calls to int 3d corrupt the stack

admiral coeyman admiral at corner.net
Sun Aug 17 04:10:59 CDT 2003 

Sylvain Petreolle,
> 
> 
> After doing some winedbg work, it appears that :
> - my call appears at 0x36f:0xc and should return at 0x36f:0xe
> Wine-dbg>disass 0x36f:0xc
> 0x036f:0x0000000c: int  $0x3d
> 0x036f:0x0000000e: movw 0xfffffffc(%bp),%ax
> 0x036f:0x00000011: movw 0xfffffffe(%bp),%dx
> 0x036f:0x00000014: leave
> 0x036f:0x00000015: ret  $0x4
>
	After the call, the return pointer should return execution to 0x36f:0xc which
will then contain the actual FPU opcode written over the interrupt call.  In
the case of an fwait, which we can safely ignore on 32 bit systems, 0xcd3d
could become 0x9090.   That is just two NOP instructions and would do nothing
but take up space.  The return pointer on the stack then has to be set back for
all of the FPU instructions so that the opcode that replaced the interrupt call
will be executed.

> after setting a breakpoint on DOSVM_Int3dHandler, I see that your
> calculated code variable points to another place (if I am right ;))
>
	It should be changed so that it points back to the changed interrupt call
instead of the next instruction.
 
> 192         FPU_ModifyCode(context, 0x90);
> Wine-dbg>step
> 225         WORD *stack = CTX_SEG_OFF_TO_LIN(context, context->SegSs,
> context->Esp);
> Wine-dbg>
> 224     {
> Wine-dbg>
> 225         WORD *stack = CTX_SEG_OFF_TO_LIN(context, context->SegSs,
> context->Esp);
> Wine-dbg>
> 226         BYTE *code =  CTX_SEG_OFF_TO_LIN(context, stack[1],
> stack[0]);
> Wine-dbg>
> 232         code[-2] = 0x9b;          /* The fwait instruction */
> Wine-dbg>disass code-2
> 0x000d0b51: addb        $0,%al
> 0x000d0b53: int $0x31
> 0x000d0b55: sti
> 0x000d0b56: lret
> 
> One things appears strange to me : you use a WORD pointer for the
> stack. Shouldnt it be a DWORD pointer, since real mode uses dword stack ?
> 
	I'm using a word because I am trying to split the segment word and the offset
word.  My references show the stack, in real mode, as 4 bytes with two being
the offset and two being the segment.  The whole problem results from trying to
alter this return address in real mode where I have to modify the address as
two parts.
	Maybe there is a difference under wine.  
	God Bless,
		--Robert 'Admiral' Coeyman

-- 
---
May you live as long as you wish and age but a single day.
http://www.dotguy.net/                 admiral at corner.net
Webmaster/ Linux Administrator         Computer Co-Op/CornerNet

More information about the wine-devel mailing list