Programme completed with ret



  • There's a program that reads itself and rewrites its code. I do not understand such comments to her: when the COM-programme is downloaded, the top of the track is placed on our segment ' s penultimate byte, i.e. sp=0FFFEh. In the performance of the near call, sp falls by two, i.e. becomes equal 0FFFCh. This indicates that, when the subprogramme is called, the processor will provide a return address. Therefore, there is no confusion in work: whether to go to DOS or return from the procedure. In any case, the DOS team ret in the COM-programmes only takes place if sp=0FFFEh and the programme itself has not lost the first 2 baths at the displacement of 0000h (i.e. team int 20h) of the segment where it was initially downloaded.

    Programme itself:

    CSEG segment
    assume cs:CSEG, ds:CSEG, es:CSEG, ss:CSEG
    org 100h
    

    begin:
    mov dx, offset file_name
    call open_file
    jc error_file

    ;Открыли файл
    mov bx, ax
    mov ah, 3Fh
    mov cx, offset finish - 100h
    mov dx, offset begin
    int 21h
    
    ;Прочитали файл
    call close_file
    
    ;Выводим сообщение
    mov ah, 9
    mov dx, offset mess_ok
    int 21h
    ret
    
    ;Не смогли найти файл
    

    error_file:
    mov ah, 2
    mov dl, 7
    int 21h
    ret

    ;Процедуры
    ;Открытие файла
    

    open_file proc
    cmp handle, 0FFFFh
    jne quit_open
    mov ax, 3D00h
    int 21h
    mov handle, ax
    ret
    quit_open:
    stc
    ret
    handle dw 0FFFFh
    open_file endp

    close_file proc
    mov ah, 3Eh
    mov bx, handle
    int 21h
    ret
    close_file endp

    ;Данные
    file_name db 'prog09.com', 0
    mess_ok db 'All is ok!', 0Ah, 0Dh, '$'

    finish equ $

    CSEG ends
    end begin

    (1) I don't know what a close call is.

    (2) Mechanic ret. If this instruction removes the return address from the glitch, is it, in DOS, does it always add up the grid to 2?

    (3) If the latter is correct, it remains to understand how the FFFE received 0000. There are calculations similar to modular arithmetic: n mod n = 0. If we had increased the grid register by one, FFFE would have produced FFFFFF mod FFFFFF = 0000. But ret increases the index to two, so it has to be 1,0001. What am I saying?

    And again. Why is the displacement of 0000 int 20h?



  • There's a thing in the assembler that's got the notions of a near and far transition. The call is not different. The length of the transfer(s) is when the address is fully indicated (in this case, and the segment is moved). And the nearest (the short) transition is a one-by-side transition (up to 128 rearwards or 127 byte forward).

    ret It's just-- it's removing the address that kept the call there (or the user planted his hands, or the operating system built it all right) and making a transition to that address. Team http://www.mathemainzel.info/files/x86asmref.html#ret It's too close and far. And naturally, it has to be coupled to call.

    What is added in the glass? In the case of a major challenge, the contents of the registers cs and ip are added (i.e. 4 bayta). In the case of short (high) ip only (two baytes).

    And the third question. Yes, the registers are 16. And that's why there's a clean water called modullar arithmetic. Only the module didn't get much. It is 10000h. and in this case FFFEh + 0002h = 10000h x 0000h.

    Here. http://www.codenet.ru/progr/dos/int_0025.php - it's a DOS interruption. And that's how it turns out to be int 20 by a given shift, it's just a dos job.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2