search for: _start_common

...gets pushed to the stack. (So the code around the int 13 assumes that either int 13 fails and returns CX == 0, or the reply is good enough to reach "andw 1,%cx". Ewww ...) Now in isolinux.asm we have this test, quite immediately after the stack was exploited: mov si,bios_cbios jcxz _start_common mov si,bios_ebios jmp _start_common If CX is 4 (= EDD) here, then we go to LBA addressing and the confused geometry is not of interest on the first try. At least this would explain why our modern virtual BIOSes let isolinux.bin work. (I.e. the "EBIOS" flag is indeed effective in isol...

Hi, i am looking now at the code which i assume loads the rest of isolinux.bin. The entry point for program execution from the MBR is obviously at http://git.zytor.com/syslinux/syslinux.git/tree/core/isolinux.asm#n186 (Do i get it right that this is the Intel syntax ? (Gronfff)) If POP yields the victim of the most recent not yet popped PUSH, then this does not look correctly coordinated