Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the forum
Board view  Mix view

Silly hacks -- COMFIX (identify 80186 UPX'd .COMs) (Developers)

posted by Rugxulo(R) Homepage, Usono, 30.04.2013, 14:06

Where to talk about things that are interesting but kinda trivial? Well, I guess I'll start here. Apologies in advance if this is too dumb, badly solved, etc.

Recently I noticed that a certain developer (much more savvy than I am) accidentally UPX'd his .COM without the --8086 flag. I've not really totally solved this problem (i.e. tool to actually fix/rewrite that part of the stub to be 8086 friendly), but at least it's fairly easy to identify now.

So here's the horribly kludgy code that I wrote to identify such problematic .COMs. "for %a in (c:\fdos\*.com) do comfix %a" will show you what needs fixing (I hope!).

program comfix;
uses crt;
const special=9; show: boolean = false;
var comfile: file of byte;
  i: 1..special;
  mydata: array [1..special] of byte;
procedure usage;
    writeln('Error: no .COM specified to analyze!');
    writeln('TODO: Actually rewrite the dumb part of the decomp stub.');
    writeln('Another way to diagnose:');
    writeln('  ndisasm.exe -b16 -o100h | grep "rol word \[.*,0x8$"');

begin {upxfix}
  if paramcount=0 then usage;

  assign(comfile,paramstr(1)); if paramcount >= 2 then show := true;
  reset(comfile); seek(comfile,filesize(comfile)-special);
  for i := 1 to special do read(comfile,mydata[i]); close(comfile);

  if show then begin
    for i := 1 to special do write(mydata[i],' '); writeln

  {reference:  upx-3.08-src/src/stub/src/arch/i086\macros.S}
  if ((mydata[1]=$C1) and (mydata[2]=4) and (mydata[3]=8)) or
     ((mydata[2]=$C1) and (mydata[3]=5) and (mydata[4]=8)) then
       writeln('Intel 80186 UPX''d .COM found! Sorry, 8086 users. :-(')
  else begin
    textcolor(green); writeln('No problems found, no worries! :-)');


Complete thread:

Back to the forum
Board view  Mix view
15296 Postings in 1378 Threads, 254 registered users, 12 users online (1 registered, 11 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum