Results 1 to 4 of 4

Thread: Understanding Assembly Code Share/Save - My123World.Com!

  1. #1

    Understanding Assembly Code

    Hi,

    My knowledge regarding assembly code is very limited and I wanted to ask if someone could help me figure out what the following is doing? There is a routine that calls the disk ( loaded directly by BIOS) and I would like to know where this is and how it is called / executed:

    ; ---------------------------------------------------------------------------
    ; Format : Binary file
    ; Base Address: 0000h Range: 0000h - 0098h Loaded length: 0098h

    .686p
    .mmx
    .model flat

    ; ================================================== =========================

    ; Segment type: Pure code
    seg000 segment byte public 'CODE' use16
    assume cs:seg000
    assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
    cli
    xor ax, ax
    mov ss, ax
    mov sp, 7C00h
    mov si, sp
    push ax
    pop es
    push ax
    pop ds
    sti
    cld
    mov di, 600h
    mov cx, 100h
    rep movsw
    jmp far ptr 0:61Dh
    ; ---------------------------------------------------------------------------
    mov dh, 0
    mov cx, 2
    mov di, 5

    loc_25: ; CODE XREF: seg000:0036j
    mov bx, 700h
    mov ax, 201h
    push di
    int 13h ; DISK - READ SECTORS INTO MEMORY
    ; AL = number of sectors to read, CH = track, CL = sector
    ; DH = head, DL = drive, ES:BX -> buffer to fill
    ; Return: CF set on error, AH = status, AL = number of sectors read
    pop di
    jnb short loc_3D
    xor ax, ax
    int 13h ; DISK - RESET DISK SYSTEM
    ; DL = drive (if bit 7 is set both hard disks and floppy disks reset)
    dec di
    jnz short loc_25
    mov si, 68Ah
    jmp short loc_78
    ; ---------------------------------------------------------------------------

    loc_3D: ; CODE XREF: seg000:002Fj
    mov cx, 3

    loc_40: ; DATA XREF: seg000:0083r
    mov di, 5

    loc_43: ; CODE XREF: seg000:0059j
    mov bx, 2000h
    push bx
    pop es
    assume es:nothing
    mov bx, 0
    mov ax, 220h ; DATA XREF: seg000:002Cr seg000:0033r ...
    push di
    int 13h ; DISK - READ SECTORS INTO MEMORY
    ; AL = number of sectors to read, CH = track, CL = sector
    ; DH = head, DL = drive, ES:BX -> buffer to fill
    ; Return: CF set on error, AH = status, AL = number of sectors read
    pop di
    jnb short loc_60
    xor ax, ax
    int 13h ; DISK - RESET DISK SYSTEM
    ; DL = drive (if bit 7 is set both hard disks and floppy disks reset)
    dec di
    jnz short loc_43
    mov si, 68Ah
    jmp short loc_78
    ; ---------------------------------------------------------------------------

    loc_60: ; CODE XREF: seg000:0052j
    mov cx, 3FFFh
    mov si, 800h
    xor di, di

    loc_68: ; CODE XREF: seg000:0071j
    lodsw
    and si, 0FFBFh
    xor ax, es:[di]
    stosw
    dec cx
    jnz short loc_68
    jmp far ptr 2000h:0
    ; ---------------------------------------------------------------------------

    loc_78: ; CODE XREF: seg000:003Bj seg000:005Ej ...
    lodsb
    cmp al, 0
    jz short loc_88
    push si
    mov bx, 7
    mov ah, 0Eh
    int 10h ; - VIDEO - WRITE CHARACTER AND ADVANCE CURSOR (TTY WRITE)
    ; AL = character, BH = display page (alpha modes)
    ; BL = foreground color (graphics modes)
    pop si
    jmp short loc_78
    ; ---------------------------------------------------------------------------

    loc_88: ; CODE XREF: seg000:007Bj
    ; seg000:loc_88j
    jmp short loc_88
    ; ---------------------------------------------------------------------------
    db 44h ; D
    db 69h ; i
    db 73h ; s
    db 6Bh ; k
    db 20h
    db 49h ; I
    db 2Fh ; /
    db 4Fh ; O
    db 20h
    db 45h ; E
    db 72h ; r
    db 72h ; r
    db 6Fh ; o
    db 72h ; r
    seg000 ends


    end
    it is loaded by the BIOS at boot. There is a part at which 32 sectors of data are read and loaded from the disk but I am unsure of what it is doing with this. I would like to know how loc_43 is being called and what it is doing to it

    What we can see is that the bootloader is reading first the sector 1 of the disk and then loads it in memory. but after if we look at the way the code is chained, it just writes some data to the screen and that's all.

    There is an other piece of code at loc_43 which is doing interesting things such as reading 32 sectors of the disk ( sector 1 to 33 ) in memory, making operations on them ( basically removing some junk data ) and then apparently loading it.

    What we cannot understand at the moment is how the code at loc_43 gets executed.

    If someone have any clue about how the code in loc_43 gets executed? I initially thought that since the bootloader was loaded at 0x7C00 , loc_43 was called using a pointer to the address in the memory but it seems that not.

    So now the code at loc_43 is orphan.

    If more information is needed Ill try my best to provide as much detail as possible.

    Thanks!
    Last edited by Unity; 05-16-2013 at 01:47 AM.

  2. #2
    It seems the it is using xor to d-xor 32 sectors...But Im not sure where it is getting this key from?

  3. #3
    @Unity:
    In my understanding linear flow of execution from loc_40 will lead to execution of loc_43. As there is no branching after loc_40, the next execution is loc_43 (mov bx, 2000h), it will continue till (jnb short loc_60). At this point it will check for the condition JUMP NOT BELOW and check the content of CF. Based on the outcome it will continuetill next Jump (jnz short loc_43).

    I would not think that the loc_43 part is orphan just yet :-)

  4. #4
    Thank you xenvito.
    One more question

    Could anyone provide some insight into the following:

    loc_60: ; CODE XREF: seg000:0052j
    mov cx, 3FFFh
    mov si, 800h
    xor di, di

    loc_68: ; CODE XREF: seg000:0071j
    lodsw
    and si, 0FFBFh
    xor ax, es:[di]
    stosw
    dec cx
    jnz short loc_68
    jmp far ptr 2000h:0
    Does the XOR key come from sectors 33 (start at 0x3FFF +1) ?

    where has

    DS:(E)SI
    been filled since it holds the XOR key?

    DS:(E)SI -> Ax n
    ( because of lodsw ) then

    xor ax, es:[di]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •