1

I am trying to reverse my own code, its 16-bit Real mode assembly. I wrote the following function:

inc di
mov cx , [di]
add cl , 0x46
jo exit 
sub cl , 0x46
cmp cl , '0'
jl exit
sub cl , '5'
jns exit
jnp exit

after I compiled it and run in Qemu, the code is changed into the following code:

code from gdb

as you can see the first 3 line are different:

inc edi
mov ecx, DWORD PTR ds:0x7046c180
BYTE PTR es:[edi],dx

how this is possible? how the cpu knows to perform the commands:

mov cx , [di]
add cl , 0x46
jo exit

as far as I know the command :

mov ecx, DWORD PTR ds:0x7046c180

move the data from the pointer 0x7046c180 to ecx, but it's equal to 00000000.

dump

Can someone explain to me why the compiler changed my instruction into this, and how it is working the same as my code without the jo instruction?

Michael Petch
  • 46,082
  • 8
  • 107
  • 198
NinjaYo.
  • 103
  • 6
  • _GDB_ is probably assuming you are using 32-bit code, not 16-bit code. It has improperly decoded the instructions. After your code loads into _QEMU_ and you are in your remote debugging session with _GDB_ issue the command `set architecture i8086` . Debugging 16-bit code can become extremely problematic because _GDB_ has no real notion of how segment registers are used (it just knows their value). As well you can't easily step over interrupts. There is a link to a set of _GDB_ routines in this [SO Answer](http://stackoverflow.com/a/32960272/3857942) that may help a bit. – Michael Petch Jun 06 '16 at 14:29
  • 3
    Possible duplicate of [How to disassemble 16-bit x86 boot sector code in GDB with "x/i $pc"? It gets treated as 32-bit](http://stackoverflow.com/questions/32955887/how-to-disassemble-16-bit-x86-boot-sector-code-in-gdb-with-x-i-pc-it-gets-tr) . It may look like a different question, but is effectively the same thing. Instructions appear to be decoded in _GDB_ improperly. The answer also suggests a remedy. – Michael Petch Jun 06 '16 at 14:36
  • GDB may have decoded them improperly because it didn't know they were 16-bit, but inside QEMU the instructions run as expected because QEMU knows it is running code in 16-bit real mode so executes the instructions properly. Effectively GDB is showing you gibberish, but QEMU is decoding and running the proper instructions. – Michael Petch Jun 06 '16 at 14:39

0 Answers0