Back to home page

DOS ain't dead

Forum index page

Log in | Register

Search:  
Back to the forum
Board view  Mix view

Silly hacks -- COMFIX (identify 80186 UPX'd .COMs) (Developers)

posted by Rugxulo Homepage, Usono, 30.04.2013, 14:06

Where to talk about things that are interesting but kinda trivial? Well, I guess I'll start here. Apologies in advance if this is too dumb, badly solved, etc.

Recently I noticed that a certain developer (much more savvy than I am) accidentally UPX'd his .COM without the --8086 flag. I've not really totally solved this problem (i.e. tool to actually fix/rewrite that part of the stub to be 8086 friendly), but at least it's fairly easy to identify now.

So here's the horribly kludgy code that I wrote to identify such problematic .COMs. "for %a in (c:\fdos\*.com) do comfix %a" will show you what needs fixing (I hope!).


program comfix;
uses crt;
const special=9; show: boolean = false;
var comfile: file of byte;
  i: 1..special;
  mydata: array [1..special] of byte;
procedure usage;
  begin
    writeln('Error: no .COM specified to analyze!');
    writeln;
    writeln('TODO: Actually rewrite the dumb part of the decomp stub.');
    writeln;
    writeln('Another way to diagnose:');
    writeln('  ndisasm.exe -b16 -o100h blah.com | grep "rol word \[.*,0x8$"');
    halt(255)
  end;

begin {upxfix}
  if paramcount=0 then usage;

  assign(comfile,paramstr(1)); if paramcount >= 2 then show := true;
  reset(comfile); seek(comfile,filesize(comfile)-special);
  for i := 1 to special do read(comfile,mydata[i]); close(comfile);

  if show then begin
    for i := 1 to special do write(mydata[i],' '); writeln
  end;

  textcolor(red);
  {reference:  upx-3.08-src/src/stub/src/arch/i086\macros.S}
  if ((mydata[1]=$C1) and (mydata[2]=4) and (mydata[3]=8)) or
     ((mydata[2]=$C1) and (mydata[3]=5) and (mydata[4]=8)) then
       writeln('Intel 80186 UPX''d .COM found! Sorry, 8086 users. :-(')
  else begin
    textcolor(green); writeln('No problems found, no worries! :-)');
  end;
  normvideo
end.

Post reply
 

Complete thread:

Back to the forum
Board view  Mix view
22049 Postings in 2034 Threads, 396 registered users, 234 users online (0 registered, 234 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum