'm working on a x86 DOS opcode decoder/interpreter in C# (why yes, I
am bored...why do you ask?). I've been using TatraDAS and some other
disassemblers to compare my results, and then GRDB to verify execution
results. The other day I hit an error one opcode in the program I'm
looking at is decoded by TatraDAS (and the hexdump) as:

050000    add AX, 0000

GRDB however, claims that the hexdump is

050200    add AX, 0002

I've verified TatraDAS's results with another disassembler, and GRDB
is the only differing one. I think the two executables I noticed this
on are qbasic.exe and moria286.exe.

Does GRDB perform some sort of translation I'm not familiar with? Or
is there something involved in the MZ loading/parsing that I'm not
familiar with?

"tbc++"  <spamtrap@crayne.org> wrote:
>
>I'm working on a x86 DOS opcode decoder/interpreter in C# (why yes, I
>am bored...why do you ask?). I've been using TatraDAS and some other
>disassemblers to compare my results, and then GRDB to verify execution
>results. The other day I hit an error one opcode in the program I'm
>looking at is decoded by TatraDAS (and the hexdump) as:
>
>050000    add AX, 0000
>
>GRDB however, claims that the hexdump is
>
>050200    add AX, 0002
>
>I've verified TatraDAS's results with another disassembler, and GRDB
>is the only differing one. I think the two executables I noticed this
>on are qbasic.exe and moria286.exe.
>
>Does GRDB perform some sort of translation I'm not familiar with? Or
>is there something involved in the MZ loading/parsing that I'm not
>familiar with?

Well, which one is the correct byte stream?  If you do a straight hex dump
of the file, do you see 05 00 00 or do you see 05 02 00?
-- 
Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc.