Flag 200h open file

Question

cseg01:00056938                 mov     edx, offset var_byte_0004DCC8
cseg01:0005693D                 mov     eax, offset hmi_drv_str
cseg01:00056942                 call    strcpy_
cseg01:00056947                 mov     edx, offset aHmidrv_386 ; "hmidrv.386"
cseg01:0005694C                 mov     eax, offset hmi_drv_str
cseg01:00056951                 call    strcat_
cseg01:00056956                 push    200h
cseg01:0005695B                 mov     eax, offset hmi_drv_str
cseg01:00056960                 push    eax
cseg01:00056961                 call    open_

cseg01:00056966                 add     esp, 8
cseg01:00056969                 mov     [ebp+var_4], eax
cseg01:0005696C                 cmp     [ebp+var_4], 0FFFFFFFFh
cseg01:00056970                 jnz     short loc_5697E
cseg01:00056972                 mov     [ebp+var_14], 0Fh
cseg01:00056979                 jmp     on_exit
cseg01:0005697E ; ---------------------------------------------------------------------------
cseg01:0005697E
cseg01:0005697E loc_5697E:                              ; CODE XREF: Unkn_Subroutine_Reg_7+8Dj
cseg01:0005697E                 mov     ebx, 2Ch ; ','
cseg01:00056983                 mov     edx, offset unk_C7F78
cseg01:00056988                 mov     eax, [ebp+var_4]
cseg01:0005698B                 call    read_

This code trying to open file of sound manager for MS- DOS hmidrv.386, but please help understand what means flag 200h?

Yotamz · Answer 1 · 2024-02-25T10:12:25.180

1

In DOS/Windows this is the constant value for O_TRUNC, used to erase the file's content and place the cursor (seek) at offset 0.

.386 extension is used by DOS and earlier versions of Windows for virtual device drivers.

Truncating this type of "file" has no effect, and of course there is nothing to read() from a file that has just been emptied.

The most likely explanation for this code sequence is that the program you're looking at expects a device driver to exist by this name and that reading from it returns some data.

However, this driver may not be available in the particular system.

Then, if there happens to be a regular file named hmidrv.386, the program will read from it, expecting the driver initial data but get whatever is inside the (regular) file instead, which may yield unexpected results.

Truncate before read ensures that the data read, if any, cannot be a normal file content.

edited Feb 25 '24 at 10:12

answered Feb 12 '24 at 16:34

Yotamz

1,207
6
19

I updated code in question, I put more code, in code we can see - next after "open" is "read". How we can read truncated file? i.e. file opened with O_TRUNC flag? If file is truncated, it has set zero data. What we read- zero data? And moreover this file we open - hmidrv.386 - it is music driver to play sound. It driver plays sound in this app, it is needed to reproduce sound in this app, why need truncate this file? – black4 Feb 14 '24 at 11:13
1

use dosbox debugger to step through and test if the file really gets truncated – llm Feb 14 '24 at 15:53
1

Is the implementation of the open_ function part of the code? DOS extensions can make virtual devices available as files. Early versions of Windows use *.386 files for this purpose. If this is the case then the truncate flag has no effect, but should there be a regular file by that name it will be truncated. It may have been added by a compiler: calling fopen with "w" mode implies O_TRUNC on the underlying open call – Yotamz Feb 14 '24 at 21:26

Flag 200h open file

1 Answers1