Open
Conversation
Collaborator
I also don't have a 16-bit Windows app that I really want to reverse/understand. Only thing I did was reversing Minesweeper from Windows 3.11 as an exercise. Having 16-bit support is interesting nonetheless if we ever want real-mode DOS support: there are a lot of cool old DOS games. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This has been in the oven for way too long and I want to get some feedback on the approach.
For
NEimages, we need to apply relocations before we can diassemble imports or far calls. This requires a lot of code to handle each relocation type and walk the "chain" of offsets to find each spot to patch. Our handling is not complete because I could not easily find examples of some relocation types. See: #325. Ghidra is also lacking support for some of these relocations, so we are doing at least as good as them.We have not had to worry about segments until now. Ghidra's approach is to use
0x1000as the ID for the first segment, then shift by 8 for each segment that follows. This ensures that there is no overlap in the address space, so you can use the shortcut of combining the two values to create a 32-bit address. For example:0x10001234is offset0x1234in segment0x1000, the first segment.Strictly speaking: we are not following the intended way of dealing with segment and offset as a 20-bit address. The main point is that we need to match what Ghidra does or our import script will not work out of the box. (I'm not sure how we're going to handle
MZbecause there is no easy way to identify all segments used in the image, but we'll cross that bridge when we come to it.)The only thing missing now is connecting this to the main
Comparefunction and relaxing the restriction that our tools only work withPEimages. This will come later in a follow-up.