Sylvain Petreolle,
After doing some winedbg work, it appears that :
- my call appears at 0x36f:0xc and should return at 0x36f:0xe
Wine-dbg>disass 0x36f:0xc 0x036f:0x0000000c: int $0x3d 0x036f:0x0000000e: movw 0xfffffffc(%bp),%ax 0x036f:0x00000011: movw 0xfffffffe(%bp),%dx 0x036f:0x00000014: leave 0x036f:0x00000015: ret $0x4
After the call, the return pointer should return execution to 0x36f:0xc which will then contain the actual FPU opcode written over the interrupt call. In the case of an fwait, which we can safely ignore on 32 bit systems, 0xcd3d could become 0x9090. That is just two NOP instructions and would do nothing but take up space. The return pointer on the stack then has to be set back for all of the FPU instructions so that the opcode that replaced the interrupt call will be executed.
after setting a breakpoint on DOSVM_Int3dHandler, I see that your calculated code variable points to another place (if I am right ;))
It should be changed so that it points back to the changed interrupt call instead of the next instruction.
192 FPU_ModifyCode(context, 0x90); Wine-dbg>step 225 WORD *stack = CTX_SEG_OFF_TO_LIN(context, context->SegSs, context->Esp); Wine-dbg> 224 { Wine-dbg> 225 WORD *stack = CTX_SEG_OFF_TO_LIN(context, context->SegSs, context->Esp); Wine-dbg> 226 BYTE *code = CTX_SEG_OFF_TO_LIN(context, stack[1], stack[0]); Wine-dbg> 232 code[-2] = 0x9b; /* The fwait instruction */ Wine-dbg>disass code-2 0x000d0b51: addb $0,%al 0x000d0b53: int $0x31 0x000d0b55: sti 0x000d0b56: lret
One things appears strange to me : you use a WORD pointer for the stack. Shouldnt it be a DWORD pointer, since real mode uses dword stack ?
I'm using a word because I am trying to split the segment word and the offset word. My references show the stack, in real mode, as 4 bytes with two being the offset and two being the segment. The whole problem results from trying to alter this return address in real mode where I have to modify the address as two parts. Maybe there is a difference under wine. God Bless, --Robert 'Admiral' Coeyman