Differences

This shows you the differences between two versions of the page.

--- blog:pushbx:2022:1107_ldos_boot_loader_review [2022-11-07 21:39:05 +0100 Nov Mon]
ecm [read_sector hardening, optimisations]
+++ blog:pushbx:2022:1107_ldos_boot_loader_review [2022-11-07 21:40:59 +0100 Nov Mon]
ecm [The lDebug bug]
@@ Line 49: / Line 49: @@
 ==== The lDebug bug ====
-During testing lDDebug within qemu, tracing the sectorseg read/write LBA/CHS cases, it happened to be the case that sectorseg reading loaded a random value into cx to copy the data from the sector segment to the target. The desired value would have been 200h, or 512. This happened because lDebug's branch of the sector access handling uses ds to address its data segment with the BPB in use, including the word holding the sector size in bytes. During coding of its sectorseg read handling it wasn't noticed that ds was set to address the source for rep movsb (ie, the sector segment) before loading cx from the sector size variable using the ds. So it ended up accessing a random word somewhere in memory.
+During testing lDDebug within qemu, tracing the sectorseg read/write LBA/CHS cases, it happened to be the case that sectorseg reading loaded a random value into ''cx'' to copy the data from the sector segment to the target. The desired value would have been 200h, or 512. This happened because lDebug's branch of the sector access handling uses ''ds'' to address its data segment with the BPB in use, including the word holding the sector size in bytes. During coding of its sectorseg read handling it wasn't noticed that ''ds'' was set to address the source for ''rep movsb'' (ie, the sector segment) before loading ''cx'' from the sector size variable using the ''ds''. So it ended up accessing a random word somewhere in memory.

pushbx wiki

User Tools

Site Tools

Differences

Page Tools