SALC Opcode

[Valsamon]

It seems that the "undocumented" SALC opcode (0D6H) is not emulated or incorrectly emulated. Is this a bug or a lack of feature?

[leecher1337]

Interesting find... In the CCPU, D6 seems to be another (shorter) opcode for BOP. The official BOP opcode is C4C4, but the CCPU seems to also take D6 as a BOP. However, afaik all assembly code of NTVDM uses C4C4 BOPs, so I can try to replace D6 with the correct opcode SALC instead.

Maybe it has historical reasons, as D6 is an undocumented opcode. So that Insignia devs first thought that D6 will be a perfect invalid opcode and could be used for BOP and later discovered, that it was a valid OPcode, but kept it in their emulated CPU for backwards compatibility? We can only speculate...

[leecher1337]

Ah, found a quote that would support my theory:

AIRC BOP meant "BIOS Operation". It was the mechanism used in SoftPC
to transfer control from the emulated Intel world to the native world
on which the emulator was running. Most of the BIOS in the early
SoftPC versions consisted of very short sequences of Intel code ending
in a BOP. It was originally a different opcode but when we switched
from emulating an 8086 to an 80286 that was no longer an illegal
instruction so we changed it to C4C4.

jim hatfield

https://seclists.org/bugtraq/2004/Oct/183

[Valsamon]

Thanks for your quick reply and information!