4,2 Segmentation and Paging under Windows

This distinction is based on the U/S bit in the system's PDEs and PTEs. Who¬

ever thought that a single bit could be so important?

Segmentation

System-wide segments are defined in the GDT. The base linear address of

the GDT (i.e., the address of the first byte of the GDT) and its size (in bytes)

are stored in the GDTR register. Using the kernel debugger in the context

of a two-machine host-target setup, we can view the contents of the target

machine's descriptor registers using the register debugger command with the

0x100 mask:

kd> rM 0x100

gdtr=82430000 gdtl=03ff idtr=82430400 Tdtl=07ff tr=0028 1dtr=0000

This command formats the contents of the GDTR register so that we don't

have to. The first two entries (gdtr and gdtl) are what we're interested in.

Note that the same task can be accomplished by specifying the GDTR com¬

ponents explicitly:

kd> r gdtr

gdtr=82430000

kd> r gdtl

gdtl=000003ff

From the resulting output, we know that the GDT starts at address 0x82430000

and is 1,023 bytes (8,184 bits) in size. This means that the Windows GDT

consists of approximately 127 segment descriptors, where each descriptor

consumes 64 bits. This is a paltry amount when you consider that the GDT

is capable of storing up to 8,192 descriptors (less than 2% of the possible

descriptors are specified).

One way to view the contents of the GDT is simply to dump the contents of

memory starting at 0x82430000.

kd> d 82430000 L3FF

82430000 00 00 00 00 00 00 00 00-ff ff 00 00 00 9b cf 00

82430010 ff ff 00 00 00 93 cf 00-ff ff 00 00 00 fb cf 00

82430020 ff ff 00 00 00 fS cf 00-ab 20 00 bO 13 8b 00 80

82430030 28 21 00 78 90 93 40 81-ff Of 00 eO fa f3 40 7f

82430040 ff ff 00 04 00 f2 00 00-00 00 00 00 00 00 00 00

82430050 58 00 00 50 90 89 00 81-58 00 68 50 90 89 00 81

82430060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00

Parti I 121