2
votes

From what I know, back in the days of 16bit PC's we had the Segment registers contain the address of each type of segment and you could access an offset with something like this SS:[EDI], this would take the value contained in EDI as an offset to the Stack Segment.

Now I know that in 32bit systems, we have the GDT (Global Descriptor Table) and the LDT (Local Descriptor Table), the Segments now contain the index into that table and an offset could be calculated that would point to the right memory address.

Is my understanding correct?

PUSH DWORD PTR SS:[EBP+8] ; basicbof.00401000

So what would a statement such as this mean on a 32bit OS (XP SP2)?

3

3 Answers

3
votes

Segment registers do now contain Selectors. Each selector is an index in either global or local descriptor table, plus security level requested.

For example:

mov ds, 0x0000

Will put selector 0 from table 0 (GDT), with level 0 access to DS. (This is a special register, which is used for null pointer testing).

The tables contain base + length information for each selector, thus no longer limited to 64K (but might be anything from 0 to 4GB).

The best way to learn about these is reading the (freely available) Intel processor documents.

Edit: link

0
votes

phu - 10 years later my knowledge is a little bit rusty.

sukru answer is that what I remember.

I would interpret your assembly statement as: Take the DWORD at StackSegment:BasePointer+8 (=a local variable or method parameter - can't remember) and put it on the stack

0
votes

Notice that the SS DS ES and so on Selectors are in user-land senseless because they point at the same (usualy 4-kbyte) pages. I dunno how it is about kernel programming...