; Dissassembly of one IBM X40 mbr ; %include "mbr.h" 00000000 EB0E jmp short 0x10 ; Jump past the data (BPB & sector pointer) ; Pointer for next sector 00000002 03 db 0x03 ; Bios Parameter Block ; TODO Put it in. 00000010 FA cli ; Turn off interrupts while setting up stack 00000011 33C0 xor ax,ax ; get a known zero in ax 00000013 BC007A mov sp,0x7a00 ; use 0x7A00 as a stack frame. 00000016 8ED0 mov ss,ax ; point SS:SP at 0x0000:0x7A00 00000018 50 push ax 00000019 07 pop es 0000001A 50 push ax 0000001B 1F pop ds ; Zero es/ds (NB there is no mov ds,ax instruction) 0000001C FB sti ; Interrupts back on 0000001D FC cld ; we're using movs* instructions so get the direction right 0000001E BF0008 mov di,0x800 00000021 BE007C mov si,0x7c00 ; movsw moves ds:[si] to es:[di] 00000024 B90001 mov cx,0x100 ; set the count for rep 00000027 F3A5 rep movsw ; move ourselves from 0x7C00 (bios put us there) to 0x800 00000029 EA2E080000 jmp 0x0:0x82e ; jump to our new incarnation 0000002E 32ED xor ch,ch 00000030 BB0006 mov bx,0x600 ; the data is read into es:bx 00000033 BE0208 mov si,0x802 00000036 8A0C mov cl,[si] ; NB the byte at 0x802 is a pointer to which sector to load 00000038 B80102 mov ax,0x201 ; ah=02 (read instruction) al=01 (count of sectors to read) 0000003B BA8000 mov dx,0x80 ; Drive 0x80 is the first hdd 0000003E CD13 int 0x13 ; Call bios to do the disk op ; This Function is cunning - it loads the sectors pointed to in the first five bytes of ; the sector pointed to by [0x802] . 00000040 B90500 mov cx,0x5 ; we want 5 sectors 00000043 BB0014 mov bx,0x1400 ; we load the sectors at 0x1000 00000046 51 push cx ; store the count (int 13 needs cx set to its own data) 00000047 8BF1 mov si,cx ; Also use the count as a pointer offset 00000049 32ED xor ch,ch ; Head 0 0000004B 8A8CFF05 mov cl,[si+0x5ff]; load the sector number from memory (loaded above) 0000004F 81EB0002 sub bx,0x200 ; we want the data to end at 0x1400 (and we load it backwards) 00000053 B80102 mov ax,0x201 00000056 BA8000 mov dx,0x80 00000059 CD13 int 0x13 0000005B 59 pop cx 0000005C E2E8 loop 0x46 ; loop over sectors 0000005E B300 mov bl,0x0 00000060 BE9905 mov si,flag_1 00000063 881C mov [si],bl 00000065 BE9805 mov si,flag_2 00000068 881C mov [si],bl 0000006A BE9705 mov si,flag_3 0000006D 881C mov [si],bl 0000006F BE9605 mov si,flag_4 00000072 881C mov [si],bl ; Zero some status bytes 00000074 EB0A jmp short 0x80 set_flag_2: 00000076 B301 mov bl,0x1 ; This gets set if we rewrote the boot sector 00000078 BE9805 mov si,flag_2 0000007B 881C mov [si],bl ; Set the we rewrote something status byte 0000007D E99A00 jmp 0x11a ; Jumped to from 0x0874 00000080 E83500 call check_and_rewrite ;call 0xB8 00000083 3C01 cmp al,0x1 ; did we rewrite ?? 00000085 74EF jz set_flag_2 ; If we did go straight to 0x76 00000087 E85B00 call checksum_loaded_sectors 0000008A 3C01 cmp al,0x1 ; success or fail? 0000008C 74E8 jz set_flag_2 ; set flag on fail 0000008E BE2206 mov si,0x622 00000091 8A0C mov cl,[si] 00000093 80F900 cmp cl,0x0 00000096 0F84C702 jz near 0x361 0000009A 80F901 cmp cl,0x1 0000009D 0F845F01 jz near 0x200 000000A1 80F902 cmp cl,0x2 000000A4 0F847001 jz near 0x218 ; int boot_sector_rewrite() boot_sector_rewrite: 000000A8 BE0508 mov si,0x805 000000AB B101 mov cl,0x1 000000AD 880C mov [si],cl ; Rewrite the bootsector 000000AF B101 mov cl,0x1 000000B1 BB0008 mov bx,0x800 000000B4 E8D800 call disk_write ; Write it back to disk. (was call 0x1F8) 000000B7 C3 ret ; bool check_and_rewrite() ckeck_and_rewrite: 000000B8 BE0006 mov si,0x600 000000BB E81700 call checksum_sector ; was call 0xd5 000000BE BE2306 mov si,0x623 000000C1 8A24 mov ah,[si] 000000C3 80FC00 cmp ah,0x0 ; Compare byte at 0x623 with zero 000000C6 740A jz 0xd2 ; If it's 0 - return 0 000000C8 3C00 cmp al,0x0 000000CA 7406 jz 0xd2 ; Also return zero if the checksum did 000000CC E8D9FF call boot_sector_rewrite ; (was call 0xA8 ) the gets called if both tests return non-zero. 000000CF B001 mov al,0x1 ; return 1 if we did the rewrite 000000D1 C3 ret 000000D2 B000 mov al,0x0 ; zero if we did not rewrite. 000000D4 C3 ret ; byte checksum_sector( si = addr in mem of sector) ; This function looks like it xors together (bytewise) a sector thats been memory loaded. God only knows if this is some ibm checksum wankery. checksum_sector: 000000D5 4E dec si ; si is a parameter passed to this function 000000D6 32C0 xor al,al 000000D8 B90002 mov cx,0x200 000000DB 8BD9 mov bx,cx 000000DD 8A10 mov dl,[bx+si] 000000DF 32C2 xor al,dl 000000E1 E2F8 loop 0xdb 000000E3 46 inc si 000000E4 C3 ret ; Checksum the sectors pointed to by 0x600-0x605 and return ; 1 on fail. 0 on success. checksum_loaded_sectors: 000000E5 B90100 mov cx,0x1 000000E8 51 push cx ;initialise checksumming loop checksum_loop: 000000E9 B80002 mov ax,0x200 000000EC F7E1 mul cx 000000EE 050008 add ax,0x800 000000F1 8BF0 mov si,ax ; si = start of sector to checksum 000000F3 E8DFFF call checksum_sector ; was call 0xD5 000000F6 5E pop si 000000F7 56 push si ; si=TOS=count 000000F8 8A8C0506 mov cl,[si+0x605] 000000FC 80F900 cmp cl,0x0 ;test status byte at 0x605 + positionof sector 000000FF 7415 jz 0x116 00000101 38C1 cmp cl,al ; Check the checksum. 00000103 750A jnz checksum_fail 00000105 59 pop cx 00000106 41 inc cx 00000107 51 push cx 00000108 83F906 cmp cx,byte +0x6 0000010B 7409 jz checksum_success 0000010D 75DA jnz checksum_loop checksum_fail: 0000010F 59 pop cx 00000110 E895FF call bootsector_rewrite 00000113 B001 mov al,0x1 00000115 C3 ret checksum_success: 00000116 59 pop cx 00000117 B000 mov al,0x0 00000119 C3 ret ; Do this if we set flag_2 0000011A 32ED xor ch,ch 0000011C BE0708 mov si,0x807 0000011F 8A0C mov cl,[si] ; Get data from boot_sector+7 00000121 B80102 mov ax,0x201 00000124 BB007C mov bx,0x7c00 00000127 BA8000 mov dx,0x80 0000012A CD13 int 0x13 ; Load the sector pointed to by 0x807 into 0x7C00 0000012C 8BF3 mov si,bx 0000012E E8A4FF call checksum_sector ; Checksum the sector we loaded. 00000131 BE0608 mov si,0x806 00000134 8A24 mov ah,[si] 00000136 80FC00 cmp ah,0x0 00000139 742F jz rw_part_reboot 0000013B 38C4 cmp ah,al 0000013D 742B jz rw_part_reboot 0000013F E866FF call boot_sector_rewrite 00000142 BEAF07 mov si,0x7af 00000145 E80802 call 0x350 00000148 BE0E06 mov si,0x60e 0000014B 32ED xor ch,ch 0000014D 8A0C mov cl,[si] 0000014F 80C101 add cl,0x1 00000152 51 push cx 00000153 B9803E mov cx,0x3e80 00000156 E82300 call 0x17c 00000159 59 pop cx 0000015A E2F6 loop 0x152 0000015C BE9805 mov si,0x598 0000015F 8A04 mov al,[si] 00000161 3C01 cmp al,0x1 00000163 7403 jz 0x168 00000165 E89800 call 0x200 ; Call The IBM Voodoo 00000168 CD18 int 0x18 ; Reboot 0000016A BEBE09 mov si,0x9be ;Partition table in sector 1; 0000016D BFBE7D mov di,0x7dbe 00000170 B92000 mov cx,0x20 ; Copy the one in sector 1 over the one in sector 1 00000173 F3A5 rep movsw 00000175 EB00 jmp short 0x177 ; clear prefetch queues etc. 00000177 EA007C0000 jmp 0x0:0x7c00 ; Jump to sane bs. 0000017C 50 push ax 0000017D E461 in al,0x61 0000017F 2410 and al,0x10 00000181 8AE0 mov ah,al 00000183 E461 in al,0x61 00000185 2410 and al,0x10 00000187 38E0 cmp al,ah 00000189 74F8 jz 0x183 0000018B E2F4 loop 0x181 0000018D 58 pop ax 0000018E C3 ret disk_write: 0000018F 32ED xor ch,ch ;This Subroutine does a disk write. 00000191 B80103 mov ax,0x301 00000194 BA8000 mov dx,0x80 00000197 CD13 int 0x13 00000199 C3 ret ;Data times 0x1E db 0 db 0xcd,0xcc,0xcd,0xcc db 0,0 partition_table: ; ; Copy of a normal boot sector;; 00000200 33C0 xor ax,ax 00000202 8ED0 mov ss,ax 00000204 BC007C mov sp,0x7c00 00000207 FB sti 00000208 50 push ax 00000209 07 pop es 0000020A 50 push ax 0000020B 1F pop ds 0000020C FC cld ; Initialise the setup. 0000020D BE1B7C mov si,0x7c1b 00000210 BF1B06 mov di,0x61b 00000213 50 push ax 00000214 57 push di 00000215 B9E501 mov cx,0x1e5 00000218 F3A4 rep movsb 0000021A CB retf ; Copy ourselves to 0x600, and jump 0000021B BEBE07 mov si,0x7be ; Scan partition table. 0000021E B104 mov cl,0x4 00000220 382C cmp [si],ch 00000222 7C09 jl 0x22d 00000224 7515 jnz 0x23b ; one of bits 0-6 non-zero. Partition Table Farked 00000226 83C610 add si,byte +0x10 00000229 E2F5 loop 0x220 0000022B CD18 int 0x18 ; No active partitions try diskless booting. 0000022D 8B14 mov dx,[si] 0000022F 8BEE mov bp,si 00000231 83C610 add si,byte +0x10 00000234 49 dec cx 00000235 7416 jz 0x24d 00000237 382C cmp [si],ch 00000239 74F6 jz 0x231 0000023B BE1007 mov si,0x710 ; Display "Partition Table is Farked", 2 bootable partitions ;Display message at si-1. then FOADIAGBCF 0000023E 4E dec si 0000023F AC lodsb 00000240 3C00 cmp al,0x0 00000242 74FA jz 0x23e 00000244 BB0700 mov bx,0x7 00000247 B40E mov ah,0xe 00000249 CD10 int 0x10 0000024B EBF2 jmp short 0x23f ; Actually boot. (bp->partition record) 0000024D 894625 mov [bp+0x25],ax 00000250 96 xchg ax,si 00000251 8A4604 mov al,[bp+0x4] 00000254 B406 mov ah,0x6 00000256 3C0E cmp al,0xe ; LBA FAT 00000258 7411 jz lba_fat 0000025A B40B mov ah,0xb 0000025C 3C0C cmp al,0xc ; LBA FAT32 0000025E 7405 jz lba_fat32 00000260 3AC4 cmp al,ah ; FAT32 00000262 752B jnz not_fat 00000264 40 inc ax ; Clear ZF lba_fat32: 00000265 C6462506 mov byte [bp+0x25],0x6 00000269 7524 jnz 0x28f lba_fat: 0000026B BBAA55 mov bx,0x55aa 0000026E 50 push ax 0000026F B441 mov ah,0x41 00000271 CD13 int 0x13 ; LBA-Extensions Installation Check 00000273 58 pop ax 00000274 7216 jc lba_off 00000276 81FB55AA cmp bx,0xaa55 0000027A 7510 jnz lba_off 0000027C F6C101 test cl,0x1 ; Test for extended disk-read functions 0000027F 740B jz lba_off 00000281 8AE0 mov ah,al 00000283 885624 mov [bp+0x24],dl 00000286 C706A106EB1E mov word [0x6a1],0x1eeb ; MING MING MING. lba_off: 0000028C 886604 mov [bp+0x4],ah not_lba: 0000028F BF0A00 mov di,0xa 00000292 B80102 mov ax,0x201 00000295 8BDC mov bx,sp 00000297 33C9 xor cx,cx 00000299 83FF05 cmp di,byte +0x5 0000029C 7F03 jg 0x2a1 0000029E 8B4E25 mov cx,[bp+0x25] 000002A1 034E02 add cx,[bp+0x2] 000002A4 CD13 int 0x13 000002A6 7229 jc 0x2d1 000002A8 BE4607 mov si,0x746 000002AB 813EFE7D55AA cmp word [0x7dfe],0xaa55 000002B1 745A jz 0x30d 000002B3 83EF05 sub di,byte +0x5 000002B6 7FDA jg 0x292 000002B8 85F6 test si,si 000002BA 7583 jnz 0x23f 000002BC BE2707 mov si,0x727 000002BF EB8A jmp short 0x24b 000002C1 98 cbw 000002C2 91 xchg ax,cx 000002C3 52 push dx 000002C4 99 cwd 000002C5 034608 add ax,[bp+0x8] 000002C8 13560A adc dx,[bp+0xa] 000002CB E81200 call 0x2e0 000002CE 5A pop dx 000002CF EBD5 jmp short 0x2a6 000002D1 4F dec di 000002D2 74E4 jz 0x2b8 000002D4 33C0 xor ax,ax 000002D6 CD13 int 0x13 000002D8 EBB8 jmp short 0x292 000002DA 0000 add [bx+si],al 000002DC 0000 add [bx+si],al 000002DE 0000 add [bx+si],al 000002E0 56 push si 000002E1 33F6 xor si,si 000002E3 56 push si 000002E4 56 push si 000002E5 52 push dx 000002E6 50 push ax 000002E7 06 push es 000002E8 53 push bx 000002E9 51 push cx 000002EA BE1000 mov si,0x10 000002ED 56 push si 000002EE 8BF4 mov si,sp 000002F0 50 push ax 000002F1 52 push dx 000002F2 B80042 mov ax,0x4200 000002F5 8A5624 mov dl,[bp+0x24] 000002F8 CD13 int 0x13 000002FA 5A pop dx 000002FB 58 pop ax 000002FC 8D6410 lea sp,[si+0x10] 000002FF 720A jc 0x30b 00000301 40 inc ax 00000302 7501 jnz 0x305 00000304 42 inc dx 00000305 80C702 add bh,0x2 00000308 E2F7 loop 0x301 0000030A F8 clc 0000030B 5E pop si 0000030C C3 ret 0000030D EB74 jmp short 0x383 ; Data ;00000300 - - - - - - - - - - - - - - - 49 |.@u.B......^..tI| ;00000310 6e 76 61 6c 69 64 20 70 61 72 74 69 74 69 6f 6e |nvalid partition| ;00000320 20 74 61 62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 | table.Error loa| ;00000330 64 69 6e 67 20 6f 70 65 72 61 74 69 6e 67 20 73 |ding operating s| ;00000340 79 73 74 65 6d 00 4d 69 73 73 69 6e 67 20 6f 70 |ystem.Missing op| ;00000350 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 00 00 |erating system..| ;00000360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000383 8BFC mov di,sp 00000385 1E push ds 00000386 57 push di 00000387 8BF5 mov si,bp 00000389 CB retf ;000003b0 00 00 00 00 00 00 00 00 cd cc cd cc 00 00 80 01 |................| ;000003c0 01 00 0c ef ff ff 3f 00 00 00 41 96 21 04 00 00 |......?...A.!...| ;000003d0 c1 ff 0c ef ff ff 80 96 21 04 80 bc 86 00 00 00 |........!.......| ;000003e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| ;Data Sector ;00000400 04 05 00 00 00 59 3a 43 00 00 00 4e 50 02 0a 85 |.....Y:C...NP...| ;00000410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| ;00000420 00 ff 00 f2 00 ff 00 00 00 00 00 00 00 00 00 00 |................| ;00000430 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| ;* ;00000550 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 6f |..............To| ;00000560 20 73 74 61 72 74 20 79 6f 75 72 20 49 42 4d 20 | start your IBM | ;00000570 50 72 6f 64 75 63 74 20 52 65 63 6f 76 65 72 79 |Product Recovery| ;00000580 20 70 72 6f 67 72 61 6d 2c 20 50 72 65 73 73 20 | program, Press | ;00000590 46 31 31 0a 0d 00 00 00 00 00 00 00 00 00 00 00 |F11.............| ;000005a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 |...............T| ;000005b0 68 65 72 65 20 68 61 73 20 62 65 65 6e 20 61 20 |here has been a | ;000005c0 73 69 67 6e 61 74 75 72 65 20 66 61 69 6c 75 72 |signature failur| ;000005d0 65 0a 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 |e...............| ;000005e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| ; 00000600 B102 mov cl,0x2 00000602 E8F900 call 0x6fe 00000605 E8FF00 call 0x707 00000608 3C00 cmp al,0x0 0000060A 7428 jz 0x634 0000060C 3C01 cmp al,0x1 0000060E 742D jz 0x63d 00000610 3C02 cmp al,0x2 00000612 745A jz 0x66e 00000614 3C03 cmp al,0x3 00000616 7425 jz 0x63d 00000618 B100 mov cl,0x0 0000061A E8E100 call 0x6fe 0000061D E8E700 call 0x707 00000620 3C00 cmp al,0x0 00000622 747A jz 0x69e 00000624 3C01 cmp al,0x1 00000626 0F848200 jz near 0x6ac 0000062A 3C02 cmp al,0x2 0000062C 0F84A900 jz near 0x6d9 00000630 3C03 cmp al,0x3 00000632 7478 jz 0x6ac 00000634 E87902 call 0x8b0 00000637 E87C03 call 0x9b6 0000063A E9DDFE jmp 0x51a 0000063D BE2406 mov si,0x624 00000640 8A24 mov ah,[si] 00000642 80FC01 cmp ah,0x1 00000645 741E jz 0x665 00000647 E8C800 call 0x712 0000064A E81B02 call 0x868 0000064D B80200 mov ax,0x2 00000650 E86C01 call 0x7bf 00000653 E8B301 call 0x809 00000656 E83302 call 0x88c 00000659 B80200 mov ax,0x2 0000065C E88401 call 0x7e3 0000065F E84E02 call 0x8b0 00000662 E9B5FE jmp 0x51a 00000665 E84802 call 0x8b0 00000668 E84B03 call 0x9b6 0000066B E9ACFE jmp 0x51a 0000066E E8A100 call 0x712 00000671 E8F401 call 0x868 00000674 B80200 mov ax,0x2 00000677 E84501 call 0x7bf 0000067A E88C01 call 0x809 0000067D BE2406 mov si,0x624 00000680 8A24 mov ah,[si] 00000682 80FC01 cmp ah,0x1 00000685 7405 jz 0x68c 00000687 E80202 call 0x88c 0000068A EB03 jmp short 0x68f 0000068C E86A02 call 0x8f9 0000068F B80200 mov ax,0x2 00000692 E84E01 call 0x7e3 00000695 E81802 call 0x8b0 00000698 E81B03 call 0x9b6 0000069B E97CFE jmp 0x51a 0000069E E87C02 call 0x91d 000006A1 B000 mov al,0x0 000006A3 E8C302 call 0x969 000006A6 E84C03 call 0x9f5 000006A9 E9B500 jmp 0x761 000006AC BE0506 mov si,0x605 000006AF 8A04 mov al,[si] 000006B1 2430 and al,0x30 000006B3 C0E804 shr al,0x4 000006B6 E8AF01 call 0x868 000006B9 B80200 mov ax,0x2 000006BC E80001 call 0x7bf 000006BF E84701 call 0x809 000006C2 E83402 call 0x8f9 000006C5 B80200 mov ax,0x2 000006C8 E81801 call 0x7e3 000006CB E84F02 call 0x91d 000006CE B001 mov al,0x1 000006D0 E89602 call 0x969 000006D3 E81F03 call 0x9f5 000006D6 E98800 jmp 0x761 000006D9 E83600 call 0x712 000006DC E88901 call 0x868 000006DF B80200 mov ax,0x2 000006E2 E8DA00 call 0x7bf 000006E5 E82101 call 0x809 000006E8 E8A101 call 0x88c 000006EB B80200 mov ax,0x2 000006EE E8F200 call 0x7e3 000006F1 E82902 call 0x91d 000006F4 B000 mov al,0x0 000006F6 E87002 call 0x969 000006F9 E8F902 call 0x9f5 000006FC EB63 jmp short 0x761 000006FE BE2206 mov si,0x622 00000701 880C mov [si],cl 00000703 E82700 call 0x72d 00000706 C3 ret 00000707 BE0506 mov si,0x605 0000070A 8A04 mov al,[si] 0000070C 240C and al,0xc 0000070E C0E802 shr al,0x2 00000711 C3 ret 00000712 BE0506 mov si,0x605 00000715 8A04 mov al,[si] 00000717 BE2406 mov si,0x624 0000071A 8A24 mov ah,[si] 0000071C 80FC01 cmp ah,0x1 0000071F 7406 jz 0x727 00000721 2430 and al,0x30 00000723 C0E804 shr al,0x4 00000726 C3 ret 00000727 24C0 and al,0xc0 00000729 C0E806 shr al,0x6 0000072C C3 ret 0000072D BE2306 mov si,0x623 00000730 8A04 mov al,[si] 00000732 3C00 cmp al,0x0 00000734 740E jz 0x744 00000736 C60400 mov byte [si],0x0 00000739 BE0006 mov si,0x600 0000073C E896FD call 0x4d5 0000073F BE2306 mov si,0x623 00000742 8804 mov [si],al 00000744 BE0208 mov si,0x802 00000747 8A0C mov cl,[si] 00000749 BB0006 mov bx,0x600 0000074C E840FE call 0x58f 0000074F C3 ret 00000750 AC lodsb 00000751 3C00 cmp al,0x0 00000753 7501 jnz 0x756 00000755 C3 ret 00000756 56 push si 00000757 BB0700 mov bx,0x7 0000075A B40E mov ah,0xe 0000075C CD10 int 0x10 0000075E 5E pop si 0000075F EBEF jmp short 0x750 00000761 BE0506 mov si,0x605 00000764 8A0C mov cl,[si] 00000766 80E101 and cl,0x1 00000769 80F901 cmp cl,0x1 0000076C 7402 jz 0x770 0000076E 7514 jnz 0x784 00000770 B442 mov ah,0x42 00000772 32C0 xor al,al 00000774 CD15 int 0x15 00000776 80FC86 cmp ah,0x86 00000779 7409 jz 0x784 0000077B 83F801 cmp ax,byte +0x1 0000077E 743C jz 0x7bc 00000780 0F8596FD jnz near 0x51a 00000784 BE5E07 mov si,0x75e 00000787 E8C6FF call 0x750 0000078A BE0E06 mov si,0x60e 0000078D 32ED xor ch,ch 0000078F 8A0C mov cl,[si] 00000791 80C101 add cl,0x1 00000794 B411 mov ah,0x11 00000796 CD16 int 0x16 00000798 7410 jz 0x7aa 0000079A 51 push cx 0000079B E81900 call 0x7b7 0000079E 59 pop cx 0000079F BE0F06 mov si,0x60f 000007A2 8A04 mov al,[si] 000007A4 38C4 cmp ah,al 000007A6 7414 jz 0x7bc 000007A8 75EA jnz 0x794 000007AA 51 push cx 000007AB B9803E mov cx,0x3e80 000007AE E8CBFD call 0x57c 000007B1 59 pop cx 000007B2 E2E0 loop 0x794 000007B4 E963FD jmp 0x51a 000007B7 B410 mov ah,0x10 000007B9 CD16 int 0x16 000007BB C3 ret 000007BC E941FE jmp 0x600 000007BF BE007B mov si,0x7b00 000007C2 C60410 mov byte [si],0x10 000007C5 C6440100 mov byte [si+0x1],0x0 000007C9 894402 mov [si+0x2],ax 000007CC C6440400 mov byte [si+0x4],0x0 000007D0 C644057C mov byte [si+0x5],0x7c 000007D4 C6440600 mov byte [si+0x6],0x0 000007D8 C6440700 mov byte [si+0x7],0x0 000007DC B442 mov ah,0x42 000007DE B280 mov dl,0x80 000007E0 CD13 int 0x13 000007E2 C3 ret 000007E3 BE007B mov si,0x7b00 000007E6 C60410 mov byte [si],0x10 000007E9 C6440100 mov byte [si+0x1],0x0 000007ED 894402 mov [si+0x2],ax 000007F0 C6440400 mov byte [si+0x4],0x0 000007F4 C644057C mov byte [si+0x5],0x7c 000007F8 C6440600 mov byte [si+0x6],0x0 000007FC C6440700 mov byte [si+0x7],0x0 00000800 B443 mov ah,0x43 00000802 B280 mov dl,0x80 00000804 32C0 xor al,al 00000806 CD13 int 0x13 00000808 C3 ret 00000809 BE037C mov si,0x7c03 0000080C 8B04 mov ax,[si] 0000080E 3C4E cmp al,0x4e 00000810 7406 jz 0x818 00000812 3C4D cmp al,0x4d 00000814 741A jz 0x830 00000816 EB4D jmp short 0x865 00000818 80FC54 cmp ah,0x54 0000081B 7543 jnz 0x860 0000081D 8B4402 mov ax,[si+0x2] 00000820 3C46 cmp al,0x46 00000822 753C jnz 0x860 00000824 80FC53 cmp ah,0x53 00000827 7537 jnz 0x860 00000829 BE9605 mov si,0x596 0000082C C60401 mov byte [si],0x1 0000082F C3 ret 00000830 80FC53 cmp ah,0x53 00000833 752B jnz 0x860 00000835 8B4402 mov ax,[si+0x2] 00000838 3C57 cmp al,0x57 0000083A 7524 jnz 0x860 0000083C 80FC49 cmp ah,0x49 0000083F 751F jnz 0x860 00000841 8B4404 mov ax,[si+0x4] 00000844 3C4E cmp al,0x4e 00000846 7518 jnz 0x860 00000848 80FC34 cmp ah,0x34 0000084B 7513 jnz 0x860 0000084D 8B4406 mov ax,[si+0x6] 00000850 3C2E cmp al,0x2e 00000852 750C jnz 0x860 00000854 80FC31 cmp ah,0x31 00000857 7507 jnz 0x860 00000859 BE9605 mov si,0x596 0000085C C60402 mov byte [si],0x2 0000085F C3 ret 00000860 B102 mov cl,0x2 00000862 E899FE call 0x6fe 00000865 E9B2FC jmp 0x51a 00000868 BF007B mov di,0x7b00 0000086B 83C708 add di,byte +0x8 0000086E 32E4 xor ah,ah 00000870 B91000 mov cx,0x10 00000873 F7E1 mul cx 00000875 83C008 add ax,byte +0x8 00000878 BEBE09 mov si,0x9be 0000087B 03F0 add si,ax 0000087D B90400 mov cx,0x4 00000880 F3A4 rep movsb 00000882 C7050000 mov word [di],0x0 00000886 C745020000 mov word [di+0x2],0x0 0000088B C3 ret 0000088C BE9605 mov si,0x596 0000088F 8A04 mov al,[si] 00000891 3C01 cmp al,0x1 00000893 7405 jz 0x89a 00000895 3C02 cmp al,0x2 00000897 740C jz 0x8a5 00000899 C3 ret 0000089A BE027E mov si,0x7e02 0000089D C60450 mov byte [si],0x50 000008A0 C6440245 mov byte [si+0x2],0x45 000008A4 C3 ret 000008A5 BE707D mov si,0x7d70 000008A8 C60450 mov byte [si],0x50 000008AB C6440145 mov byte [si+0x1],0x45 000008AF C3 ret 000008B0 B90300 mov cx,0x3 000008B3 BEBE09 mov si,0x9be 000008B6 B81000 mov ax,0x10 000008B9 F7E1 mul cx 000008BB 8BD8 mov bx,ax 000008BD 8A20 mov ah,[bx+si] 000008BF 80FC80 cmp ah,0x80 000008C2 7406 jz 0x8ca 000008C4 E2F0 loop 0x8b6 000008C6 F7E1 mul cx 000008C8 8BD8 mov bx,ax 000008CA C60000 mov byte [bx+si],0x0 000008CD BE2106 mov si,0x621 000008D0 8A2C mov ch,[si] 000008D2 80FDFF cmp ch,0xff 000008D5 7505 jnz 0x8dc 000008D7 880C mov [si],cl 000008D9 E851FE call 0x72d 000008DC E833FE call 0x712 000008DF 33C9 xor cx,cx 000008E1 8AC8 mov cl,al 000008E3 B81000 mov ax,0x10 000008E6 F7E1 mul cx 000008E8 BEBE09 mov si,0x9be 000008EB 03F0 add si,ax 000008ED C60480 mov byte [si],0x80 000008F0 B101 mov cl,0x1 000008F2 BB0008 mov bx,0x800 000008F5 E897FC call 0x58f 000008F8 C3 ret 000008F9 BE9605 mov si,0x596 000008FC 8A04 mov al,[si] 000008FE 3C01 cmp al,0x1 00000900 7405 jz 0x907 00000902 3C02 cmp al,0x2 00000904 740C jz 0x912 00000906 C3 ret 00000907 BE027E mov si,0x7e02 0000090A C6044E mov byte [si],0x4e 0000090D C6440254 mov byte [si+0x2],0x54 00000911 C3 ret 00000912 BE707D mov si,0x7d70 00000915 C6044E mov byte [si],0x4e 00000918 C6440154 mov byte [si+0x1],0x54 0000091C C3 ret 0000091D BEBE09 mov si,0x9be 00000920 56 push si 00000921 E8EEFD call 0x712 00000924 33C9 xor cx,cx 00000926 8AC8 mov cl,al 00000928 B81000 mov ax,0x10 0000092B F7E1 mul cx 0000092D 5E pop si 0000092E 56 push si 0000092F 03F0 add si,ax 00000931 803C80 cmp byte [si],0x80 00000934 5E pop si 00000935 7528 jnz 0x95f 00000937 C60400 mov byte [si],0x0 0000093A C6441000 mov byte [si+0x10],0x0 0000093E C6442000 mov byte [si+0x20],0x0 00000942 C6443000 mov byte [si+0x30],0x0 00000946 B81000 mov ax,0x10 00000949 BB2106 mov bx,0x621 0000094C 8A0F mov cl,[bx] 0000094E 32ED xor ch,ch 00000950 F7E1 mul cx 00000952 03F0 add si,ax 00000954 C60480 mov byte [si],0x80 00000957 B101 mov cl,0x1 00000959 BB0008 mov bx,0x800 0000095C E830FC call 0x58f 0000095F BE2106 mov si,0x621 00000962 C604FF mov byte [si],0xff 00000965 E8C5FD call 0x72d 00000968 C3 ret 00000969 BE0506 mov si,0x605 0000096C 8A24 mov ah,[si] 0000096E 3C01 cmp al,0x1 00000970 7408 jz 0x97a 00000972 80E430 and ah,0x30 00000975 C0EC04 shr ah,0x4 00000978 EB06 jmp short 0x980 0000097A 80E4C0 and ah,0xc0 0000097D C0EC06 shr ah,0x6 00000980 8AC4 mov al,ah 00000982 33C9 xor cx,cx 00000984 8AC8 mov cl,al 00000986 B81000 mov ax,0x10 00000989 F7E1 mul cx 0000098B BEBE09 mov si,0x9be 0000098E 03F0 add si,ax 00000990 83C604 add si,byte +0x4 00000993 803C0C cmp byte [si],0xc 00000996 7514 jnz 0x9ac 00000998 BB2506 mov bx,0x625 0000099B 8A0F mov cl,[bx] 0000099D 80F9FF cmp cl,0xff 000009A0 740A jz 0x9ac 000009A2 880C mov [si],cl 000009A4 B101 mov cl,0x1 000009A6 BB0008 mov bx,0x800 000009A9 E8E3FB call 0x58f 000009AC BE2506 mov si,0x625 000009AF C604FF mov byte [si],0xff 000009B2 E878FD call 0x72d 000009B5 C3 ret 000009B6 E859FD call 0x712 000009B9 33C9 xor cx,cx 000009BB 8AC8 mov cl,al 000009BD B81000 mov ax,0x10 000009C0 F7E1 mul cx 000009C2 BEBE09 mov si,0x9be 000009C5 03F0 add si,ax 000009C7 83C604 add si,byte +0x4 000009CA 8A0C mov cl,[si] 000009CC 80F91C cmp cl,0x1c 000009CF 7407 jz 0x9d8 000009D1 80F912 cmp cl,0x12 000009D4 7402 jz 0x9d8 000009D6 EB1C jmp short 0x9f4 000009D8 56 push si 000009D9 BE2506 mov si,0x625 000009DC 8A2C mov ch,[si] 000009DE 80FDFF cmp ch,0xff 000009E1 7505 jnz 0x9e8 000009E3 880C mov [si],cl 000009E5 E845FD call 0x72d 000009E8 5E pop si 000009E9 C6040C mov byte [si],0xc 000009EC B101 mov cl,0x1 000009EE BB0008 mov bx,0x800 000009F1 E89BFB call 0x58f 000009F4 C3 ret 000009F5 BE2406 mov si,0x624 000009F8 C60400 mov byte [si],0x0 000009FB E82FFD call 0x72d 000009FE C3 ret 000009FF 00 db 0x00