Long time no post… oops… ho hum…<\/p>\n
I recently came across some old Z80 code (I have access to extremely little of any of my old Z80 code) and found this little trick… This is one way to annoy automatic disassemblers by the way…<\/p>\n
00490 CALL DMESS
\n00500 DEFB 14,2
\n00510 DEFM “PRESS SPAC”
\n00520 DEFM “E TO CONTI”
\n00530 DEFM “NUE…..”
\n00540 DEFB 0
\n00550 LD HL,MHELLO
\n00560 LD (MPOS),HL
\n00570 CALL CRAWL<\/p>\n
So what is the old code trick? So basically the trick is calling a subroutine (DMESS in this case) and putting the data it needs directly after the call, followed by more code. A disassembler would try to decode the data as code, and make a mess.<\/p>\n
In this case the DMESS routine pulls the “return address” the Z80 would normally use when the routine was done, takes two bytes as co-ordinates and then a string of characters to print on screen until it find a zero byte, then pushes the address of the byte after the zero as the new return address as the last thing it does. Voila! Data inside code!<\/p>\n
The last two instructions in the DMESS routine are “PUSH HL” and “RET”. Pretty much any time these two instructions are found together in that order there is some sort of programming trick going on.<\/p>\n
P.S. The code looks a little bit odd here, particularly the broken words in the message but there is a reason. I always used to code using tools on the machine itself, a ZX Spectrum in this case with a 32 column display. The space between the line number and instructions and assembler directives has been swallowed but the source was set with maximum 30 character lines.<\/p>\n","protected":false},"excerpt":{"rendered":"
Long time no post… oops… ho hum… I recently came across some old Z80 code (I have access to extremely little of any of my old Z80 code) and found this little trick… This is one way to annoy automatic disassemblers by the way… 00490 CALL DMESS 00500 DEFB 14,2 00510 DEFM “PRESS SPAC” 00520 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-121","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/posts\/121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/comments?post=121"}],"version-history":[{"count":0,"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/posts\/121\/revisions"}],"wp:attachment":[{"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/media?parent=121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/categories?post=121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mrgadget.nexus\/oldcodetricks\/wp-json\/wp\/v2\/tags?post=121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}