experchange > asm

T. Ment (11-27-19, 09:41 PM)
I disassembled Flashtek's zlx.lod (stub loader) and rebuilt the source,
trying to match the original binary. Using sourcer 8.01 and TASM 4.0, it
worked. except for two override bytes, 66 and 26.

TASM does this:

> 66| 26: 83 3E 019C + cmp dword ptr es:[d_0000_019C_e], 0
> 00


but the original binary has them reversed. The CPU seems OK with either
order, but I can't figure out which assembler they used. AFAICT it's not
TASM or MASM.

Any ideas?
wolfgang kern (11-27-19, 10:02 PM)
On 27.11.2019 20:41, T. Ment wrote:
> I disassembled Flashtek's zlx.lod (stub loader) and rebuilt the source,
> trying to match the original binary. Using sourcer 8.01 and TASM 4.0, it
> worked. except for two override bytes, 66 and 26.
> TASM does this:
> but the original binary has them reversed. The CPU seems OK with either
> order, but I can't figure out which assembler they used. AFAICT it's not
> TASM or MASM.
> Any ideas?


some early 386 clones had strict order on override bytes, while recent
CPUs may work with any prefix order except FMA/FMA4 code page selection.

My personal preferred prefix bytes hierarchy is:

LOCK
REP /z/nz/..
SEGover
66
67

so I had 26 66 83 3e 9c 01 00 cmp word [es:019c],sxb 0

__
wolfgang
T. Ment (11-28-19, 11:34 PM)
On Wed, 27 Nov 2019 19:41:08 +0000, T. Ment wrote:

> I disassembled Flashtek's zlx.lod (stub loader) and rebuilt the source,
> trying to match the original binary. Using sourcer 8.01 and TASM 4.0, it
> worked. except for two override bytes, 66 and 26.


> TASM does this:


>> 66| 26: 83 3E 019C + cmp dword ptr es:[d_0000_019C_e], 0
>> 00


> but the original binary has them reversed. The CPU seems OK with either
> order, but I can't figure out which assembler they used. AFAICT it's not
> TASM or MASM.


I later found MASM 5.10B in the Windows 3.1 DDK. It puts the override
bytes in the same order as zlx.lod, so now the two binaries match byte
for byte.

Now to understand the disassembled source. IDA freeware 5.0 helps with
its visual graph of the code, but I don't see any option to byte match
disassembly like sourcer 8.01 can. That's OK I can use both tools.