[syslinux] reboot from com32
Miguel
mth at mth.com
Tue Aug 14 11:24:47 PDT 2007
> The most likely explanation IMO is that there is a bug in __farcall.
> Unlike __intcall it hasn't been extensively used. They do, however,
> share almost all the code.
>
> -hpa
com32.inc
---------
com32_farcall:
pushfd ; Save IF among other things...
pushad ; We only need to save some, but...
mov eax,[esp+10*4] ; CS:IP
jmp com32_syscall
com32_intcall:
pushfd ; Save IF among other things...
pushad ; We only need to save some, but...
movzx eax,byte [esp+10*4] ; INT number
mov eax,[eax*4] ; Get CS:IP from low memory
com32_syscall:
cld
...
--------
Theory #1:
I am incapable of following the details of com32_syscall, but here is what
jumps out at me ...
both _farcall and _intcall load up the target address into eax.
That means that the _intcall version is going to have to push the flags
onto the stack because the interrupt handler will do an 'iret'.
But the code that is generally called by _farcall is going to do a 'ret',
not an 'iret'.
Therefore, I am concerned that there is going to be an extra set of flags
pushed on to the stack at some point ... which would interfere with
_farcall behavior.
BUT ... this call to F000:FFF0 should not be returning anyway, so I don't
see how that could affect what is going on here.
Theory #2
Confirm that the stack location of the target address is correct:
mov eax,[esp+10*4] ; CS:IP
BUT ... if that wasn't correct then _farcall would never have worked.
Hope this helps,
Miguel
More information about the Syslinux
mailing list