IB Chapter 4/System Briefing

M -

The problein with this approach is that now we'll have to plow through all of

this binary data and decode all of the fields by hand (hardly what I'd call an

enjoyable way to spend a Saturday afternoon). A more efficient approach is

to use the debugger's dg command, which displays the segment descriptors

corresponding to the segment selectors fed to the command.

kd> dg 0 3F8

Sel Base

Limit

Type

P

1

ST

ze

Gr

an

Pr

es

Lo

ng

Flags

0000

00000000

00000000

<Reserved> 0 Nb By Np N1

00000000

0008

00000000

ffffffff

Code RE Ac

0

Bg

pg

P

N1

00000c9b

0010

00000000

ffffffff

Data RW Ac

0

Bg

Pg

P

N1

00000C93

0018

00000000

ffffffff

Code RE Ac

3

Bg

Pg

P

N1

OOOOOcfb

0020

00000000

ffffffff

Data RW Ac

3

Bg

Pg

P

N1

OOOOOcfS

0028 8013b000

000020ab

TSS32 Busy

0

Nb

By

P

N1

0000008b

0030

81907800

00002128

Data RW Ac

0

Bg

By

P

N1

00000493

0038

7ffaeOOO

OOOOOfff

Data RW Ac

3

Bg

By

P

N1

000004f3

0040

00000400

OOOOffff

Data RW

3

Nb

By

P

N1

OOOOOOfZ

0050

81905000

00000068

TSS32 Avl

0

Nb

By

P

N1

00000089

0058

81905068

00000068

TSS32 Avl

0

Nb

By

P

N1

00000089

0070

82430000

000003ff

Data RW

0

Nb

By

P

N1

00000092

00E8

00000000

OOOOffff

Data RW

0

Nb

By

P

N1

00000092

OOFO

8185eaa4

000003b2

Code EO

0

Nb

By

P

N1

00000098

00F8

00000000

OOOOffff

Data RW

0

Nb

By

P

N1

00000092

One thing you might notice in the previous output is that the privilege of each

descriptor (specified by the fifth column) is set to cither Ring 0 or Ring 3. In

this list of descriptors, there are four that are particularly interesting:

P

Si

Gr

Pr

Lo

Sel

Base

Limit

Type

1

ze

an

es

ng

F1 ags

0008

00000000

ffffffff

Code

RE

Ac

0

Bg

Pg

P

N1

00000c9b

0010

00000000

ffffffff

Data

RW

Ac

0

Bg

Pg

P

N1

00000C93

0018

00000000

ffffffff

Code

RE

Ac

3

Bg

pg

P

N1

OOOOOcfb

0020

00000000

ffffffff

Data

RW

Ac

3

Bg

Pg

P

N1

00000cf3

As you can see, these descriptors define code and data segments that all span

the entire linear address space. Their base address starts at 0x00000000 and

stops at OxFFFFFFFF. Both Ring 0 (operating system) and Ring 3 (user applica¬

tion) segments occupy the same region. In essence, there is no segmentation

because all of these segment descriptors point to the same segment.

This is exactly a scenario described in the chapter on IA-32 (Chapter 3)

where we saw how a minimal segmentation scheme (one that used only Ring

Part I