From: muta...@gmail.com   
      
   Thanks Dan.   
      
   I posted that at something like 1am hoping for an answer when   
   I woke up, but there wasn't one so I went ahead and did my own   
   version (below), which took so long, including interruptions, that   
   by the time I came to post it I found your message. :-)   
      
   I'll just answer some points you raised.   
      
   On Sunday, April 2, 2023 at 9:37:28 AM UTC+8, Dan Cross wrote:   
      
   > >And the value would have been corrupt anyway because of this:    
   > >    
   > > movb _buf.8+3(%edx), %dl   
      
   > What do you mean, "corrupt?" `%edx` holds an offset into some    
   > buffer at the beginning of this instruction; that offset is not    
   > used after this instruction, so the compiler chose to load a    
   > byte into the register. That byte is eventually OR'd into the    
   > "cluster" value in `%ebx`.   
      
   Yes, I can't remember why I was confused.   
      
   Note that adding printf (which means edx may be trashed)   
   causes different code to be generated (to avoid edx being   
   trashed), and I may have remembered that or something.   
      
   > Deallocate the stack space allocated above. Note: it would look    
   > like both `%ebx` and `%edi` could be clobbered here, but I'm    
   > guessing you're using the "cdecl" calling convention, where    
   > `%ebi` is callee-save.    
      
   Not sure if ebi means ebx or edi, but both are preserved by   
   the called function I think (edi apparently only in 32-bit code):   
      
   /* 1 for registers not available across function calls.   
      These must include the FIXED_REGISTERS and also any   
      registers that can be used without being saved.   
      The latter must include the registers where values are returned   
      and the register where structure-value addresses are passed.   
      Aside from that, you can include as many other registers as you like.    
       
      The value is an mask - bit 1 is set for call used   
      for 32bit target, while 2 is set for call used for 64bit.   
      Proper value is computed in the CONDITIONAL_REGISTER_USAGE.   
   */   
   #define CALL_USED_REGISTERS					\   
   /*ax,dx,cx,bx,si,di,bp,sp,st,st1,st2,st3,st4,st5,st6,st7*/	\   
   {  3, 3, 3, 0, 2, 2, 0, 3, 3,  3,  3,  3,  3,  3,  3,  3,	\   
      
   > If `fat_type` is not 32, branch to the top of the loop. Note    
   > that there is no case for handling bad data here; even minor    
   > corruption could lead to an infinite loop.   
      
   Sure. I have added minimal error checking. Mainly   
   just some divide by zero errors that caused me issue   
   at boot time when it was exposed to a corrupt USB stick.   
      
   > The code appears to be correct given the source code.    
      
   Yep, thanks.   
      
   Since I can't add printf at will without making the problem   
   go away I will insert a call to __brkpoint() into the generated   
   assembler to see if that enables me to track the problem down.   
      
   BFN. Paul.   
      
      
      
   _fatNuke:   
   	pushl	%ebp   
   	movl	%esp, %ebp   
   	pushl	%edi   
   	pushl	%esi   
   	pushl	%ebx   
   	subl	$28, %esp   
   	movl	12(%ebp), %ebx   ; second parameter is cluster number, now in ebx   
   	testl	%ebx, %ebx   
   	movl	8(%ebp), %edi   ; first parameter is FAT *, now in edi   
   	movl	$0, -16(%ebp)   
   	movl	$0, -24(%ebp)   
   	je	L663   
   	.p2align 2   
   L665:   
   	subl	$8, %esp   
   	pushl	%ebx   
   	pushl	%edi   
   	call	_fatEndCluster   
   	addl	$16, %esp   
   	testl	%eax, %eax   
   	jne	L689   
   	movl	92(%edi), %eax   
   	cmpl	$16, %eax   
   	je	L690   
   	cmpl	$12, %eax   
   	je	L691   
   L671:   
   	cmpl	$32, %eax   
   	jne	L665   
           ; fatSector = fat->fatstart + (cluster * 4) / fat->sector_size;   
   	xorl	%edx, %edx   
   	leal	0(,%ebx,4), %eax   ; cluster number in ebx multiplied by 4   
   	movl	16(%edi), %ecx   ; sector_size is at offset 16 in FAT   
   	divl	%ecx    ; i think edx contains remainder and is ignored, eax contains   
   extra sectors   
   	movl	%eax, %esi   
   	addl	48(%edi), %esi   ; offset 48 is fatstart, now added to extra sectors,   
   result in esi   
   	cmpl	%esi, -16(%ebp)  ; stack variable at -16 is "buffered" variable   
           ; if (buffered != fatSector)   
   	je	L681        ; if we're still doing the same sector number, then jump   
   	movl	-16(%ebp), %eax   
   	testl	%eax, %eax   
   	jne	L692   
   L682:   
   	pushl	%eax   
   	pushl	$_buf.8   
   	pushl	%esi   
   	pushl	%edi   
   	call	_fatReadLogical   
   	movl	%esi, -16(%ebp)   
   	addl	$16, %esp   
   	movl	16(%edi), %ecx   
   L681:   
   	leal	0(,%ebx,4), %eax  ; cluster number in ebx multiplied by 4, and stored in   
   eax   
   	xorl	%edx, %edx   
   	divl	%ecx   ; repeat the division, and now using the remainder we have the   
   offset in the sector buffer of interest in edx   
   	movzbl	_buf.8+1(%edx), %eax  ; al has one value   
   	movzbl	_buf.8(%edx), %ebx   ; bl has one value   
   	sall	$8, %eax   
   	orl	%eax, %ebx   ; bx has combination of 2 values   
   	movzbl	_buf.8+2(%edx), %eax   ; al has one value   
   	movl	%edx, %ecx   ; copy of the offset for later use   
   	sall	$16, %eax  ; get al into position   
   	movb	_buf.8+3(%edx), %dl  ; dl has one value - rest of edx hasn't been zeroed   
   	orl	%eax, %ebx  ; al above is now in right position of ebx   
   	movl	%edx, %eax  ; al has the last (4th) value now (copied from dl)   
   	sall	$24, %eax   ; al into right position   
   	orl	%eax, %ebx  ; ebx now complete (cluster number)   
           ; & 0x0fffffff;   
   	andl	$-16, %edx  ; only want low 4 bits of dl   
           ; buf[offset + 3] = buf[offset + 3] & 0xf0;   
   	andl	$268435455, %ebx   ; cluster number now masked with 0f ff ff ff   
           ; cluster number in ebx is now correct and undisturbed for use as   
   original   
           ; now using ecx as offset   
   	movb	$0, _buf.8(%ecx)   
   	movb	$0, _buf.8+1(%ecx)   
   	movb	$0, _buf.8+2(%ecx)   
   	movb	%dl, _buf.8+3(%ecx)   ; those low 4 bits now available for insert   
           ; deletedclusters++;   
   	incl	-24(%ebp)   
   	jmp	L665   
   L692:   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)