View Full Version : OVERRIDE=?
yangzhengbao
03-31-2006, 01:06 AM
;
; Push 48bit address of loader entry-point
;
db OVERRIDE
push KeCodeSelector
push ebx
;
; Pass control to the OS loader
;
db OVERRIDE
retf
override=66h
66h=pushf?
0x517A5D
04-06-2006, 03:28 AM
Originally posted by yangzhengbao@Mar 30 2006, 11:06 PM
;
; Push 48bit address of loader entry-point
;
* * * * db OVERRIDE
* * * * push* * KeCodeSelector
* * * * push* * ebx
;
; Pass control to the OS loader
;
* * * * db OVERRIDE
* * * * retf
override=66h
66h=pushf?
1330
No, 66 is a way to execute a 32-bit-mode instruction in a 16-bit-mode code segment.
(And the other way. In a 32-bit segment, it executes a 16-bit instruction.)
The DB OVERRIDE;PUSH puts a dword on the stack. I would code it as PUSH LARGE KeCodeSelector.
The PUSH EBX could be coded as DB OVERRIDE;PUSH BX. It assembles to the same thing.
The DB OVERRIDE;RETF pops two dwords from the stack, and transfers control to the selector and offset in those dwords.
So it's just coding three 32-bit instructions in a 16-bit code segment.
66 68 58 00 00 00 66 53 66 CB
I _think_ 0058 is the value of KeCodeSelector in question. Not totally sure though.
517A5D out.
yangzhengbao
04-07-2006, 01:04 AM
KeCodeSelector=8h
vBulletin® v3.6.4, Copyright ©2000-2010, Jelsoft Enterprises Ltd.