Redirection in Protected Mode

There are two main types:

Do not change privileges, change privileges

1. Do not change the privilege level. You can use the inter-segment or intra-segment call or JMP. Do not judge between segments. What is the destination segment?Code.

If the code segment is inconsistent, CPL = DPL and RPL <= DPL must be used. The CPL remains unchanged after the jump.
If the code segment is consistent and RPL is not judged, CPL> = DPL is required, that is, the outer ring can jump into the inner ring, but CPL remains unchanged.

2. To change the privilege level, you must pass through the door (call door, task door, interrupt door, and trap door ). Jump from the outer ring to the inner ring through the door, and jump back to the outer ring through ret, LRET, and inet.

Inter-segment transfer: Use a 48-bit address (Select Sub + offset) to describe the address to jump.
Direct inter-segment transfer: Use a 48-bit address directly
Indirect inter-segment transfer: Use the call door, callers, and TSS descriptor pointing to the 48-bit address. In this case, only the description sub-works, and the offset does not. The specific address is the corresponding address.

JMP can only jump between the same privileged level, either directly or indirectly.

When the inter-segment transfer command JMP and inter-segment call command call contain the pointer selection sub-indicator to call the door descriptor, you can achieve the transfer through the call door.However, only the call command can be changed to the privilege level of the inner layer. The JMP command can only be transferred to code of the same level.

The entry point for calling the door descriptor transfer contains the 48-bit full pointer of the destination address segment and offset. When the inter-segment transfer command JMP or inter-segment call through the task door is executed, the selection sub in the pointer contained in the command is used to determine the call door, And the offset is discarded; the 48-bit full pointer in the call door is transferred as the target address pointer.

The processor uses the same privileged-Level Rules as the access data segment to control access to the door descriptor. The DPL of the call gate descriptor specifies the outermost privilege level to access the gate. before obtaining the 48-bit full pointer in the call gate and using it as the target address pointer to transfer to the target code segment, perform a privileged-level check. Only privilegedProgramCan access the call door, that is, CPL <= DPL of the call door. At the same time, it is required that the RPL of the sub-selection of the portal must meet the RPL <= DPL of the calling portal. The process of transferring to the target code segment only after the detection is passed. It also checks whether the target descriptor is a code segment descriptor. the descriptor of the selection sub-indicator in the call room must be a code segment descriptor. In addition, before loading the code segment descriptor high-speed buffer register, adjust the code segment Selection Sub-RPL = 0, that is, the RPL of the code segment Selection Sub-in the call door is ignored.

When loading the CS high-speed buffer register, the target code segment descriptor must be protected. During the detection process, DPL is no longer the DPL of the call gate, but the DPL of the target code segment descriptor specified by the sub-indicator is selected in the call gate. The Inter-segment call command and inter-segment transfer command JMP perform different checks.

For inter-segment transfer commands that use the call gate, JMP, And the detection conditions and CIDR blocks are directly transferred. Since RPL is set to 0, it can be considered that the RPL <= DPL condition can always be met. Therefore, for common non-consistent code segments, when CPL = DPL, there is a transfer of non-privileged changes; for consistent code segments, when CPL> = DPL is met, the transfer of the non-privileged level change also occurs; otherwise, an exception occurs.

CallThe situation is different. Since RPL is set to 0, it can be considered that the RPL <= DPL condition can always be met. For consistent code segments, a transfer without a privilege level transformation occurs when CPL> = DPL is satisfied. For non-consistent code segments, when CPL = DPL, there is still a transfer of non-privileged level transformation; When CPL> DPL, there is a transfer to the inner privilege level transformation, load the selector and offset in the call door to CS and the eip of the command pointer, keep CPL equal to DPL, and switch to the inner stack.

To sum up, the inter-segment call command can be called from the outer program to the inner program through the call gate (JMP command can only implement the transfer of non-privileged changes ); you can also transfer a non-privileged level change by calling the door. Note that neither the JMP command nor the call command can be transferred to the outer privileged level. Otherwise, an exception may occur.

Of course, the call command should save the original CS and EIP, that is, the return address, to the stack before loading the pointer of the target code segment to CS and EIP. If there is no privileged level change, the stack remains unchanged, and the return address is saved in the original stack; otherwise, the return address is saved in the internal stack.