xxxx? 103h dw 0000h xms drv version 107h dw 0000h 173d? 10Bh dw 0000h 1750? 10Fh dw 0000h 175c? 113h dw 0000h 176d? 117h dw 0000h xms drv addr BX 119h dw 0000h xms drv addr ES 11Bh dw 0000h statuscount 11Dh db 00h ? 11Eh db 00h ? 11Fh db 00h FCRD.COM --:---- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 00:0100 E9 C7 19 oriES ExMEM XMSVR 00 00 00 00 00 00 00 00:0110 00 00 00 00 00 00 00 00-00 XMSBX XMSES sc xe 00 00:0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 sc: statXMSinstalled xe: XMSallocatedRAM_ERRCODE REGs: 2 BYTE 16 Bit ----++++----++++ 1111011011001010 15-----87------0 AX=F6CAh AH=F6h AL=CAh AX=1234h AH=12h AL=34h BYTE 8-Bit 12h WORD 16Bit 1234h double WORD 32bit 12345678h CALL FAR :get addr seg:offset 11223344h , in mem 44h 33h 22h 11h. little-endian 12345678h 04:12h 03:34h 02:56h 01:78h INTEntry:18AFh 偏移 字节数 说明 00 02 中断20H 02 02 以节计算的内存大小(利用这个可看出是否感染引导型病毒) 04 01 保留 05 05 至DOS的长调用 0A 02 INT22H入口IP 0C 02 INT22H入口CS 0E 02 INT23H入口IP 10 02 INT23H入口CS 12 02 INT24H入口IP 14 02 INT24H入口CS 16 02 父进程的PSP段值(可测知是否被跟踪) 18 14 存放20个SOFT号 2C 02 环境块段地址(从中可获知执行的程序名) 2E 04 存放用户栈地址指针 32 1E 保留 50 03 DOS调用(INT21H/RETF) 53 02 保留 55 07 扩展的FCB头 5C 10 格式化的FCB1 6C 10 格式化的FCB2 7C 04 保留 80 80 命令行参数长度(不包含总为最后的0D)及参数也是程序运行期间缺省的DATA VGA Mode: 640*480pix*16color, 80*25char. /* ;the data DB 98 DUP(00h) 0872:069B;0000 ;...... DB 00h ;06A0h ;...... 0872:06FB;0000 ;Chinese Char in GB2312 0872:06FD;A1BED6D0CEC4A1BF DB '【中文】' ;ASCII Char in IBM-CP437 0872:0705;B3 DB '│' ;the data DB 62 DUP(00h) 0872:0706;0000 ;...... 0872:0742;0000 ;ASCII Char in IBM-CP437 0872:0744;B3 DB '│' 0872:0745;4672656543444F53 DB 'FreeCDOS' ;VGA Text Mode ;Bit 7 6 5 4 3 2 1 0 ;Bit7: Blink:0-noBlink, 1-Blink ;Bit654: Background Color ;Bit3: Bright:0-Normal, 1-Light(High) ;Bit210: Frontground Color ;Color Sheet(hex bin Code color): ;0 0000 K Black 8 1000 L Gray ;1 0001 B Blue 9 1001 - Light Blue ;2 0010 G Green A 1010 - Light Green ;3 0011 C Cyan B 1011 - Light Cyan ;4 0100 R Red C 1100 - Light Red ;5 0101 M Magenta D 1101 - Light Magenta ;6 0110 Y Yellow(Brown) E 1110 - Light Yellow(Yellow) ;7 0111 W White F 1111 - Light White ;(Just For Reference) ;tested FCDOS Color Format: Bit7-4:Background, Bit3-0:Frontground ;charcolordata 0872:074D;F0F0FCFCFCFCF0F0 KRRK 0872:0755;F0F0F0F0F0F0F0F0 KKKKKKKK 0872:075D;F0F0F0F0F0F0F0F0 KKKKKKKK 0872:0765;F0F0F0F0F0F0F0F0 KKKKKKKK 0872:076D;F0F0F0F0F0F0F0F0 KKKKKKKK 0872:0775;F0F0F0F0F0F0F0F0 KKKKKKKK 0872:077D;F0F0F0F0F0F0F0F0 KKKKKKKK 0872:0785;F0F0F0F0F0F0F0F0 KKKKKKKK 0872:078D;F0F0F0F0F0F0F0F0 KKKKKKKK 0872:0795;F9F9F9F9FCF8F8F8 BBBBRLLL DB 8 DUP(02h) 0872:079D;0202 ;...... 0872:07A3;0202 DB 72 DUP(01h) 0872:07A5;0101 ;...... 0872:07EB;0101 */ ISR_Return 197E CMP op1, op2 = op1-op2