Home > Others

Block register value conversion to linear address in protection mode

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Keywords: segment register, segment Selection Sub-, Global Descriptor Table, Local Descriptor Table, segment descriptor, and linear address; CS, SS, DS, EST, fs using segment mechanism in protection mode, GS does not save the segment address in real mode, but a combination value that contains the segment selection and offset address. When the CPU reads the memory, it needs to resolve the segment register value into a segment address to locate the corresponding segment. Next we will analyze this process step by step. Knowledge Point: segment register value = segment Selection Sub-. In short, segment Selection Sub-is a value used to specify the segment descriptor position. Segment Selection Sub-format: Low 0-1 bits indicate the privileged level. To reduce complexity, do not pay attention to it currently. The low 2nd bits indicate whether the descriptor table is gdt (0) or LDT (1). The 3-15 bits indicate the sequence number of the segment descriptor in the segment description table, which is critical. Global Descriptor Table. A system has only one Global Descriptor Table, which is used to store some global segment Descriptors (this term is described below ). The first entry value in the Global Descriptor Table must be a null value. The first address of the Global Descriptor Table is given by the GDTR register. This value is a linear address and does not need to be parsed. GDTR is a 48-bit value. The 16-47 BITs have a total of 32 bits (base address) of the gdt base address. The range of 0-15 bits is 16 bits (limit) the size of the gdt table (in bytes ). In the windbg kernel mode, you can use the r GDTR command to list the 32-bit base address, and use rgdtl to list the 16-bit gdt size values. R GDTR lists the base addresses of the segment descriptor table. The base addresses are displayed in flat linear mode. This is the basis for selecting sub-segments for other segment addresses. R gdtl lists limit in bytes. If limit is 1023, it contains 1024 bytes, and gdt contains a total of 1024/8 = 128 segment descriptors. Segment descriptor: a total of 64-bit values, the lower part of which is a low 32-bit value, and the upper part is a high 32-bit value. The segment address specified in this segment descriptor is: (32: 24) (32 bits in total), which is the linear segment address we want. The Local Descriptor Table register ldtr indicates the index of the LDT table of the current task in GDTR. Its format is a typical segment Selection Sub. (In combination with the Global Descriptor Table) the segment mechanism and the page mechanism work together, and the page base system needs to be detailed in another article. Experiment with the above process using windbg: 1. use the R command to list register values kd> reax = 00000001 EBX = 00000000 ECx = 8080a188 edX = 8292 eadc ESI = 8080a188 EDI = 00000029eip = 82868bc0 ESP = 8292eaf8 EBP = 8292eca4 iopl = 0 NV up ei pl nz Na Po NCCs = 0008 Ss = 0010 DS = 0023 es = 0023 FS = 0030 GS = 0000 EFL = 002002022. take CS for example, because its value 0008 is a segment register value = segment Selection Sub-, we use. the formats command displays the binary number kd>. formats 0008 evaluate expression: Hex: 00000008 decimal: 8 octal: 00000000010 binary: 00000000 00000000 0 0000000 00001000 chars :.... time: Thu Jan 01 08:00:08 1970 float: Low 1.12104e-044 high 0 double: 3.95253e-323 2nd bits are 0, indicating that the Global Descriptor Table is used, run the r GDTR command to view the first address of the Global Descriptor Table. Kd> the value of R gdtrgdtr = 80b95000 in the 3-15 bits is 1, indicating that the 1st items in the Global Descriptor Table are used (starting from 0, and The 0th items must be 0 ); we can view the contents of the Global Descriptor Table: kd> dd 000000000000 00000000 0000 FFFF 00000000 FFFF 00cf9300 0000 FFFF 00000000 FFFF 00cff300 600020ab 00001c003748 82409393 00000fff 00000400 FFFF 0000f200 00000000 0000f0000068 82008992 f0680068 000000000000 00000000 00000000 0000000 080b95070 500003ff 800092b9 00000000 00000000 0th items are indeed 0, the first item is 0000 FFFF 00cf9b00. According to the format of the segment descriptor, the segment address pointed out in the segment descriptor is: (32: 24) (). The value (32 bits in total) is a linear address. Kd>. formats 0000 ffffevaluate expression: Hex: 0000 FFFF decimal: 65535 octal: 00000177777 binary: 00000000 00000000 11111111 11111111 chars :.... time: Fri Jan 02 02:12:15 1970 float: Low 9.18341e-041 high 0 double: 3.23786e-319kd>. formats 00cf9b00evaluate expression: Hex: 00cf9b00 decimal: 13605632 octal: 00063715400 binary: 00000000 11001111 10011011 chars :.... time: Sun Jun 07 :3 3 2 1970 float: Low 1.90656e-038 high 0 double: 6.72208e-317 the values of the three places (32: 24) () are 0, therefore, the linear segment address is 0. That is, the linear segment address specified by cs = 0008 is 0. for the verification result, run the DG command to view the content of the segment descriptor specified by the sub-Selection Sub-part kd> DG 0008 p Si gr PR losel base limit type L ze an es ng flags ------------------------------------- -- -------- 0008 00000000 ffffffff code re AC 0 bg pg p nl 00000c9b the result is correct. 3. Verify with FS = 0030 as an example. Kd>. formats 0030 evaluate expression: Hex: 00000030 decimal: 48 octal: 00000000060 binary: 00000000 00000000 00000000 chars :... 0 time: Thu Jan 01 08:00:48 1970 float: Low 6.20.23e-044 high 0 double: 2.37152e-322 visible low 2nd bits are 0, and the Global Descriptor Table is specified. Similarly, use r gdtr to find the base address of the Global Descriptor, and then locate the segment descriptor of 110b: kd> r gdtrgdtr = 80b95000kd> dd 80b95000 + 6*8 l280b95030 1c003748 201709393kd>. formats 1c003748 evaluate expression: Hex: 1c003748 decimal: 469776200 octal: 03400033510 binary: 00011100 00000000 00110111 chars :.. 7 h time: Tue Nov 20 13:23:20 1984 float: Low 4.24231e-022 high 0 double: 2.321e-315kd>. formats 82409393 evaluate expression: Hex: 82409393 decimal:-2109697133 octal: 20220111623 binary: 10000010 01000000 10010011 10010011 chars :. @.. time: ***** invalid float: Low-1.41483e-037 high-1. # qnan double:-1. # qnan linear segment address binary value: 10000010 10010011 00011100
00000000 B to hexadecimal: 82931c00; Use DG to verify linear segment address: kd> DG 30 p Si gr PR losel base limit type L ze an es ng flags ---- -------- ------------- -------- 0030 82931c00 00003748 data rw ac 0 BG by p nl 00000493 the result is correct. Reference: intel64 and IA-32 ubuntures software developer's manualw.zhang yinkui software debugging

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ipv4 to ipv6 address conversion ipv4 address to ipv6 address conversion ipv6 address to ipv4 address conversion conversion of ip address to binary array to string conversion in how to block ip address from tracked how to bypass ip address block

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More