Board view
Mix viewdiscovered 3 more buggs (DOSX)
call ?001 ; $0040'1000 E8, 00000009
?001: pop edi ; $0040'100E 5F
push 36 ; $0040'100F 6A, 24
push edi ; $0040'1011 57
call ?002 ; $0040'1012 E8, 0000000B
?002: push 0 ; $0040'1022 6A, 00
call near [?011] ; $0040'1024 FF. 15, 00401106(d)
shr eax, 1 ; $0040'102A D1. E8
jc ?003 ; $0040'102C 72, 01
int 3 ; breakpoint or filler ; $0040'102E CC ; INT3
?003: push 36 ; $0040'102F 6A, 24
push edi ; $0040'1031 57
call ?004 ; $0040'1032 E8, 0000000A
?004: pop eax ; $0040'1041 58
push eax ; $0040'1042 50
adc byte [eax], 0 ; $0040'1043 80. 10, 00
push 0 ; $0040'1046 6A, 00
call near [?011] ; $0040'1048 FF. 15, 00401106(d)
shr eax, 1 ; $0040'104E D1. E8
jc ?005 ; $0040'1050 72, 02
ud2 ; $0040'1052 0F 0B ; UD2
?005: push 36 ; $0040'1054 6A, 24
push edi ; $0040'1056 57
call ?006 ; $0040'1057 E8, 00000009
?006: pop eax ; $0040'1065 58
push eax ; $0040'1066 50
adc byte [eax], 0 ; $0040'1067 80. 10, 00
push 0 ; $0040'106A 6A, 00
call near [?011] ; $0040'106C FF. 15, 00401106(d)
shr eax, 1 ; $0040'1072 D1. E8
jc ?007 ; $0040'1074 72, 01
; Note: Undocumented opcode
icebp ; $0040'1076 F1 ; INT1
?007: push 36 ; $0040'1077 6A, 24
push edi ; $0040'1079 57
call ?008 ; $0040'107A E8, 00000008
?008: pop eax ; $0040'1087 58
push eax ; $0040'1088 50
adc byte [eax], 0 ; $0040'1089 80. 10, 00
push 0 ; $0040'108C 6A, 00
call near [?011] ; $0040'108E FF. 15, 00401106(d)
push 0 ; $0040'1094 6A, 00
call near [?010] ; $0040'1096 FF. 15, 004010E5(d)
Discovered 3 new bugs:
97. "[eip]" is wrong for INT3 crash. ME has the very same BUG - maybe cloned it from there ??? 
98. INT1 instruction (OBJCONV disassembles it as ICEBP - InterCityExpressBritishPetrol) doesn't work. Either it is completely ignored or it crashes far away from it's location with a wrong exception number far away from the expected 1 (ONE) - maybe related to the "SBEMU" hack in DKRNL32 ???
99. "MessageBoxA" fails to display the buttons if text size is <= 8 char's.
Testcase for those 3 BUG's : http://www.file-pasta.com/file/0/HXBUGS.ZIP
### DKRNL32 ###
INT3 (crashes, but [eip] is wrong ...) :
dkrnl32: exception 80000003, flags=0 occured at B7:40102F
ax=3 bx=401000 cx=146BE8 dx=0
si=400000 di=401005 bp=58B8 sp=126FF4
ip = Module 'hxbugs.exe'+102F
[eip] = 6A 24 57 E8 0A 00 00 00 4D 42 43 44
[esp] = 00112B0D 00000000 00000000 00905A4D 00000003 00000004
dkrnl32: fatal exit!
UD2 (good) :
dkrnl32: exception C000001D, flags=0 occured at B7:401052
ax=3 bx=401000 cx=146BE8 dx=0
si=400000 di=401005 bp=58B8 sp=126FF4
ip = Module 'hxbugs.exe'+1052
[eip] = 0F 0B 6A 24 57 E8 09 00 00 00 4D 42
[esp] = 00112B0D 00000000 00000000 00905A4D 00000003 00000004
dkrnl32: fatal exit!
INT1 (ignored, or "bad" crash - both wrong exception
number and wrong [eip] also)
### HDPMI32 ### (SET DKRNL32=32)
INT3 (ignored)
UD2 (OK)
INT1 (ignored - always ???)
### ME ###
INT3 (crashes, but [eip] is wrong ... cloned the BUG from here ???)
UD2 (OK)
INT1 (crashes, but [eip] is wrong ... also here ???)
---
This is a LOGITECH mouse driver, but some software expect here
the following string:*** This is Copyright 1983 Microsoft ***
Complete thread:
- HX bugs - DOS386, 19.12.2009, 14:26
![[Board]](img/board_d.gif "Open in board view")
![[Mix]](img/mix_d.gif "Open in mix view")
- OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - DOS386, 20.12.2009, 07:45
- OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - Japheth, 20.12.2009, 16:45
- HX 2.17 improvements | even one more bug - DOS386, 21.12.2009, 08:50
- OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - Japheth, 20.12.2009, 16:45
- GPF in "GetProcessHeapEx" | trun in "GetExitCodeProcess" - DOS386, 24.12.2009, 09:59
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 25.12.2009, 16:16
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - Japheth, 28.12.2009, 16:37
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 29.12.2009, 09:39
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 17.03.2010, 06:02
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - Japheth, 18.03.2010, 08:59
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 06.06.2010, 16:04
- discovered 3 more buggs - DOS386, 14.07.2010, 14:38
- discovered 3 more buggs - Japheth, 17.07.2010, 15:58
- discovered 3 more buggs - DOS386, 23.07.2010, 07:33
- discovered 3 more buggs - Japheth, 17.07.2010, 15:58
- discovered 3 more buggs - DOS386, 14.07.2010, 14:38
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 06.06.2010, 16:04
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - Japheth, 18.03.2010, 08:59
- 6 more bugs | PETITE | DGDI32.DLL | docs sugx - DOS386, 17.03.2010, 06:02
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 29.12.2009, 09:39
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - Japheth, 28.12.2009, 16:37
- GPF's | buggy thing | "CreateProcessA" | ZERO'izing FS - DOS386, 25.12.2009, 16:16
- Generic horse power 15.CHINA for HX :-) - DOS386, 23.05.2010, 07:07
- HX bugs - DOS386, 17.11.2010, 04:43
- HX bugs - DOS386, 17.11.2010, 05:26
- HX bugs | GNASH - DOS386, 27.12.2010, 09:25
- HX bugs | GNASH - DOS386, 28.12.2010, 07:52
- HX bugs | GNASH - DOS386, 27.12.2010, 09:25
- HX bugs - DOS386, 17.11.2010, 05:26
- HX bugs - innounp - DOS386, 18.02.2011, 05:03
- HX issues | MUH-pdf | Is Processor Feature Present - DOS386, 19.02.2011, 11:58
- HX issues | MUH-pdf | Is Processor Feature Present - Japheth, 19.02.2011, 12:48
- HX issues | MUH-pdf | Is Processor Feature Present - DOS386, 19.02.2011, 11:58
- HX bugs | PETITE & 7-ZIP PF in Ring0 - DOS386, 03.07.2011, 11:18
- HX bugs | PETITE & 7-ZIP PF in Ring0 - Japheth, 03.07.2011, 20:01
- HX bugs | missing imports | Dillo | MUPDF | TryEnter - DOS386, 20.11.2011, 04:33
- HX bugs 2 more | ME bugs 1'000'000'000 more - DOS386, 24.11.2011, 06:11
- HX updated - DOS386, 20.11.2012, 11:34
- HX updated - Rugxulo, 22.11.2012, 05:56
- HX updated - Japheth, 22.11.2012, 07:03
- HX updated - Rugxulo, 22.11.2012, 09:32
- HX updated - Rugxulo, 22.11.2012, 10:16
- HX updated - Japheth, 23.11.2012, 09:13
- HX updated - Rugxulo, 25.11.2012, 07:09
- HX updated - george_breese, 07.01.2013, 18:43
- HX updated - Japheth, 08.01.2013, 08:44
- HX updated (5 years ago) ... but FFMPEG 1.1.1 works almost - DOS386, 08.02.2013, 10:50
- HX and INNOUNP (yeah: BUG isolated !!!) - DOS386, 08.02.2013, 14:41
- HX and INNOUNP (yeah: BUG isolated !!!) - Japheth, 09.02.2013, 08:48
- HX bugs (3 more) - DOS386, 10.04.2013, 12:08
- HX and MSVCRT.DLL - DOS386, 08.03.2014, 18:52
- HX and MSVCRT.DLL - Rugxulo, 23.03.2014, 06:47
- HX and MSVCRT.DLL - DOS386, 08.03.2014, 18:52
- WINE and INNOUNP (and Delphi) - Rugxulo, 11.06.2015, 02:15
- HX and INNOUNP (yeah: BUG isolated !!!) - DOS386, 08.02.2013, 14:41
- HX updated (5 years ago) ... but FFMPEG 1.1.1 works almost - DOS386, 08.02.2013, 10:50
- HX updated - Japheth, 08.01.2013, 08:44
- HX updated - Japheth, 23.11.2012, 09:13
- HX updated - Rugxulo, 22.11.2012, 10:16
- HX updated - Rugxulo, 22.11.2012, 09:32
- HX full of virii - DOS386, 22.11.2012, 16:09
- HX full of virii - Rugxulo, 23.11.2012, 00:24
- HX full of virii - DOS386, 16.12.2012, 13:00
- HX (not) full of virii - Rugxulo, 16.12.2012, 22:07
- HX (not) full of virii - Japheth, 16.12.2012, 22:24
- HX (not) full of virii - Rugxulo, 17.12.2012, 21:59
- HX (not) full of virii - DOS386, 17.12.2012, 05:32
- HX (not) full of virii - Japheth, 17.12.2012, 08:47
- HX (not) full of virii - Rugxulo, 17.12.2012, 22:14
- HX (not) full of virii - Rugxulo, 18.12.2012, 20:55
- HX (not) full of virii - Japheth, 16.12.2012, 22:24
- HX (not) full of virii - Rugxulo, 16.12.2012, 22:07
- HX full of virii - DOS386, 16.12.2012, 13:00
- HX full of virii - Rugxulo, 23.11.2012, 00:24
- HX updated - Japheth, 22.11.2012, 07:03
- HX updated - Rugxulo, 22.11.2012, 05:56
- HX updated - DOS386, 20.11.2012, 11:34
- HX bugs 2 more | ME bugs 1'000'000'000 more - DOS386, 24.11.2011, 06:11
- HX bugs | missing imports | Dillo | MUPDF | TryEnter - DOS386, 20.11.2011, 04:33
- HX bugs | PETITE & 7-ZIP PF in Ring0 - Japheth, 03.07.2011, 20:01
- OLEeeee, OLEeeeeeeee - 1 more bug - "StringFromGUID2" - DOS386, 20.12.2009, 07:45
