143=00( ); RAM(w):00011143=00( ); RealRAM(w):00011143=00( )
Registers:
EAX: 00000300 EBX: 00030021 ECX: 00000000 EDX: 000000b7
ESP: 0000075c EBP: 0000091c ESI: 0000f000 EDI: 0000062a
CS: 0087 DS: 008f ES: 008f FS: 0000 GS: 0000 SS: 008f TR: 0060 LDTR: 0078
EIP: 00000486 EFLAGS: 00003246
CR0: 80000009 CR1: 00000000 CR2: 00000000 CR3: 00027000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00000001a4720087 IDTR: 00000001987207ff
FLAGSINFO: 00000000000000vr0n11odItsZ0a0P1c

So it's calling the MS-DOS interrupt vector(int 21h). DS seems to point to 109F0 in the linear address space. EDI is set to 62A, so at 109F0+62A=1101A is the table with parameters for the return to the real mode handler of the INT21h vector?

So, according to the table:
00H(1101A) 4 DI or EDI
04H(1101E) 4 SI or ESI
08H(11022) 4 BP or EBP
0CH(11026) 4 reserved, should be zero
10H(1102A) 4 BX or EBX
14H(1102E) 4 DX or EDX
18H(11032) 4 CX or ECX
1CH(11036) 4 AX or EAX
20H(1103A) 2 CPU status flags
22H(1103C) 2 ES
24H(1104E) 2 DS
26H(11050) 2 FS
28H(11052) 2 GS
2AH(11054) 2 IP (reserved, ignored)
2CH(11056) 2 CS (reserved, ignored)
2EH(11058) 2 SP
30H(1105A) 2 SS

That's what should be loaded in memory at those locations?
Edit: It copies those values to the memory at 1b504(ES(33):20D4).

The real mode interrupt handler eventually switches to task 0x68? So the PM task is task 0x70. TSS 0x68 is some kind of intermediary step to real mode?
Edit: Task 0x68 is actually some task that executes the real mode code and returns to the PM task afterwards from it. It immediately after loading switches back to task 0x60. So 0x60 or 0x70 are both native protected-mode tasks?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 98 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just found out something interesting: CWSDPMI being used by the testsuite seems to crash, depending on the interrupts that are occurring. If a timer interrupt gets in between while it's loading the executable(the DPMI-enabled program, in this case the testsuite), CWSDPMI double faults into oblivion(at the location the interrupt occurs).

But when no interrupt(IRQ0) occurs during loading the executable, the executable loads and runs properly.

This is the first logged output from UniPCemu running the testsuite:

bsrw       A=00000000 R=12345678 1
bsrw A=12340128 R=12340008 0
bsfw A=00000000 R=12345678 1
bsfw A=12340128 R=12340003 0
bsrl A=00000000 R=12345678 1
bsrl A=00340128 R=00000015 0
bsfl A=00000000 R=12345678 1
bsfl A=00340128 R=00000003 0
imulb A=1234561d B=00000004 R=12340074 CC=0000
imulb A=00000003 B=fffffffc R=0000fff4 CC=0000
imulb A=00000080 B=00000080 R=00004000 CC=0801
imulb A=00000010 B=00000010 R=00000100 CC=0801
imulw AH=00000000 AL=1234001d B=0000002d RH=00000000 RL=12340519 CC=0000
imulw AH=00000000 AL=00000017 B=ffffffd3 RH=0000ffff RL=0000fbf5 CC=0000
imulw AH=00000000 AL=00008000 B=00008000 RH=00004000 RL=00000000 CC=0801
imulw AH=00000000 AL=00000100 B=00000100 RH=00000001 RL=00000000 CC=0801
imull AH=00000000 AL=1234001d B=0000002d RH=00000003 RL=33240519 CC=0801
imull AH=00000000 AL=00000017 B=ffffffd3 RH=ffffffff RL=fffffbf5 CC=0000
imull AH=00000000 AL=80000000 B=80000000 RH=40000000 RL=00000000 CC=0801
imull AH=00000000 AL=00010000 B=00010000 RH=00000001 RL=00000000 CC=0801
mulb A=1234561d B=00000004 R=12340074 CC=0000
mulb A=00000003 B=fffffffc R=000002f4 CC=0801
mulb A=00000080 B=00000080 R=00004000 CC=0801
mulb A=00000010 B=00000010 R=00000100 CC=0801
mulw AH=00000000 AL=1234001d B=0000002d RH=00000000 RL=12340519 CC=0000
mulw AH=00000000 AL=00000017 B=ffffffd3 RH=00000016 RL=0000fbf5 CC=0801
mulw AH=00000000 AL=00008000 B=00008000 RH=00004000 RL=00000000 CC=0801
mulw AH=00000000 AL=00000100 B=00000100 RH=00000001 RL=00000000 CC=0801
mull AH=00000000 AL=1234001d B=0000002d RH=00000003 RL=33240519 CC=0801
mull AH=00000000 AL=00000017 B=ffffffd3 RH=00000016 RL=fffffbf5 CC=0801
mull AH=00000000 AL=80000000 B=80000000 RH=40000000 RL=00000000 CC=0801
mull AH=00000000 AL=00010000 B=00010000 RH=00000001 RL=00000000 CC=0801
imulw A=1234001d B=0000002d R=12340519 CC=0000
imulw A=00000017 B=ffffffd3 R=0000fbf5 CC=0000
imulw A=00008000 B=00008000 R=00000000 CC=0801
imulw A=00000100 B=00000100 R=00000000 CC=0801
imull A=1234001d B=0000002d R=33240519 CC=0801
imull A=00000017 B=ffffffd3 R=fffffbf5 CC=0000
imull A=80000000 B=80000000 R=00000000 CC=0801
imull A=00010000 B=00010000 R=00000000 CC=0801
imulw im A=0000002d B=00001234 R=00003324 CC=0000
imulw im A=ffffffd3 B=00000017 R=0000fbf5 CC=0000
imulw im A=00008000 B=80000000 R=00000000 CC=0000
imulw im A=00007fff B=00001000 R=0000f000 CC=0000
imull im A=0000002d B=00001234 R=00033324 CC=0000
imull im A=ffffffd3 B=00000017 R=fffffbf5 CC=0000
imull im A=00008000 B=80000000 R=00000000 CC=0000
imull im A=00007fff B=00001000 R=07fff000 CC=0000
idivb A=12341678 B=0000127e R=1234522d CC=0000
idivb A=43210123 B=fffffffb R=432101c6 CC=0000
idivb A=12340004 B=ffffffff R=123400fc CC=0000
idivw AH=00000000 AL=12345678 B=0000303b RH=0000263d RL=12340001 CC=0000
idivw AH=00000000 AL=ffffa549 B=ffffffd3 RH=0000000d RL=fffffc54 CC=0000
idivw AH=00000000 AL=12348000 B=ffffffff RH=00000000 RL=12348000 CC=0000
idivw AH=00012343 AL=12345678 B=81238567 RH=000120a6 RL=1234b65e CC=0000
idivl AH=00000000 AL=12345678 B=0000303b RH=00001198 RL=000060a0 CC=0000
idivl AH=00000000 AL=fffc70f9 B=ffffffd3 RH=0000002b RL=fa4fb93a CC=0000
idivl AH=00000000 AL=80000000 B=ffffffff RH=00000000 RL=80000000 CC=0000
idivl AH=00012343 AL=12345678 B=81234567 RH=4ba84b51 RL=fffdb441 CC=0000
divb A=12341678 B=0000127e R=1234522d CC=0000
Show last 353 lines
divb       A=43210123 B=fffffffb R=43212801 CC=0000
divb A=12340004 B=ffffffff R=12340400 CC=0000
divw AH=00000000 AL=12345678 B=0000303b RH=0000263d RL=12340001 CC=0000
divw AH=00000000 AL=ffffa549 B=ffffffd3 RH=0000a549 RL=ffff0000 CC=0000
divw AH=00000000 AL=12348000 B=ffffffff RH=00008000 RL=12340000 CC=0000
divw AH=00012343 AL=12345678 B=81238567 RH=000145ab RL=123443ab CC=0000
divl AH=00000000 AL=12345678 B=0000303b RH=00001198 RL=000060a0 CC=0000
divl AH=00000000 AL=fffc70f9 B=ffffffd3 RH=fffc70f9 RL=00000000 CC=0000
divl AH=00000000 AL=80000000 B=ffffffff RH=80000000 RL=00000000 CC=0000
divl AH=00012343 AL=12345678 B=81234567 RH=2100133c RL=00024164 CC=0000
jne 0
setne 1
jne 0
setne 1
je 1
sete 0
je 1
sete 0
jl 0
setl 0
jl 0
setl 0
jl 0
setl 0
jle 1
setle 0
jle 1
setle 0
jle 1
setle 0
jge 1
setge 1
jge 1
setge 1
jge 0
setge 0
jg 0
setg 1
jg 0
setg 1
jg 0
setg 1
jb 0
setb 0
jb 0
setb 0
jb 0
setb 0
jbe 1
setbe 0
jbe 1
setbe 0
jbe 1
setbe 0
jae 1
setae 1
jae 1
setae 1
jae 1
setae 1
ja 0
seta 1
ja 0
seta 1
ja 0
seta 1
jp 1
setp 0
jp 1
setp 0
jnp 0
setnp 1
jnp 0
setnp 1
jo 0
seto 0
jo 0
seto 0
jno 1
setno 1
jno 1
setno 1
js 1
sets 0
js 1
sets 0
js 1
sets 0
jns 0
setns 1
jns 0
setns 1
jns 0
setns 1
jcxz ECX=00000000 ZF=0 r=1
jcxz ECX=00000000 ZF=1 r=1
jcxz ECX=00000001 ZF=0 r=0
jcxz ECX=00000001 ZF=1 r=0
jcxz ECX=00010000 ZF=0 r=1
jcxz ECX=00010000 ZF=1 r=1
jcxz ECX=00010001 ZF=0 r=0
jcxz ECX=00010001 ZF=1 r=0
loopw ECX=00000000 ZF=0 r=1
loopw ECX=00000000 ZF=1 r=1
loopw ECX=00000001 ZF=0 r=0
loopw ECX=00000001 ZF=1 r=0
loopw ECX=00010000 ZF=0 r=1
loopw ECX=00010000 ZF=1 r=1
loopw ECX=00010001 ZF=0 r=0
loopw ECX=00010001 ZF=1 r=0
loopzw ECX=00000000 ZF=0 r=0
loopzw ECX=00000000 ZF=1 r=1
loopzw ECX=00000001 ZF=0 r=0
loopzw ECX=00000001 ZF=1 r=0
loopzw ECX=00010000 ZF=0 r=0
loopzw ECX=00010000 ZF=1 r=1
loopzw ECX=00010001 ZF=0 r=0
loopzw ECX=00010001 ZF=1 r=0
loopnzw ECX=00000000 ZF=0 r=1
loopnzw ECX=00000000 ZF=1 r=0
loopnzw ECX=00000001 ZF=0 r=0
loopnzw ECX=00000001 ZF=1 r=0
loopnzw ECX=00010000 ZF=0 r=1
loopnzw ECX=00010000 ZF=1 r=0
loopnzw ECX=00010001 ZF=0 r=0
loopnzw ECX=00010001 ZF=1 r=0
jecxz ECX=00000000 ZF=0 r=1
jecxz ECX=00000000 ZF=1 r=1
jecxz ECX=00000001 ZF=0 r=0
jecxz ECX=00000001 ZF=1 r=0
jecxz ECX=00010000 ZF=0 r=0
jecxz ECX=00010000 ZF=1 r=0
jecxz ECX=00010001 ZF=0 r=0
jecxz ECX=00010001 ZF=1 r=0
loopl ECX=00000000 ZF=0 r=1
loopl ECX=00000000 ZF=1 r=1
loopl ECX=00000001 ZF=0 r=0
loopl ECX=00000001 ZF=1 r=0
loopl ECX=00010000 ZF=0 r=1
loopl ECX=00010000 ZF=1 r=1
loopl ECX=00010001 ZF=0 r=1
loopl ECX=00010001 ZF=1 r=1
loopzl ECX=00000000 ZF=0 r=0
loopzl ECX=00000000 ZF=1 r=1
loopzl ECX=00000001 ZF=0 r=0
loopzl ECX=00000001 ZF=1 r=0
loopzl ECX=00010000 ZF=0 r=0
loopzl ECX=00010000 ZF=1 r=1
loopzl ECX=00010001 ZF=0 r=0
loopzl ECX=00010001 ZF=1 r=1
loopnzl ECX=00000000 ZF=0 r=1
loopnzl ECX=00000000 ZF=1 r=0
loopnzl ECX=00000001 ZF=0 r=0
loopnzl ECX=00000001 ZF=1 r=0
loopnzl ECX=00010000 ZF=0 r=1
loopnzl ECX=00010000 ZF=1 r=0
loopnzl ECX=00010001 ZF=0 r=1
loopnzl ECX=00010001 ZF=1 r=0
daa A=12340503 R=12340509 CCIN=0010 CC=0014
daa A=12340506 R=1234050c CCIN=0010 CC=0014
daa A=12340507 R=1234050d CCIN=0010 CC=0010
daa A=12340559 R=1234055f CCIN=0010 CC=0014
daa A=12340560 R=12340566 CCIN=0010 CC=0014
daa A=1234059f R=12340505 CCIN=0010 CC=0015
daa A=123405a0 R=12340506 CCIN=0010 CC=0015
daa A=12340503 R=12340503 CCIN=0000 CC=0004
daa A=12340506 R=12340506 CCIN=0000 CC=0004
daa A=12340503 R=12340563 CCIN=0001 CC=0005
daa A=12340506 R=12340566 CCIN=0001 CC=0005
daa A=12340503 R=12340569 CCIN=0011 CC=0015
daa A=12340506 R=1234056c CCIN=0011 CC=0015
das A=12340503 R=123405fd CCIN=0010 CC=0091
das A=12340506 R=12340500 CCIN=0010 CC=0054
das A=12340507 R=12340501 CCIN=0010 CC=0010
das A=12340559 R=12340553 CCIN=0010 CC=0014
das A=12340560 R=1234055a CCIN=0010 CC=0014
das A=1234059f R=12340539 CCIN=0010 CC=0015
das A=123405a0 R=1234053a CCIN=0010 CC=0015
das A=12340503 R=12340503 CCIN=0000 CC=0004
das A=12340506 R=12340506 CCIN=0000 CC=0004
das A=12340503 R=123405a3 CCIN=0001 CC=0085
das A=12340506 R=123405a6 CCIN=0001 CC=0085
das A=12340503 R=1234059d CCIN=0011 CC=0091
das A=12340506 R=123405a0 CCIN=0011 CC=0095
aaa A=12340205 R=1234030b CCIN=0010 CC=0011
aaa A=12340306 R=1234040c CCIN=0010 CC=0011
aaa A=1234040a R=12340500 CCIN=0010 CC=0011
aaa A=123405fa R=12340700 CCIN=0010 CC=0011
aaa A=12340205 R=12340205 CCIN=0000 CC=0000
aaa A=12340306 R=12340306 CCIN=0000 CC=0000
aaa A=1234040a R=12340500 CCIN=0000 CC=0011
aaa A=123405fa R=12340700 CCIN=0000 CC=0011
aas A=12340205 R=1234000f CCIN=0010 CC=0011
aas A=12340306 R=12340200 CCIN=0010 CC=0011
aas A=1234040a R=12340304 CCIN=0010 CC=0011
aas A=123405fa R=12340404 CCIN=0010 CC=0011
aas A=12340205 R=12340205 CCIN=0000 CC=0000
aas A=12340306 R=12340306 CCIN=0000 CC=0000
aas A=1234040a R=12340304 CCIN=0000 CC=0011
aas A=123405fa R=12340404 CCIN=0000 CC=0011
aam A=12340547 R=12340701 CCIN=0010 CC=0000
aad A=12340407 R=1234002f CCIN=0010 CC=0000
xchgl A=fbca7654 B=12345678
xchgw A=12347654 B=fbca5678
xchgb A=12345654 B=fbca7678
xchgl A=fbca7654 B=12345678
xchgw A=12347654 B=fbca5678
xchgb A=12345654 B=fbca7678
stosb ESI=0001b3a4 EDI=0001b3b5 EAX=12345678 ECX=00000011 EFL=0000
stosw ESI=0001b3a4 EDI=0001b3b6 EAX=12345678 ECX=00000011 EFL=0000
stosl ESI=0001b3a4 EDI=0001b3b8 EAX=12345678 ECX=00000011 EFL=0000
stosb ESI=0001b3a4 EDI=0001b3b3 EAX=12345678 ECX=00000011 EFL=0000
stosw ESI=0001b3a4 EDI=0001b3b2 EAX=12345678 ECX=00000011 EFL=0000
stosl ESI=0001b3a4 EDI=0001b3b0 EAX=12345678 ECX=00000011 EFL=0000
rep stosb ESI=0001b3a4 EDI=0001b3c5 EAX=12345678 ECX=00000000 EFL=0000
rep stosw ESI=0001b3a4 EDI=0001b3d6 EAX=12345678 ECX=00000000 EFL=0000
rep stosl ESI=0001b3a4 EDI=0001b3f8 EAX=12345678 ECX=00000000 EFL=0000
rep stosb ESI=0001b3a4 EDI=0001b3a3 EAX=12345678 ECX=00000000 EFL=0000
rep stosw ESI=0001b3a4 EDI=0001b392 EAX=12345678 ECX=00000000 EFL=0000
rep stosl ESI=0001b3a4 EDI=0001b370 EAX=12345678 ECX=00000000 EFL=0000
lodsb ESI=0001b3a5 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsw ESI=0001b3a6 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsl ESI=0001b3a8 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsb ESI=0001b3a3 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsw ESI=0001b3a2 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsl ESI=0001b3a0 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
rep lodsb ESI=0001b3b5 EDI=0001b3b4 EAX=12345678 ECX=00000000 EFL=0000
rep lodsw ESI=0001b3c6 EDI=0001b3b4 EAX=12345678 ECX=00000000 EFL=0000
rep lodsl ESI=0001b3e8 EDI=0001b3b4 EAX=12345678 ECX=00000000 EFL=0000
rep lodsb ESI=0001b393 EDI=0001b3b4 EAX=12345678 ECX=00000000 EFL=0000
rep lodsw ESI=0001b382 EDI=0001b3b4 EAX=12345678 ECX=00000000 EFL=0000
rep lodsl ESI=0001b360 EDI=0001b3b4 EAX=19181716 ECX=00000000 EFL=0000
movsb ESI=0001b3a5 EDI=0001b3b5 EAX=12345678 ECX=00000011 EFL=0000
movsw ESI=0001b3a6 EDI=0001b3b6 EAX=12345678 ECX=00000011 EFL=0000
movsl ESI=0001b3a8 EDI=0001b3b8 EAX=12345678 ECX=00000011 EFL=0000
movsb ESI=0001b3a3 EDI=0001b3b3 EAX=12345678 ECX=00000011 EFL=0000
movsw ESI=0001b3a2 EDI=0001b3b2 EAX=12345678 ECX=00000011 EFL=0000
movsl ESI=0001b3a0 EDI=0001b3b0 EAX=12345678 ECX=00000011 EFL=0000
rep movsb ESI=0001b3b5 EDI=0001b3c5 EAX=12345678 ECX=00000000 EFL=0000
rep movsw ESI=0001b3c6 EDI=0001b3d6 EAX=12345678 ECX=00000000 EFL=0000
rep movsl ESI=0001b3e8 EDI=0001b3f8 EAX=12345678 ECX=00000000 EFL=0000
rep movsb ESI=0001b393 EDI=0001b3a3 EAX=12345678 ECX=00000000 EFL=0000
rep movsw ESI=0001b382 EDI=0001b392 EAX=12345678 ECX=00000000 EFL=0000
rep movsl ESI=0001b360 EDI=0001b370 EAX=12345678 ECX=00000000 EFL=0000
lodsb ESI=0001b3a5 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsw ESI=0001b3a6 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsl ESI=0001b3a8 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsb ESI=0001b3a3 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsw ESI=0001b3a2 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
lodsl ESI=0001b3a0 EDI=0001b3b4 EAX=12345678 ECX=00000011 EFL=0000
scasb ESI=0001b3a4 EDI=0001b3b5 EAX=12345678 ECX=00000011 EFL=0044
scasw ESI=0001b3a4 EDI=0001b3b6 EAX=12345678 ECX=00000011 EFL=0044
scasl ESI=0001b3a4 EDI=0001b3b8 EAX=12345678 ECX=00000011 EFL=0044
scasb ESI=0001b3a4 EDI=0001b3b3 EAX=12345678 ECX=00000011 EFL=0044
scasw ESI=0001b3a4 EDI=0001b3b2 EAX=12345678 ECX=00000011 EFL=0044
scasl ESI=0001b3a4 EDI=0001b3b0 EAX=12345678 ECX=00000011 EFL=0044
repz scasb ESI=0001b3a4 EDI=0001b3b6 EAX=12345678 ECX=0000000f EFL=0004
repz scasw ESI=0001b3a4 EDI=0001b3b8 EAX=12345678 ECX=0000000f EFL=0004
repz scasl ESI=0001b3a4 EDI=0001b3f8 EAX=12345678 ECX=00000000 EFL=0044
repz scasb ESI=0001b3a4 EDI=0001b3b2 EAX=12345678 ECX=0000000f EFL=0004
repz scasw ESI=0001b3a4 EDI=0001b3b0 EAX=12345678 ECX=0000000f EFL=0004
repz scasl ESI=0001b3a4 EDI=0001b37c EAX=12345678 ECX=00000003 EFL=0085
repnz scasb ESI=0001b3a4 EDI=0001b3b5 EAX=12345678 ECX=00000010 EFL=0044
repnz scasw ESI=0001b3a4 EDI=0001b3b6 EAX=12345678 ECX=00000010 EFL=0044
repnz scasl ESI=0001b3a4 EDI=0001b3b8 EAX=12345678 ECX=00000010 EFL=0044
repnz scasb ESI=0001b3a4 EDI=0001b3b3 EAX=12345678 ECX=00000010 EFL=0044
repnz scasw ESI=0001b3a4 EDI=0001b3b2 EAX=12345678 ECX=00000010 EFL=0044
repnz scasl ESI=0001b3a4 EDI=0001b3b0 EAX=12345678 ECX=00000010 EFL=0044
cmpsb ESI=0001b3a5 EDI=0001b3b5 EAX=12345678 ECX=00000011 EFL=0044
cmpsw ESI=0001b3a6 EDI=0001b3b6 EAX=12345678 ECX=00000011 EFL=0044
cmpsl ESI=0001b3a8 EDI=0001b3b8 EAX=12345678 ECX=00000011 EFL=0044
cmpsb ESI=0001b3a3 EDI=0001b3b3 EAX=12345678 ECX=00000011 EFL=0044
cmpsw ESI=0001b3a2 EDI=0001b3b2 EAX=12345678 ECX=00000011 EFL=0044
cmpsl ESI=0001b3a0 EDI=0001b3b0 EAX=12345678 ECX=00000011 EFL=0044
repz cmpsb ESI=0001b3b5 EDI=0001b3c5 EAX=12345678 ECX=00000000 EFL=0044
repz cmpsw ESI=0001b3c6 EDI=0001b3d6 EAX=12345678 ECX=00000000 EFL=0044
repz cmpsl ESI=0001b3e8 EDI=0001b3f8 EAX=12345678 ECX=00000000 EFL=0044
repz cmpsb ESI=0001b393 EDI=0001b3a3 EAX=12345678 ECX=00000000 EFL=0044
repz cmpsw ESI=0001b382 EDI=0001b392 EAX=12345678 ECX=00000000 EFL=0044
repz cmpsl ESI=0001b37c EDI=0001b38c EAX=12345678 ECX=00000007 EFL=0014
repnz cmpsb ESI=0001b3a5 EDI=0001b3b5 EAX=12345678 ECX=00000010 EFL=0044
repnz cmpsw ESI=0001b3a6 EDI=0001b3b6 EAX=12345678 ECX=00000010 EFL=0044
repnz cmpsl ESI=0001b3a8 EDI=0001b3b8 EAX=12345678 ECX=00000010 EFL=0044
repnz cmpsb ESI=0001b3a3 EDI=0001b3b3 EAX=12345678 ECX=00000010 EFL=0044
repnz cmpsw ESI=0001b3a2 EDI=0001b3b2 EAX=12345678 ECX=00000010 EFL=0044
repnz cmpsl ESI=0001b3a0 EDI=0001b3b0 EAX=12345678 ECX=00000010 EFL=0044
xlat: EAX=12345688
func_lret=87654321
func_iret=abcd4321
popl esp=00bc6058
popw esp=00bc6058
lea 0x4000 = 00004000
lea (%%eax) = 00000001
lea (%%ebx) = 00000002
lea (%%ecx) = 00000004
lea (%%edx) = 00000008
lea (%%esi) = 00000010
lea (%%edi) = 00000020
lea 0x40(%%eax) = 00000041
lea 0x40(%%ebx) = 00000042
lea 0x40(%%ecx) = 00000044
lea 0x40(%%edx) = 00000048
lea 0x40(%%esi) = 00000050
lea 0x40(%%edi) = 00000060
lea 0x4000(%%eax) = 00004001
lea 0x4000(%%ebx) = 00004002
lea 0x4000(%%ecx) = 00004004
lea 0x4000(%%edx) = 00004008
lea 0x4000(%%esi) = 00004010
lea 0x4000(%%edi) = 00004020
lea (%%eax, %%ecx) = 00000005
lea (%%ebx, %%edx) = 0000000a
lea (%%ecx, %%ecx) = 00000008
lea (%%edx, %%ecx) = 0000000c
lea (%%esi, %%ecx) = 00000014
lea (%%edi, %%ecx) = 00000024
lea 0x40(%%eax, %%ecx) = 00000045
lea 0x4000(%%ebx, %%edx) = 0000400a
lea (%%ecx, %%ecx, 2) = 0000000c
lea (%%edx, %%ecx, 4) = 00000018
lea (%%esi, %%ecx, 8) = 00000030
lea (,%%eax, 2) = 00000002
lea (,%%ebx, 4) = 00000008
lea (,%%ecx, 8) = 00000020
lea 0x40(,%%eax, 2) = 00000042
lea 0x40(,%%ebx, 4) = 00000048
lea 0x40(,%%ecx, 8) = 00000060
lea -10(%%ecx, %%ecx, 2) = 00000002
lea -10(%%edx, %%ecx, 4) = 0000000e
lea -10(%%esi, %%ecx, 8) = 00000026
lea 0x4000(%%ecx, %%ecx, 2) = 0000400c
lea 0x4000(%%edx, %%ecx, 4) = 00004018
lea 0x4000(%%esi, %%ecx, 8) = 00004030
lea 0x4000 = 00004000
lea (%%bx) = 00000002
lea (%%si) = 00000010
lea (%%di) = 00000020
lea 0x40(%%bx) = 00000042
lea 0x40(%%si) = 00000050
lea 0x40(%%di) = 00000060
lea 0x4000(%%bx) = 00004002
lea 0x4000(%%si) = 00004010
lea (%%bx,%%si) = 00000012
lea (%%bx,%%di) = 00000022
lea 0x40(%%bx,%%si) = 00000052
lea 0x40(%%bx,%%di) = 00000062
lea 0x4000(%%bx,%%si) = 00004012
lea 0x4000(%%bx,%%di) = 00004022
cbw A=8234a6f8 R=8234fff8
cwde A=8234a6f8 R=ffffa6f8
cwd A=8234a6f8 R=8234a6f8:8345ffff
cdq A=8234a6f8 R=8234a6f8:ffffffff

Now I just need a 80386 to compare it against? Anyone has the results for a real 80386(I'm running MS-DOS 6.22 without any drivers loaded, booted using F5)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 99 of 591, by superfury

User metadata
Rank l33t++
Rank
l33t++

Privateer seems to have changed a bit with the latest updates: it's now producing a tone, but still seems to be hanging (probably in a loop) somehow? The video still isn't updating past the first frame.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io