DOS ain't dead

HX bugs | PETITE & 7-ZIP PF in Ring0 (DOSX)

posted by Japheth , Germany (South), 03.07.2011, 20:01

> #66. One more in HDPMI32 (the version from 2009-Dec / 2010-Jan):
>
> BUG
>
> Occurs randomly and rarely, NOT specific to content of the file

It occurs in HDPMI32, but is almost certainly a bug in DKRNL32.

;----------------------------------------------------------------
Compressing D1128.TAR 75%Exception 0E in ring 0
next client CS:EIP=00B7:0023C724,SS:ESP=00BF:008A1E98
EAX=008A0000 EBX=00000005 ECX=00002000 EDX=00398000 ESI=00398000
EDI=00012150 EBP=0000FE00 ESP=0000078C EFL=00013006 EIP=00004C8D
CS=0020 (FF801000,000067B3,409B) SS=0028 (00009090,FFFFEFFF,CF93)
DS=00BF (00000000,FFFFFFFF,CFF3) ES=004B (00000000,FFFFFFFF,CFF3)
FS=00EF (007A0000,00000FFF,00F3) GS=0000 (********,********,****)
LDTR=0038 (FF80A000,00000FFF,0082) TR=0030 (00009898,00000067,008B)
ERRC=0000 (********,********,****) PTE 1. Page LDT=0013D467
GDTR=07FF:FF808800 IDTR=07FF:FF809000 PTE CR2=00000006
CR0=80000033 CR2=00398000 CR3=00130000 CR4=00000200 TSS:ESP0=00000804
DR0-3=00000000 00000000 00000000 00000000 DR6=FFFF0FF0 DR7=00000400
LPMS Sel/Cnt=0087/0000 RMS=11F4:0200 open RMCBs=0000/0000 ISR=0000
[EIP]=F3 A5 8A C8 80 E1 03 F3 A4 1F 07 61
[ESP]=00BF 0000 00BF 0000 0000 0000 1215 0000
0000079C=FE00 0000 07B4 0000 0005 0000 8000 0039
000007AC=8000 0000 40F0 008A 3F64 0000 1215 0000
000007BC=8000 0039 00BF 0000 8000 0039 8000 0000
000007CC=8000 0001 8000 0000 40F0 008A 07EC 0000
000007DC=0005 0000 8000 0039 8000 0000 40F0 008A
terminate (c)lient or (s)erver now?
;----------------------------------------------------------------

It's a crash in HDPMI function "copy_far32_2_flat". The value of ECX=2000h (and EDI pointing to conventional memory) tells that it is within a int 21h, ah=40h translation.

The protected-mode int 21h in question can be found in DKRNL32, THREAD.ASM.

There is a - small - chance that setting ?SMOOTH=0 in THREAD.ASM and recreating dkrnl32.dll may fix this issue. Side effect: multi-threading will be less "smooth".

---
MS-DOS forever!

Complete thread:

• HX bugs - DOS386, 19.12.2009, 14:26
  • OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - DOS386, 20.12.2009, 07:45
    • OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - Japheth, 20.12.2009, 16:45
      • HX 2.17 improvements | even one more bug - DOS386, 21.12.2009, 08:50
  • GPF in "GetProcessHeapEx" | trun in "GetExitCodeProcess" - DOS386, 24.12.2009, 09:59
    • GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 25.12.2009, 16:16
      • GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - Japheth, 28.12.2009, 16:37
        • GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 29.12.2009, 09:39
          • 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 17.03.2010, 06:02
            • 6 more bugs | PETITE | DGDI32.DLL | docs sugx - Japheth, 18.03.2010, 08:59
              • 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 06.06.2010, 16:04
                • discovered 3 more buggs - DOS386, 14.07.2010, 14:38
                  • discovered 3 more buggs - Japheth, 17.07.2010, 15:58
                    • discovered 3 more buggs - DOS386, 23.07.2010, 07:33
  • Generic horse power 15.CHINA for HX :-) - DOS386, 23.05.2010, 07:07
  • HX bugs - DOS386, 17.11.2010, 04:43
    • HX bugs - DOS386, 17.11.2010, 05:26
      • HX bugs | GNASH - DOS386, 27.12.2010, 09:25
        • HX bugs | GNASH - DOS386, 28.12.2010, 07:52
  • HX bugs - innounp - DOS386, 18.02.2011, 05:03
    • HX issues | MUH-pdf | Is Processor Feature Present - DOS386, 19.02.2011, 11:58
      • HX issues | MUH-pdf | Is Processor Feature Present - Japheth, 19.02.2011, 12:48
  • HX bugs | PETITE & 7-ZIP PF in Ring0 - DOS386, 03.07.2011, 11:18
    • HX bugs | PETITE & 7-ZIP PF in Ring0 - Japheth, 03.07.2011, 20:01
      • HX bugs | missing imports | Dillo | MUPDF | TryEnter - DOS386, 20.11.2011, 04:33
        • HX bugs 2 more | ME bugs 1'000'000'000 more - DOS386, 24.11.2011, 06:11
          • HX updated - DOS386, 20.11.2012, 11:34
            • HX updated - Rugxulo, 22.11.2012, 05:56
              • HX updated - Japheth, 22.11.2012, 07:03
                • HX updated - Rugxulo, 22.11.2012, 09:32
                  • HX updated - Rugxulo, 22.11.2012, 10:16
                    • HX updated - Japheth, 23.11.2012, 09:13
                      • HX updated - Rugxulo, 25.11.2012, 07:09
                      • HX updated - george_breese, 07.01.2013, 18:43
                        • HX updated - Japheth, 08.01.2013, 08:44
                          • HX updated (5 years ago) ... but FFMPEG 1.1.1 works almost - DOS386, 08.02.2013, 10:50
                            • HX and INNOUNP (yeah: BUG isolated !!!) - DOS386, 08.02.2013, 14:41
                              • HX and INNOUNP (yeah: BUG isolated !!!) - Japheth, 09.02.2013, 08:48
                              • HX bugs (3 more) - DOS386, 10.04.2013, 12:08
                                • HX and MSVCRT.DLL - DOS386, 08.03.2014, 18:52
                                  • HX and MSVCRT.DLL - Rugxulo, 23.03.2014, 06:47
                              • WINE and INNOUNP (and Delphi) - Rugxulo, 11.06.2015, 02:15
              • HX full of virii - DOS386, 22.11.2012, 16:09
                • HX full of virii - Rugxulo, 23.11.2012, 00:24
                  • HX full of virii - DOS386, 16.12.2012, 13:00
                    • HX (not) full of virii - Rugxulo, 16.12.2012, 22:07
                      • HX (not) full of virii - Japheth, 16.12.2012, 22:24
                        • HX (not) full of virii - Rugxulo, 17.12.2012, 21:59
                      • HX (not) full of virii - DOS386, 17.12.2012, 05:32
                        • HX (not) full of virii - Japheth, 17.12.2012, 08:47
                        • HX (not) full of virii - Rugxulo, 17.12.2012, 22:14
                          • HX (not) full of virii - Rugxulo, 18.12.2012, 20:55