Subj : IOPL code with Watcom C
To   : Jonathan de Boyne Pollard
From : Vitus Jensen
Date : Thu Nov 30 2000 06:08 pm

Moin Jonathan!

29.11.2000, Jonathan de Boyne Pollard wrote a message to Vitus Jensen:

VJ>>                 mov     eax,INB                ; 0x000E0000

JdBP> If that really *isn't* a call gate (double-check it) then I suspect
JdBP> a linker problem.  Dump the executable and look at the fixups for
JdBP> the page containing that particular piece of code.

There is only one answer: how?  Don't expect that I know all the details about
LX excutables.


Let's see what i have:

Watcom debugger, expect memory: entering 0x000E:0000 tells me I'm at INB+0
and the hex dump shows all the correct opcodes.

exehdr mmpdemo.exe: INB resides in page 1, offset 0:

no. virtual  virtual  map      map      flags
    address   size    index    size
0001 00010000 00000059 00000001 00000001 EXECUTABLE, READABLE, NONSHARED,
                                        PRELOAD, NONCONFORMING, NONRESOURCE,
                                        NONDISCARDABLE, VALID-PAGES,
SWAPPABLE,

                                        16:16 ALIAS, 16-bit, IOPL
                                          map    physical page flags
                                         entry    page @  size
                                        00000001 00000600 0059 VALID
0002 00020000 0000006e 00000002 00000001 EXECUTABLE, READABLE, PRELOAD,
                                        16:16 ALIAS
0003 00030000 00012430 00000003 00000001 READABLE, WRITEABLE, PRELOAD, 32-bit
0004 00050000 00001dfc 00000004 00000002 EXECUTABLE, READABLE, NONSHARED,
                                        PRELOAD, NONCONFORMING, NONRESOURCE,
                                        NONDISCARDABLE, VALID-PAGES,
SWAPPABLE,

                                        NO 16:16 ALIAS, 32-bit, NOIOPL
                                          map    physical page flags
                                         entry    page @  size
                                        00000001 000008a2 1000 VALID
                                        00000002 000018a2 0dfb VALID


Exports:
ord obj  offset    name
 1   1  00000000  INB exported, 1 parm wds
...



Now I need to check where the calls to INB are located?  Inside page 4.
exehdr mmpdemo.exe /v:

page 4            type         offset     target
obj  4:0000       16:16 PTR    0033       object    1 offset 0000 alias
                 16:16 PTR    005a       object    1 offset 0028 alias
                 16:16 PTR    0075       object    1 offset 0000 alias
                 16:16 PTR    0099       object    1 offset 0028 alias

Physical page starts at file offset 0x08a2, relative offset 0x33 is filled with
0.  The bytes match the expected opcodes.

000008a0: 0e05 cceb fd90 9090 9000 0000 0000 0000  ................
000008b0: 0000 546a 0468 2400 0000 e88f 0300 0056  ..Tj.h$........V
000008c0: 83ec 18c7 4424 10be 0300 00b9 0200 0000  ....D$..........
000008d0: 8d74 2410 b800 0000 00e8 c003 0000 24d0  .t$...........$.


Did I include the information you wanted me to check?  It looks quite usual to
me...

Bye,
  Vitus

---
* Origin: Never hit a man with glasses. Use your fist! (2:2474/424.1)