DOS ain't dead

Hi, I tried to compile modified memtest https://github.com/CMU-SAFARI/rowhammer
it contains your EXE loader by eric auer
https://github.com/CMU-SAFARI/rowhammer/blob/master/src/mt86%2B_loader.asm
I have a problem that produced exe throw error:

nopatch db "jmp far dword not found at setup.S offset 37h,",13,10
db "(file offset 237h is not 66h, 0eah)",13,10
db "please adjust and recompile memtestl...",13,10,"$"

I found that it is little bit shifted and when I change
mov ax,[buffer+251h] ; should be jmp far dword (ofs, seg)
cmp ax,0ea66h
to
mov ax,[buffer+251h+13] ; should be jmp far dword (ofs, seg)
it finds it and I got another error:
lgdt [...] not found at setup.S offset 0ch

so I did some further patching by adding 13 but it ended with immediate reset of PC after I run it. What is the right place to correct the offset?
fullsize matches right the size of memtest.bin

---
DOS gives me freedom to unlimited HW access.

> Hi, I tried to compile modified memtest
> https://github.com/CMU-SAFARI/rowhammer
> it contains your EXE loader by eric auer
> https://github.com/CMU-SAFARI/rowhammer/blob/master/src/mt86%2B_loader.asm
> I have a problem that produced exe throw error:
>
> nopatch db "jmp far dword not found at setup.S offset 37h,",13,10
> db "(file offset 237h is not 66h, 0eah)",13,10
> db "please adjust and recompile memtestl...",13,10,"$"
>
> I found that it is little bit shifted and when I change
> mov ax,[buffer+251h] ; should be jmp far dword (ofs, seg)
> cmp ax,0ea66h
> to
> mov ax,[buffer+251h+13] ; should be jmp far dword (ofs, seg)
> it finds it and I got another error:
> lgdt [...] not found at setup.S offset 0ch
>
> so I did some further patching by adding 13 but it ended with immediate
> reset of PC after I run it. What is the right place to correct the offset?
> fullsize matches right the size of memtest.bin

I tried to do same thing, it starts but once it detected RAM modal names and tries to start testing, it reboots.


@@ -133,11 +133,11 @@
        ; should be 4 ...
        inc al                  ; the boot sector itself
        movzx eax,al
        shl eax,9               ; log 2 of sector size
        add [cs:buflinear],eax  ; linear address of head.S now
-       mov ax,[buffer+251h]    ; should be jmp far dword (ofs, seg)
+       mov ax,[buffer+25eh]    ; should be jmp far dword (ofs, seg)
        cmp ax,0ea66h
        jz foundpatch
 patchbug:                      ; could not patch the jump
        mov dx,nopatch
        jmp generror
@@ -146,20 +146,20 @@
        mov dx,nogdt
        jmp generror
 
 foundpatch:
        mov eax,[cs:buflinear]
-       mov [buffer+253h],eax   ; patch the protected mode entry jump
+       mov [buffer+260h],eax   ; patch the protected mode entry jump
        ; (offset only - segment selector unchanged: flat linear CS)
 
 findgdt:
-       mov eax,[cs:buffer+20ch]        ; should be lgdt offset
+       mov eax,[cs:buffer+219h]        ; should be lgdt offset
        and eax,00ffffffh
        cmp eax,0016010fh       ; lgdt ...
        jnz gdtbug
 
-       mov ax,[cs:buffer+20fh]         ; GDTR contents pointer
+       mov ax,[cs:buffer+21ch]         ; GDTR contents pointer
        mov bx,ax
        mov eax,[cs:buffer+200h+bx+2]   ; GDT linear offset
        and eax,1ffh    ; assume GDT in first sector of setup.S
        ; *** WARNING: this is needed because setup.S contains
        ; *** HARDCODED offset of setup.S on linear 90200h, which


> I tried to do same thing, it starts but once it detected RAM modal names
> and tries to start testing, it reboots.

LOL, seems that I did the same yesterday as you with the same result. I could save my time insted... Memtest 5.01 original crashes when test should begin (desktop and ntb). Memtest 5.01 rowhammer starts running but reports errors on all address. My patch:

mt86+_loader.asm:
15,17c15,16
< %define fullsize ( 182704 + buffer - exeh )
<    ; the fullsize of memtest.bin is adjusted by makedos.sh
<    ; don't remove space after brace (needed for awk/sed processing)
---
> %define fullsize (182704 + buffer - exeh)
> ; 182704 is the size of memtest86+ V5.01, adjust as needed!
139c138
<    mov ax,[buffer+25Eh]    ; should be jmp far dword (ofs, seg)
---
> mov ax,[buffer+251h]      ; should be jmp far dword (ofs, seg)
152c151
<    mov [buffer+260h],eax   ; patch the protected mode entry jump
---
> mov [buffer+253h],eax     ; patch the protected mode entry jump
156c155
<    mov eax,[cs:buffer+219h]        ; should be lgdt offset
---
> mov eax,[cs:buffer+20ch]  ; should be lgdt offset
161c160
<    mov ax,[cs:buffer+21ch]         ; GDTR contents pointer
---
> mov ax,[cs:buffer+20fh]           ; GDTR contents pointer
216,217c215,216
< nopatch    db "jmp far dword not found at setup.S offset 5Eh,",13,10
<    db "(file offset 25Eh is not 66h, 0eah)",13,10
---
> nopatch   db "jmp far dword not found at setup.S offset 37h,",13,10
> db "(file offset 237h is not 66h, 0eah)",13,10
220,221c219,220
< nogdt      db "lgdt [...] not found at setup.S offset 19h,",13,10
<    db "(file offset 219h is not 0fh, 01h, 16h)",13,10
---
> nogdt     db "lgdt [...] not found at setup.S offset 0ch,",13,10
> db "(file offset 20ch is not 0fh, 01h, 16h)",13,10


makedos.sh:
#!/bin/bash

if [ -f memtest.bin ]
then
CSIZE="$(awk 'NR==15' mt86+_loader.asm | awk '{print $4}')";
NSIZE="$(ls -l memtest.bin | awk '{print $5}')";
sed "s/$CSIZE/$NSIZE/" mt86+_loader.asm > mt86+_loader.asm.new;
mv mt86+_loader.asm.new mt86+_loader.asm;
nasm mt86+_loader.asm;
fi


---
DOS gives me freedom to unlimited HW access.

Do you have a binary of your patched 5.01 rowhammer version that I may test? Thanks.

> Do you have a binary of your patched 5.01 rowhammer version that I may
> test? Thanks.

I just deleted it, seems that newer memtest 5.x cannot be started with old loader and will need further update (according copyright it's 12 years old code). I use grub4dos to start memtest.bin from dos, it works from real mode.

---
DOS gives me freedom to unlimited HW access.