About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Store
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
GynvaelColdwind
's Blog
Created: Tuesday, December 29 2009 10:54.50 CST
Printer Friendly ...
BSWAP + 66h prefix (bochs, QEMU detection)
Author:
GynvaelColdwind
# Views:
1485
In the last few days I've been playing with osdev again (last time I've coded something more than a boot menu, was in 2003), so expect a few posts about assembler, x86 emulators and similar institutions. Today's post will be about the
bswap reg16
instruction, running in protected mode - which, as one will find out, can be used, for example, to detect bochs or QEMU.
The
bswap reg16
instruction is in fact a
bswap reg32
with the
66h prefix
, also known as the operand-size override prefix (it switches the operands between 32 and 16 bits, where 32 is the default in PMODE of course). As one can read in the Intel manuals, using bswap with the 66h prefix will result in getting an
undefined behavior
.
Read the full post...
Blog Comments
PeterFerrie
Posted: Wednesday, December 30 2009 23:08.52 CST
DOSBox had this bug until recently, too. It's a problem that people rediscover every so often. :-)
As far as "undefined" behaviour, it's completely defined, they just don't want to tell you what it is.
Anyway, it's always behaved in the same way since the 486 was released - the top 16 bits are zero in 16-bit mode, so they get swapped in. My emulator has always supported that behaviour.
GynvaelColdwind
Posted: Thursday, December 31 2009 07:43.35 CST
@PeterFerrie
Thanks for commenting! I've updated the post on my blog with the information you provided ;>
Haha the CPUs are getting more and more interesting. So many interesting stories and pieces of interesting information related to just one small bswap instruction ;>
Add New Comment
Comment:
Active in Last 5 Minutes
Usman
mittalneerajgmailcom
There are
16,568
total registered users.
Recently Created Topics
how to crate a PATC...
Mar/10
wsnpoem audio.dll
Mar/09
suggestions - RE tra...
Mar/09
Requesting Suggestio...
Mar/06
Force enable debug p...
Mar/05
upgrading new image ...
Mar/03
upgrading new image ...
Mar/03
upgrading new image ...
Mar/03
Can some one give me...
Mar/02
Error in generating ...
Feb/28
Recent Forum Posts
wsnpoem audio.dll
zhane
suggestions - RE tra...
Silkut
how to crate a PATC...
Silkut
suggestions - RE tra...
RolfRolles
wsnpoem audio.dll
debbie
Requesting Suggestio...
secursig
Requesting Suggestio...
phn1x
how to get executabl...
RabidCi...
how to get executabl...
RabidCi...
Force enable debug p...
Silkut
Recent Blog Entries
RolfRolles
Mar/08
Compiler Optimizations for ...
ReWolf
Mar/04
When memory management goes...
thesprawler
Feb/20
log1949.txt -- Wondering ho...
thesprawler
Feb/20
log1949.log -- created on C...
thesprawler
Feb/17
Trying to reverse the firmw...
More ...
Recent Blog Comments
Boken
on:
Mar/12
Compiler Optimizations for ...
wildinto
on:
Mar/10
Compiler Optimizations for ...
Orr
on:
Mar/10
Compiler Optimizations for ...
bughoho
on:
Mar/09
Compiler Optimizations for ...
cliffwolf
on:
Mar/08
Compiler Optimizations for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}