139 lines
3.5 KiB
Plaintext
139 lines
3.5 KiB
Plaintext
xxxx? 103h dw 0000h
|
||
xms drv version 107h dw 0000h
|
||
173d? 10Bh dw 0000h
|
||
1750? 10Fh dw 0000h
|
||
175c? 113h dw 0000h
|
||
176d? 117h dw 0000h
|
||
|
||
xms drv addr BX 119h dw 0000h
|
||
xms drv addr ES 11Bh dw 0000h
|
||
statuscount 11Dh db 00h
|
||
? 11Eh db 00h
|
||
? 11Fh db 00h
|
||
FCRD.COM
|
||
--:---- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
|
||
00:0100 E9 C7 19 oriES ExMEM XMSVR 00 00 00 00 00 00 00
|
||
00:0110 00 00 00 00 00 00 00 00-00 XMSBX XMSES sc xe 00
|
||
00:0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
|
||
sc: statXMSinstalled
|
||
xe: XMSallocatedRAM_ERRCODE
|
||
|
||
REGs:
|
||
2 BYTE 16 Bit
|
||
----++++----++++
|
||
1111011011001010
|
||
15-----87------0
|
||
AX=F6CAh
|
||
AH=F6h AL=CAh
|
||
AX=1234h
|
||
AH=12h AL=34h
|
||
BYTE 8-Bit 12h
|
||
WORD 16Bit 1234h
|
||
double WORD 32bit 12345678h
|
||
CALL FAR :get addr seg:offset 11223344h , in mem 44h 33h 22h 11h.
|
||
|
||
little-endian
|
||
12345678h
|
||
04:12h
|
||
03:34h
|
||
02:56h
|
||
01:78h
|
||
|
||
INTEntry:18AFh
|
||
偏移 字节数 说明
|
||
00 02 中断20H
|
||
02 02 以节计算的内存大小(利用这个可看出是否感染引导型病毒)
|
||
04 01 保留
|
||
05 05 至DOS的长调用
|
||
0A 02 INT22H入口IP
|
||
0C 02 INT22H入口CS
|
||
0E 02 INT23H入口IP
|
||
10 02 INT23H入口CS
|
||
12 02 INT24H入口IP
|
||
14 02 INT24H入口CS
|
||
16 02 父进程的PSP段值(可测知是否被跟踪)
|
||
18 14 存放20个SOFT号
|
||
2C 02 环境块段地址(从中可获知执行的程序名)
|
||
2E 04 存放用户栈地址指针
|
||
32 1E 保留
|
||
50 03 DOS调用(INT21H/RETF)
|
||
53 02 保留
|
||
55 07 扩展的FCB头
|
||
5C 10 格式化的FCB1
|
||
6C 10 格式化的FCB2
|
||
7C 04 保留
|
||
80 80 命令行参数长度(不包含总为最后的0D)及参数也是程序运行期间缺省的DATA
|
||
|
||
VGA Mode: 640*480pix*16color, 80*25char.
|
||
/*
|
||
;the data
|
||
DB 98 DUP(00h)
|
||
0872:069B;0000
|
||
;......
|
||
DB 00h ;06A0h
|
||
;......
|
||
0872:06FB;0000
|
||
|
||
;Chinese Char in GB2312
|
||
0872:06FD;A1BED6D0CEC4A1BF
|
||
DB '【中文】'
|
||
|
||
;ASCII Char in IBM-CP437
|
||
0872:0705;B3
|
||
DB '│'
|
||
|
||
;the data
|
||
DB 62 DUP(00h)
|
||
0872:0706;0000
|
||
;......
|
||
0872:0742;0000
|
||
;ASCII Char in IBM-CP437
|
||
0872:0744;B3
|
||
DB '│'
|
||
0872:0745;4672656543444F53
|
||
DB 'FreeCDOS'
|
||
;VGA Text Mode
|
||
;Bit 7 6 5 4 3 2 1 0
|
||
;Bit7: Blink:0-noBlink, 1-Blink
|
||
;Bit654: Background Color
|
||
;Bit3: Bright:0-Normal, 1-Light(High)
|
||
;Bit210: Frontground Color
|
||
;Color Sheet(hex bin Code color):
|
||
;0 0000 K Black 8 1000 L Gray
|
||
;1 0001 B Blue 9 1001 - Light Blue
|
||
;2 0010 G Green A 1010 - Light Green
|
||
;3 0011 C Cyan B 1011 - Light Cyan
|
||
;4 0100 R Red C 1100 - Light Red
|
||
;5 0101 M Magenta D 1101 - Light Magenta
|
||
;6 0110 Y Yellow(Brown) E 1110 - Light Yellow(Yellow)
|
||
;7 0111 W White F 1111 - Light White
|
||
|
||
;(Just For Reference)
|
||
;tested FCDOS Color Format: Bit7-4:Background, Bit3-0:Frontground
|
||
;charcolordata
|
||
0872:074D;F0F0FCFCFCFCF0F0 KRRK
|
||
0872:0755;F0F0F0F0F0F0F0F0 KKKKKKKK
|
||
0872:075D;F0F0F0F0F0F0F0F0 KKKKKKKK
|
||
0872:0765;F0F0F0F0F0F0F0F0 KKKKKKKK
|
||
0872:076D;F0F0F0F0F0F0F0F0 KKKKKKKK
|
||
0872:0775;F0F0F0F0F0F0F0F0 KKKKKKKK
|
||
0872:077D;F0F0F0F0F0F0F0F0 KKKKKKKK
|
||
0872:0785;F0F0F0F0F0F0F0F0 KKKKKKKK
|
||
0872:078D;F0F0F0F0F0F0F0F0 KKKKKKKK
|
||
0872:0795;F9F9F9F9FCF8F8F8 BBBBRLLL
|
||
|
||
DB 8 DUP(02h)
|
||
0872:079D;0202
|
||
;......
|
||
0872:07A3;0202
|
||
|
||
DB 72 DUP(01h)
|
||
0872:07A5;0101
|
||
;......
|
||
0872:07EB;0101
|
||
*/
|
||
|
||
ISR_Return 197E
|
||
|
||
CMP op1, op2 = op1-op2
|