Closed sikthehedgehog closed 2 years ago
joncampbell123
commented
9 years ago Wow, hard to find game. But found a copy:
http://cd.textfiles.com/swexplorer/disk3/A048/GLASNOS3.ZIP
I see the same error here.
Test results:
joncampbell123
commented
9 years ago I suspect that what the game was made with probably has no relation to the self-check code that's failing us here, in the same way that PKZIP compressed executables have no bearing on what compiler+linker was involved.
I'm still not sure where to look for what is making this code fail. I have some theories I'd like to try about how my PF reentrant modifications to REP string operations may affect CMPSB/SCASB emulation, that's about it.
sikthehedgehog
commented
9 years ago I guess this may require looking into the game's code to know for sure (luckily it happens when the game is just starting, so it should be near the beginning).
I'm not sure it may be those instructions since the issue is inherited from vanilla DOSBox, unless you mean those modifications could potentially fix it.
ghost
commented
9 years ago It seems to run fine under the normal core. I am unable to reproduce the error.
joncampbell123
commented
9 years ago It works fine with the dynamic core. This error happens with any other core, on my test system. It doesn't seem to matter if I compile DOSBox-X 32-bit or 64-bit. I'm keeping the issue open until I see it work with the normal core on my system.
sikthehedgehog
commented
9 years ago I couldn't get it to run in any of the cores in vanilla DOSBox... and when I tried to run it in a newer version of DOSBox-X I couldn't even get to the C: drive because for some reason now the keyboard layout is screwed up (it picks up the Spanish scancodes but with the US mappings, meaning most keys don't output characters at all). Bonus, I can't even find the config file anymore (and it's obviously not using the old one since the autoexec.bat isn't running either). Any ideas? (note: Linux build here)
Also I'd argue that if it fails in some cores it's still a bug in those, right?
joncampbell123
commented
9 years ago I'm still not certain what's making the game fail under all but dynamic core. I don't think it's anything to do with the CPU FLAGS register, if that was the case throwing FillFlags() into the CPU execution loop of the core would've fixed it. It's some subtle behavior with some instruction that only the dynamic core happens to do right. I don't have the time right now to drill down through all the program's init code (which does plenty of string ops BACKWARDS with DF=1) to where the check fails.
I've written some code in DOSLIB to try and "grind" through various x86 instructions and log the results to compare processors. So far, I've found the DIV and MUL flags have some interesting differences between Pentium and 486 CPUs.
ghost
commented
9 years ago Since I'm using your normal core and it worked, then the problem should be elsewhere than the core (given my initial test was ok). Your test above shows it isn't in the dos emulation, too. I think that dosbox-x fixed the initial core problem in vanilla dosbox with respect to that game, but then there is a 2nd bug on the above virus check, perhaps in a past enhancement. It may be worthwhile to test with dosbox-x from a year or so ago, but dropping in the current normal core.
ghost
commented
9 years ago I tested further with vanilla dosbox, dosbox-r3700, dosbox-r3769, Ykhwong's 11/27/07, 12/4/10, 12/25/10. All worked under normal core. In the case of vanilla dosbox, I reset dosbox.conf and it continued to work with the demo. I have a custom build with your normal core where non-recursive page fault=false, and that also worked with the demo.
I tested several versions of dosbox-x, including the oldest release on your github site, and these do not run under the normal core with this demo. Unless I have a misconfiguration, it seems that vanilla dosbox works fine with the demo, and that would suggest it's a dosbox-x change before the earliest 2014 version (7/19/14). It so, then it would have to be a commit between that time and the earliest time that a commit was posted on github?
There is also some (small) possibility that the cause is related to the host OS or the compiling process.
Update: dosbox-x r108 (5/2012) also works with the demo. And Ykhwong's recent builds work, too.
Update 2: it works with recent dosbox-x where booting into 95 and running game in a 95 dos box. Booting dos 7.0 works, too.
ghost
commented
9 years ago The dosbox-x memory allocation is different between the normal and dynamic core when starting this game: normal core (not working): DOS_FreeMemory(seg=0x9fef) DOS_AllocateMemory(blocks=0x0045) = 0x0419-0x045d DOS_AllocateMemory(blocks=0x9ba0) = 0x045f-0x9ffe DOS_ResizeMemory(seg=0x045f) blocks=0x39b4 DOS_ResizeMemory(seg=0x045f) blocks=0xffff DOS_ResizeMemory(seg=0x045f) blocks=0x9ba0 DOS_ResizeMemory(seg=0x045f) blocks=0x9b8f DOS_AllocateMemory(blocks=0x0010) = 0x9fef-0x9ffe DOS_FreeMemory(seg=0x9fef)
dynamic core (working): DOS_FreeMemory(seg=0x9fef) DOS_ResizeMemory(seg=0x045f) blocks=0x45ae DOS_AllocateMemory(blocks=0x0045) = 0x4a0e-0x4a52 DOS_AllocateMemory(blocks=0x55ab) = 0x4a54-0x9ffe DOS_ResizeMemory(seg=0x4a54) blocks=0x0040 DOS_ResizeMemory(seg=0x045f) blocks=0x9b8f DOS_AllocateMemory(blocks=0x0010) = 0x9fef-0x9ffe
joncampbell123
commented
9 years ago Huh, I'm not seeing any difference in memory allocation between core=normal and core=dynamic or in whether or not non-recursive page fault handling is enabled.
Could you post the dosbox.conf where the game works with normal core?
I am compiling the latest mainline DOSBox to see if that works.
joncampbell123
commented
9 years ago I just thought of something: I do most of my development with dosbox configured like this:
./configure --enable-core-inline --enable-debug=heavy --prefix=/usr
Does that have any effect on the game on your end?
ghost
commented
9 years ago I deleted the dosbox.conf so both the vanilla dosbox and dosbox-x tests were using their default settings (except for core=normal). Also, thank you for suggesting the "heavy debug" option. I configured that in a customized build and have this debug output where the game is working:
80858176: EXEC:Parsing command line: c:
85611987: FILES:file search attributes FFF7 name gl*.*
86757619: EXEC:Parsing command line: cd GLASNOS3
90143751: FILES:file search attributes FFF7 name gl*.*
91391345: EXEC:Parsing command line: GLASNOS3.EXE
91391348: EXEC:Execute GLASNOS3.EXE 0
91391348: FILES:file open command 0 file GLASNOS3.EXE
91433358: INT10:Function EF00 not supported
91439672: PIT:PIT 0 Timer set without new control word
91439672: PIT:PIT 0 Timer at 18.2065 Hz mode 3
91442818: FILES:file open command 2 file C:\GLASNOS3\GLASNOS3.EXE
96085355: PIT:PIT 0 Timer set without new control word
96085355: PIT:PIT 0 Timer at 18.2065 Hz mode 3
96124015: FCB:DOS:29:FCB Parse Filename, result:al=0
96124019: FCB:DOS:29:FCB Parse Filename, result:al=0
96124024: FCB:DOS:29:FCB Parse Filename, result:al=0
96124035: EXEC:Execute Z:\COMMAND.COM 0
96124035: FILES:file open command 0 file Z:\COMMAND.COM
96124044: EXEC:Parsing command line: CD .
96141889: FILES:file search attributes 21 name GLASNOS3.CFG
96151164: FILES:file open command 0 file C:\GLASNOS3\GLASNOS3.CFG
96156696: FILES:Special file open command 20 file C:\GLASNOS3\SHAPES.DAT
96199343: FILES:file open command 0 file C:\GLASNOS3\GLASNOS3.HSC
96303102: INT10:Set Video Mode 13
96303102: VGA:Blinking 0
96303593: VGA:h total 100 end 80 blank (80/98) retrace (84/96)
96303593: VGA:v total 449 end 400 blank (407/442) retrace (412/414)
96303593: VGA:h total 0.03178 (31.47kHz) blank(0.02542/0.03114) retrace(0.0266
/0.03051)
235/13.15591)
96303593: VGA:double width, double height aspect 1.200000
96382138: FILES:Special file open command 20 file C:\GLASNOS3\VGA.DAT
96411611: FILES:Special file open command 20 file C:\GLASNOS3\VGA.DATI built dosbox-x (version: e024496) in mingw and the game caused the error. This may rule out the compiler and build environment as likely factors.
ghost
commented
9 years ago Ran the above version in heavy debug mode to contrast the normal and dynamic core running this game:
NORMAL CORE (stopped debugger when the error occurred)
59303264: FILES:file open command 0 file GLASNOS3.EXE
DOS_AllocateMemory(blocks=0x000a) = 0x0171-0x017a
DOS_AllocateMemory(blocks=0x9e83) = 0x017c-0x9ffe
DOS_ResizeMemory(seg=0x017c) blocks=0x39b4
59339795: INT10:Function EF00 not supported
DOS_ResizeMemory(seg=0x017c) blocks=0xffff
DOS_ResizeMemory(seg=0x017c) blocks=0x9e83
DOS_ResizeMemory(seg=0x017c) blocks=0x9e72
DOS_AllocateMemory(blocks=0x0010) = 0x9fef-0x9ffe
59346164: PIT:PIT 0 Timer set without new control word
59346164: PIT:PIT 0 Timer at 18.2065 Hz mode 3
59349151: FILES:file open command 2 file C:\GLASNOS3\GLASNOS3.EXE
59703720: PIT:PIT 0 Timer set without new control word
59703720: PIT:PIT 0 Timer at 18.2065 Hz mode 3
DOS_FreeMemory(seg=0x9fef)
DYNAMIC CORE
96450089: FILES:file open command 0 file GLASNOS3.EXE
DOS_AllocateMemory(blocks=0x000a) = 0x0171-0x017a
DOS_AllocateMemory(blocks=0x9e83) = 0x017c-0x9ffe
DOS_ResizeMemory(seg=0x017c) blocks=0x39b4
96509412: INT10:Function EF00 not supported
DOS_ResizeMemory(seg=0x017c) blocks=0xffff
DOS_ResizeMemory(seg=0x017c) blocks=0x9e83
DOS_ResizeMemory(seg=0x017c) blocks=0x9e72
DOS_AllocateMemory(blocks=0x0010) = 0x9fef-0x9ffe
96515919: PIT:PIT 0 Timer set without new control word
96515919: PIT:PIT 0 Timer at 18.2065 Hz mode 3
96519517: FILES:file open command 2 file C:\GLASNOS3\GLASNOS3.EXE
126755580: PIT:PIT 0 Timer set without new control word
126755580: PIT:PIT 0 Timer at 18.2065 Hz mode 3
DOS_FreeMemory(seg=0x9fef)
DOS_ResizeMemory(seg=0x017c) blocks=0x45ae
126815010: FCB:DOS:29:FCB Parse Filename, result:al=0
126815015: FCB:DOS:29:FCB Parse Filename, result:al=0Silly question that may or may not matter, but: what are the initial values of the registers when the game boots? I thought of booting the game off a real MS-DOS install (running through DOSBox) but I couldn't figure out how to switch to the game's disk without the OS panicking yet ^^; (nor do I have much time to test either)
joncampbell123
commented
9 years ago Hm, still stumped at this time. Registers at startup appear to be the same (other than segment register differences). Memory allocation appears to be the same. I'm still convinced some minor CPU flag or instruction emulation is off that the program relies on. I just don't know what.
ghost
commented
9 years ago I verified all the code in the cpu/ files as best I could and any reverted changes had no effect on the above issue. I also compiled a 4/13/14 version of dosbox-x, and it displayed the above issue.
The error should have been introduced between the first commit and 4/13/14, given that it's verified that dosbox-svn doesn't show the issue. If the IDE changes are ignored, then it may be possible to find the cause by working backward in steps of 20 commits or so. :)
I wonder if a change to the bios emulation could have caused it.
Update: dosbox-x 2/1/14 shows the error, too.
Update 2: same for 12/1/13.
Update 3: could it be related to removal of x86 fpu emulation?
Update 4: 10/20/13 works!
ghost
commented
9 years ago Ok, we got the answer. Where the x86 fpu code is present, the game works. I applied just the patch (13eac55) to remove the x86 fpu code and the game shows the error. :)
Do you think this could be a missing fpu exception from the non-cpu-specific fpu code?
joncampbell123
commented
9 years ago Hm? What would the game do with the FPU? Games of that time generally don't use the FPU, certainly not for an integrity check. But, I'll go through and check the behavior of the FPU instructions with DOSBox-X to see if I can replicate whatever it is the integrity check apparently needs.
ghost
commented
9 years ago I saw this post about qbasic: http://www.vogons.org/viewtopic.php?f=31&t=39237. I wonder how much math optimization was truly happening, if this was the case.
joncampbell123
commented
9 years ago Alright, here's what I've noticed. I have the code written so that you can set fpu=false to emulate a system without a FPU. But, the game's integrity check appears to use the FPU anyway. DOS games aren't supposed to be able to detect the FPU if you set fpu=false. What I'm getting at is getting the game to work under normal core by first making the game detect that there is no FPU, before moving on to what FPU instructions are failing to do their jobs for the game's integrity check.
Edit: I see:
FINIT .. FWAIT FCLEX .. FLDCW ... FINIT .. FWAIT FCLEX
Hm, the thing is that if you were to execute these instructions (especially FWAIT) on a 386 with no FPU you would get a hang. So it's reading from somewhere else that there's an FPU.
joncampbell123
commented
9 years ago Okay. Now we're making progress:
It turns out even if I set fpu=false, DOSBox's BIOS equipment check syscall (INT 11h) was still setting bit 1 to indicate an FPU. And it turns out that QBasic uses INT 11h to detect the FPU rather than the usual FPU test most programs use.
So now, if you set fpu=false, Glasnos 3 runs perfectly fine with core=normal.
The remainder of the work is figuring out what the FPU emulation is doing wrong.
ghost
commented
9 years ago That's interesting. I wonder if it would help to log the cpu/fpu instructions with the x86 fpu emulation patch in dosbox-x and then without. Would that show where the two methods diverge in their output and help identify the problem instruction? The list could be filtered for fpu instructions by a short script.
joncampbell123
commented
9 years ago No. Because it works with dynamic core's FPU emulation and that uses your actual FPU. If that were true the game would fail to work on anything beyond a 386. But it works fine in Bochs and on Pentium class hardware. There's not that much difference from the 8087 to the Pentium other than adding FPU instructions.
As far as I can tell the game doesn't need anything beyond an 8086 and possibly 8087-level floating point support. It runs quite well even if I set core=normal, cputype=8086, and fputype=false.
I've already written some x86 instruction "grinding" code in DOSLIB to reveal undocumented MUL and DIV flag behavior [http://hackipedia.org/Hardware/CPU/x86/Behavior%20dump%20and%20grind%20results/]. I think the next thing I will write will be code to grind through various FPU opcodes to observe results and compare against dynamic core, Bochs, and real 486/Pentium hardware. I have an old Packard bell 386 with a 387 coprocessor I might do some tests on as well. I'm guessing at this point the most likely candidates might be FADD, FSUB, or FCOM/FCOMP. I noticed that the current non-x86-specific FPU emulation is littered with basic floating point emulation and comments like "TODO flags and stuff" so there's that to try.
sikthehedgehog
commented
9 years ago Glasnos 3 runs fine on a Pentium 4 running Windows 98SE, so um yeah the FPU being old or new definitely has nothing to do with this (this also rules out behavior specific to only some FPU models).
ghost
commented
9 years ago I collected the cpu instructions from the working example (x86-specific fpu) and the not working example (non-x86-specific fpu) and filtered for the fpu instructions, starting with finit. Noted the following missing from the not working example: faddp, fildw, fdivp; however, fild is in both. I wrote some assembly routines (actually used gcc and inlines) to detect some of the fpu instructions and so far the values produced are as expected, although I didn't verify their known (and undocumented) flag values). I don't know if this will help, but this is the region which is nearby where the issue in question arises:
1DA7:000031FB fmulp st(1),st EAX:0000003C EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031FD jmp short 00003202 ($+3) (down) EAX:0000003C EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003202 pop dx EAX:0000003C EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003203 ret EAX:0000003C EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031BC mov al,dh EAX:0000003C EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031BE mov ah,01 EAX:00000030 EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031C0 call 000031E3 ($+20) EAX:00000130 EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E3 push dx EAX:00000130 EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E4 push ax EAX:00000130 EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E5 mov bl,al EAX:00000130 EBX:0000003C ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E7 xor bh,bh EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E9 call 000081A8 ($+4fbc) EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081A8 push bx EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081A9 mov bx,sp EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AC fildw [bx] ds:[3448]=0030 EAX:00000130 EBX:00003448 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AE pop bx EAX:00000130 EBX:00003448 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AF ret EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031EC pop ax EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031ED or ah,ah EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031EF je 000031FA ($+9) (no jmp) EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031F1 dec ah EAX:00000130 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031F3 je 000031FF ($+a) (down) EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031FF int 3A EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006D6 sti EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
286F:000006D7 fwait EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006D8 push ax EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006D9 mov ax,5C32 EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003446 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006DC push bp EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003446 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006DD push ds EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003444 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006DE push si EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003442 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006DF mov bp,sp EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003440 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006E1 lds si,[bp+08] ss:[3448]=3201 EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003440 ESP:00003440 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006E4 dec si EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00003201 EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006E5 dec si EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00003200 EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006E6 mov [bp+08],si ss:[3448]=3201 EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:000006E9 sub [si],ax ds:[31FF]=3ACD EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:000006EB push bx EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:0 IF:1
286F:000006EC xor bx,bx EAX:00005C32 EBX:00000030 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:0 IF:1
286F:000006EE push sp EAX:00005C32 EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006EF pop ax EAX:00005C32 EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343C DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F0 cmp ax,sp EAX:0000343E EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F2 jne 0000071C ($+28) (no jmp) EAX:0000343E EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F4 mov ax,[bx+si+01] ds:[3200]=C1DE EAX:0000343E EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F7 and ax,30FB EAX:0000C1DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006FA cmp ax,30D9 EAX:000000DA EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006FD jne 00000706 ($+7) (down) EAX:000000DA EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:0 IF:1
286F:00000706 mov ax,[bx+si+01] ds:[3200]=C1DE EAX:000000DA EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:0 IF:1
286F:00000709 and ax,FEFF EAX:0000C1DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:0 IF:1
286F:0000070C cmp ax,E2DB EAX:0000C0DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:1 OF:0 AF:0 PF:1 IF:1
286F:0000070F je 0000071C ($+b) (no jmp) EAX:0000C0DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:1 IF:1
286F:00000711 mov ax,[bx+si+01] ds:[3200]=C1DE EAX:0000C0DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:1 IF:1
286F:00000714 cmp ax,E0DF EAX:0000C1DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:1 IF:1
286F:00000717 je 0000071C ($+3) (no jmp) EAX:0000C1DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:1 PF:1 IF:1
286F:00000719 mov byte [si],90 ds:[31FF]=DE9B EAX:0000C1DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:1 PF:1 IF:1
286F:0000071C pop bx EAX:0000C1DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:1 PF:1 IF:1
286F:0000071D pop si EAX:0000C1DE EBX:00000030 ECX:00000037 EDX:0000305F ESI:000031FF EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:1 PF:1 IF:1
286F:0000071E pop ds EAX:0000C1DE EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003440 ESP:00003442 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:1 PF:1 IF:1
286F:0000071F pop bp EAX:0000C1DE EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003440 ESP:00003444 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:1 PF:1 IF:1
286F:00000720 pop ax EAX:0000C1DE EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003446 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:1 PF:1 IF:1
286F:00000721 iret EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:1 PF:1 IF:1
1DA7:00003200 faddp st(1),st EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003202 pop dx EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003203 ret EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031C3 mov ax,0064 EAX:00000030 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031C6 call 000031E3 ($+1a) EAX:00000064 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E3 push dx EAX:00000064 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E4 push ax EAX:00000064 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E5 mov bl,al EAX:00000064 EBX:00000030 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E7 xor bh,bh EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E9 call 000081A8 ($+4fbc) EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081A8 push bx EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081A9 mov bx,sp EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AC fildw [bx] ds:[3448]=0064 EAX:00000064 EBX:00003448 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AE pop bx EAX:00000064 EBX:00003448 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AF ret EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031EC pop ax EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031ED or ah,ah EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031EF je 000031FA ($+9) (down) EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031FB fmulp st(1),st EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031FD jmp short 00003202 ($+3) (down) EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003202 pop dx EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003203 ret EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031C9 mov al,dl EAX:00000064 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031CB mov ah,01 EAX:0000005F EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031CD call 000031E3 ($+13) EAX:0000015F EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E3 push dx EAX:0000015F EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E4 push ax EAX:0000015F EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E5 mov bl,al EAX:0000015F EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E7 xor bh,bh EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E9 call 000081A8 ($+4fbc) EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081A8 push bx EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081A9 mov bx,sp EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AC fildw [bx] ds:[3448]=005F EAX:0000015F EBX:00003448 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AE pop bx EAX:0000015F EBX:00003448 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AF ret EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031EC pop ax EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031ED or ah,ah EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031EF je 000031FA ($+9) (no jmp) EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031F1 dec ah EAX:0000015F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031F3 je 000031FF ($+a) (down) EAX:0000005F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003200 faddp st(1),st EAX:0000005F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003202 pop dx EAX:0000005F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:00003203 ret EAX:0000005F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031D0 mov ax,0264 EAX:0000005F EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031D3 call 000031E3 ($+d) EAX:00000264 EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E3 push dx EAX:00000264 EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E4 push ax EAX:00000264 EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E5 mov bl,al EAX:00000264 EBX:0000005F ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E7 xor bh,bh EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031E9 call 000081A8 ($+4fbc) EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081A8 push bx EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081A9 mov bx,sp EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AC fildw [bx] ds:[3448]=0064 EAX:00000264 EBX:00003448 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AE pop bx EAX:00000264 EBX:00003448 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000081AF ret EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031EC pop ax EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031ED or ah,ah EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
1DA7:000031EF je 000031FA ($+9) (no jmp) EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031F1 dec ah EAX:00000264 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031F3 je 000031FF ($+a) (no jmp) EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031F5 int 3A EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006D6 sti EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:0
286F:000006D7 fwait EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006D8 push ax EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006D9 mov ax,5C32 EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003446 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006DC push bp EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003446 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006DD push ds EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003444 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006DE push si EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003442 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006DF mov bp,sp EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003440 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006E1 lds si,[bp+08] ss:[3448]=31F7 EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003440 ESP:00003440 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006E4 dec si EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:000031F7 EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006E5 dec si EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:000031F6 EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006E6 mov [bp+08],si ss:[3448]=31F7 EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006E9 sub [si],ax ds:[31F5]=3ACD EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006EB push bx EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:0 IF:1
286F:000006EC xor bx,bx EAX:00005C32 EBX:00000064 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:0 IF:1
286F:000006EE push sp EAX:00005C32 EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006EF pop ax EAX:00005C32 EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343C DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F0 cmp ax,sp EAX:0000343E EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F2 jne 0000071C ($+28) (no jmp) EAX:0000343E EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F4 mov ax,[bx+si+01] ds:[31F6]=F9DE EAX:0000343E EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F7 and ax,30FB EAX:0000F9DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006FA cmp ax,30D9 EAX:000030DA EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006FD jne 00000706 ($+7) (down) EAX:000030DA EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:00000706 mov ax,[bx+si+01] ds:[31F6]=F9DE EAX:000030DA EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:00000709 and ax,FEFF EAX:0000F9DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:0000070C cmp ax,E2DB EAX:0000F8DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:1 OF:0 AF:0 PF:0 IF:1
286F:0000070F je 0000071C ($+b) (no jmp) EAX:0000F8DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:1 IF:1
286F:00000711 mov ax,[bx+si+01] ds:[31F6]=F9DE EAX:0000F8DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:1 IF:1
286F:00000714 cmp ax,E0DF EAX:0000F9DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:1 IF:1
286F:00000717 je 0000071C ($+3) (no jmp) EAX:0000F9DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:00000719 mov byte [si],90 ds:[31F5]=DE9B EAX:0000F9DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:0000071C pop bx EAX:0000F9DE EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:0000343E DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:0000071D pop si EAX:0000F9DE EBX:00000064 ECX:00000037 EDX:0000305F ESI:000031F5 EDI:00002A4A EBP:00003440 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:0000071E pop ds EAX:0000F9DE EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003440 ESP:00003442 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:0000071F pop bp EAX:0000F9DE EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003440 ESP:00003444 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:00000720 pop ax EAX:0000F9DE EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003446 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
286F:00000721 iret EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:1 PF:1 IF:1
1DA7:000031F6 fdivp st(1),st EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031F8 jmp short 00003202 ($+8) (down) EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:00003202 pop dx EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344E DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:00003203 ret EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003450 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031D6 mov bx,25D3 EAX:00000164 EBX:00000064 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
1DA7:000031D9 int 35 EAX:00000164 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003452 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006D6 sti EAX:00000164 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:0
286F:000006D7 fwait EAX:00000164 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006D8 push ax EAX:00000164 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344C DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006D9 mov ax,5C32 EAX:00000164 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006DC push bp EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:0000344A DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006DD push ds EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003448 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006DE push si EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003446 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006DF mov bp,sp EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003456 ESP:00003444 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006E1 lds si,[bp+08] ss:[344C]=31DB EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:00000332 EDI:00002A4A EBP:00003444 ESP:00003444 DS:2B46 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006E4 dec si EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:000031DB EDI:00002A4A EBP:00003444 ESP:00003444 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006E5 dec si EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:000031DA EDI:00002A4A EBP:00003444 ESP:00003444 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006E6 mov [bp+08],si ss:[344C]=31DB EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:000031D9 EDI:00002A4A EBP:00003444 ESP:00003444 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006E9 sub [si],ax ds:[31D9]=35CD EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:000031D9 EDI:00002A4A EBP:00003444 ESP:00003444 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:0 SF:0 OF:0 AF:0 PF:0 IF:1
286F:000006EB push bx EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:000031D9 EDI:00002A4A EBP:00003444 ESP:00003444 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:1 IF:1
286F:000006EC xor bx,bx EAX:00005C32 EBX:000025D3 ECX:00000037 EDX:0000305F ESI:000031D9 EDI:00002A4A EBP:00003444 ESP:00003442 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:1 ZF:0 SF:1 OF:0 AF:0 PF:1 IF:1
286F:000006EE push sp EAX:00005C32 EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031D9 EDI:00002A4A EBP:00003444 ESP:00003442 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006EF pop ax EAX:00005C32 EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031D9 EDI:00002A4A EBP:00003444 ESP:00003440 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1
286F:000006F0 cmp ax,sp EAX:00003442 EBX:00000000 ECX:00000037 EDX:0000305F ESI:000031D9 EDI:00002A4A EBP:00003444 ESP:00003442 DS:1DA7 ES:2B46 FS:0000 GS:0000 SS:2B46 CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:1And here is a list of the fpu instructions used in the working example:
fabs
faddp
fclex
fdivp
ficompw
fild
fildw
finit
fld
fldcw
fldq
fldt
fmulp
fstcw
fstp
fstpq
fstsw
fwait
fabs
fcomp (only in non-working example) I temporarily added code to the FCOM(P) emulation to show exactly what was being compared with what. It turns out the compare fails only because the two numbers end up slightly off from one another. So the game thinks the file size is wrong because 187486.00000000000 != 187485.9999999999999927476247627671etc...
ghost
commented
9 years ago I have this before and after the single FCOM instruction in the version that is not working, but FICOMP is called in the working copy.
NON-WORKING
lds si,[bp+08]
dec si
dec si
mov [bp+08],si
sub [si],ax
push bx
xor bx,bx
push sp
pop ax
cmp ax,sp
jne 0000071C ($+28) (no jmp)
mov ax,[bx+si+01] ds:[0B1A]=D9D8
and ax,30FB
cmp ax,30D9
jne 00000706 ($+7) (down)
mov ax,[bx+si+01] ds:[0B1A]=D9D8
and ax,FEFF
cmp ax,E2DB
je 0000071C ($+b) (no
mov ax,[bx+si+01] ds:[0B1A]=D9D8
cmp ax,E0DF
je 0000071C ($+3) (no
mov byte [si],90
pop bx
pop si
pop ds
pop bp
pop ax
iret
fcomp st(1)
int 39
sti
fwait
push ax
mov ax,5C32
push bp
push ds
push si
mov bp,sp
lds si,[bp+08]
dec si
dec si
mov [bp+08],si
sub [si],ax
push bx
xor bx,bx
push sp
pop ax
cmp ax,sp
jne 0000071C ($+28) (no jmp)
mov ax,[bx+si+01] ds:[0B1D]=3EDD
and ax,30FB
cmp ax,30D9
jne 00000706 ($+7) (no jmp)
mov al,[bx+si+02] ds:[0B1E]=F93E
cmp al,F0
jc 0000071C ($+16) (down)
pop bx
pop si
pop ds
pop bp
pop ax
iret
fwait
fstsw [29F9] WORKING And the working copy calls FICOMPW:
lds si,[bp+08]
dec si
dec si
mov [bp+08],si
sub [si],ax
push bx
xor bx,bx
push sp
pop ax
cmp ax,sp
jne 0000071C ($+28) (no jmp)
mov ax,[bx+si+01] ds:[0720]=D9DE
and ax,30FB
cmp ax,30D9
jne 00000706 ($+7) (down)
mov ax,[bx+si+01] ds:[0720]=D9DE
and ax,FEFF
cmp ax,E2DB
je 0000071C ($+b) (no
mov ax,[bx+si+01] ds:[0720]=D9DE
cmp ax,E0DF
je 0000071C ($+3) (no
mov byte [si],90
pop bx
pop si
pop ds
pop bp
pop ax
iret
ficompw st(1)
int 39
sti
fwait
push ax
mov ax,5C32
push bp
push ds
push si
mov bp,sp
lds si,[bp+08]
dec si
dec si
mov [bp+08],si
sub [si],ax
push bx
xor bx,bx
push sp
pop ax
cmp ax,sp
jne 0000071C ($+28) (no jmp)
mov ax,[bx+si+01] ds:[0723]=3EDD
and ax,30FB
cmp ax,30D9
jne 00000706 ($+7) (no jmp)
mov al,[bx+si+02] ds:[0724]=BB3E
cmp al,F0
jc 0000071C ($+16) (down)
pop bx 
murraybrandon
commented
2 years ago Hey everyone,
I'm honoured that you spent so much discretionary time getting my old shareware game Glasnos III to run in DosBox. Nice work! It was written in QuickBasic and compiled to a .exe.
Many Thanks, Murray Brandon (author of Glasnos 3 ;)
sikthehedgehog
commented
2 years ago LOL I didn't expect you to show up (still trying to look up where are Glasnos 1 and 2). Found the game in a shareware CD long ago (I still have it), used to play it on a Windows 98 machine before going to school.
Also I guess I should close this issue since it was fixed long ago (I just went play the game now to make sure, even).
Trying to run Glasnos 3 in DOSBox shows the following message and refuses to work:
This bug was inherited from the original DOSBox. Also I can confirm the same executable works just fine under Windows 98 (in a box and in pure DOS mode), so it's likely an emulation error. I have no idea what it's trying to look for (in fact, you can modify the game's dictionary of words and it not get detected, so I'm clueless about what it's trying to do).
I think (not 100% sure) that the game was made with QBasic, if that helps give any clues.