At 12:49 PM 8/17/2006 -0500, I wrote: > > And? Why return address isn't damaged? Let me ask again: > > > >stack: > >| ret address | > >+-------------+ > >| pushf | <- tom thinks, this value damaged > >+-------------+ > >| INT15 call | > > > >stack after tom's patch: > > > >stack: > >| ret address | <- why this value not damaged? > >+-------------+ > >| INT15 call | > >The most obvious case would be if a single bit were being tripped and the >bit still matched existing return address or changed it to a benign one >(which could happen if the bit was low).
Ack! I'm stupid. You can quote me. The reason that the stack overwrite doesn't cause failure on the return address in the first patch, is that it isn't the return address living there. It's the original AX value stored on the stack with a PUSH AX you don't see. See the POP AX that follows? So the BIOS routine probably is trashing AX, but that's the register most likely to be noncritical across INT calls, so changing it would seldom cause problems. When the flags were there at [sp], then the garbage value could easily have fatal consequences. Okay, that explanation works much better for me, and makes a lot more sense. I was a bit worried about the return address getting munged myself, but the fact of AX modification is a good reason for why the BIOS bug didn't keep biting, and the first patched worked. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Freedos-devel mailing list Freedos-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-devel
