_UNDOCUMENTED CORNER_ edited by Andrew Schulman Listing One Comparing files OS2.B01 and WIN.B01 00000030: 87 2F DGROUP 00000032: 17 C7 00000033: 01 00 ... 000013FC: EA B8 1.13FC B8 0004 mov ax,4 000013FD: 5D 04 1.13FF CD 31 int 31h 000013FE: 15 00 000013FF: C7 CD 00001400: 00 31 ... 00002017: EA 2E 1.2017 2E: 83 3E 0032 00 cmp cs:data_0368,0 ; (1.0032=0) 00002018: B3 83 00002019: 16 3E 0000201A: C7 32 0000201C: 90 00 ... Listing Three ;;; OS/2 for Windows patching script format, and patch block types ;;; Art Rothstein, 19-March-1994 Script table 0- 1 Offset in this segment of next script table, 0 if none 2- 3 Which segment of this module patches refer to: 4- 5 Segment limit to check, 0 if none 6- 7 Offset of patch data 8- 9 Offset of validation table, FFFF if none 0A-0B Selector of patchee for block types 06 and 07 0C-0D Selector of patchee for block type 04 12-13 Offset to place in jump instruction patches 14-15 Selector of patcher for block types 04 and 06 16-17 Selector of patcher for block type 07 18-19 Unknown 1A-1B 'SH' signature Patch data is a set of contiguous blocks. Each block has a 2-byte header. 0- 0 Block type 01 Change internal state 02 Set patchee offset for subsequent block types 04, 06 and 07. 03 Determine patchee offset to use in a subsequent block type 04. 04 Make patcher return to patchee. 05 Determine patchee offset to use in subsequent block types 06 and 07. 06 Save patchee instructions in patcher, replace with NOPs. 07 Make patchee jump to patcher (EA offset segment). 08 May not be interesting. FF End of patch data 1- 1 Number of bytes remaining in the block after this byte The remaining bytes in a patch block depend on the patch type: Type 01 Change internal state 2- 3 New internal state Type 02 Set patchee offset for subsequent block types 04, 06 and 07. 0A-0B 0001 0C-0D Patchee offset. Type 03 Determine patchee offset to use in a subsequent block type 04. 08-09 Value to use unconditionally, unless FFFF. 0A-0B Value to pass for massaging if FFFF in 08-09. Type 04 Create instructions in patcher to return to patchee. 2- 3 Instruction type 0001 Far jump (EA offset segment) 0002 IRET (CF) 0003 Far jump (PUSH segment, PUSH offset, RETF) 4- 5 Offset in patcher The segment of the patchee comes from [BX+0C]. The segment of the patcher comes from [BX+14]. The offset in the patchee is the sum of offsets derived from the preceding block types 02 and 03. For the kernel, at least, block type 02 always contributes a zero. Type 05 Determine patchee offset to use in subsequent block types 06 and 07. 08-09 Value to use unconditionally, unless FFFF. 0A-0B Value to pass for massaging if FFFF in 08-09. Type 06 Save patchee instructions in patcher, replace with NOPs. 2- 3 Offset in patcher 4- 5 Number of bytes to patch The segment of the patchee comes from [BX+0A]. The segment of the patcher comes from [BX+14]. The offset in the patchee is the sum of offsets derived from the preceding block types 02 and 05. For the kernel, at least, block type 02 always contributes a zero. Type 07 Make patchee jump to patcher (EA offset segment). 1- 2 0001 2- 4 Offset in patcher The segment of the patchee comes from [BX+0A]. The segment of the patcher comes from [BX+16]. The offset in the patchee is the sum of offsets derived from the preceding block types 02 and 05. For the kernel, at least, block type 02 always contributes a zero. Listing Four 01 02 01 00 03 0A FF 00 FF 00 FF 00 FF FF 7D 00 04 04 01 00 35 13 05 0A FF 00 FF 00 FF 00 FF FF 75 00 06 04 FB 12 08 00 07 04 01 00 FB 12 FF 00 Listing Five 1:1E18 Old code New code ; BX is an LDT offset mov [bx+5],cx mov ax,0009h or bx,7 ; make into selector int 31h Listing Six 1:1E3C Old code New code mov ax,[si] mov ax,[si] inc ax inc ax jz try_DPMI cmp ax,ax jz try_DPMI Listing Seven 1:1FB4 Old code New code and bl,F8h add sp,2 pop [bx+5] cld mov ax,[bp+4] movsd mov [bx],ax movsd mov [bx+7],cl sub si,8 sub di,8 mov es:[di+5],ax mov ax,[bp+4] mov es:[di],ax mov es:[di+7],cl or bx,7 mov ax,000Ch int 31