Looku-up Table Saturday, 20-Feb-99 12:39:12 I found that the program uses an internal array of data.. no idea for what but it's located at this address : 0xB1 till 0xCF It's null terminated, and used by the XLAT function. It loops through it using LODSB till it finds a NULL termination. When you open the COM file in a HEX editor you'll clearly see a pattern, as a lot of low HEX values are used in it. mov bx, 660h mov si, 1B1h mov di, 100h loc_0_19C: lodsb cmp al, 0 jz loc_0_1D0 mov cl, al and ax, 0F0h shr al, 4 xlat and cl, 0Fh repe stosb jmp short loc_0_19C SI contains the address of the array in memory, 1B1h. It's 1B1h and not B1h (as in a HEX editor) , because the base address in memory is 100h. LODSB loads in 1 byte ( Load String Byte ) from the SI address, and places it in AL, after that the SI pointer is increased by 1. XLAT replaces the value in AL with the value stored in [BX+AL]. BX points to a readable string, some sort of combination "T.abcfw + your username". so it reads a byte from the lookup table, AND's and SHR's that, and uses the result + the base string address (660h). That result is then stored at the address DI is pointing to (100h). noos / DREAD noos |
Noos's Thread (noos@noos.demon.nl) (20-Feb-99 10:58:02) |