8.13. DEMOS
Listing 8.23: Peter Ferrie: 10 bytes; AL is random at this point
00000000: AE scasb
; CF is set according subtracting random memory byte from AL.
; so it is somewhat random at this point
00000001: D6 setalc
; AL is set to 0xFF if CF=1 or to 0 if otherwise
00000002: 242D and al,02D ;'-'
; AL here is 0x2D or 0
00000004: 042F add al,02F ;'/'
; AL here is 0x5C or 0x2F
00000006: CD29 int 029 ; output AL to screen
00000008: EBF6 jmps 000000000 ; loop endlessly
So it is possible to get rid of conditional jumps at all. TheASCIIcode of backslash (“\”) is0x5Cand0x2F
for slash (“/”). So we have to convert one (pseudo-random) bit in theCFflag to a value of0x5Cor0x2F.
This is done easily: byAND-ing all bits inAL(where all 8 bits are set or cleared) with0x2Dwe have just 0
or0x2D.
By adding0x2Fto this value, we get0x5Cor0x2F.
Then we just output it to the screen.
Conclusion
It is also worth mentioning that the result may be different in DOSBox,Windows NTand even MS-DOS,
due to different conditions: the timer chip can be emulated differently and the initial register contents
may be different as well.