K
K
Ken3kiEater2019-09-16 20:28:59
reverse engineering
Ken3kiEater, 2019-09-16 20:28:59

Segmentation in long mode?

Written in Russian and English. Segment registers in x64 except for GS and FS are not used and are forced to 0.
Open the first application in x64dbg.
DRK-TlFBx6s.jpg
why is that ?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
J
jcmvbkbc, 2019-09-17
@Ken3kiEater

Written in Russian and English. Segment registers in x64 except GS and FS are not used and are forced to 0.

This is some kind of ambiguous and inaccurate quote. Here is what Intel Software Developer Manual 3.7.4.1 "Segmentat..." writes :
Those. the base address of the segments accessed via cs/ds/es/ss is zero, but not the selector values ​​themselves. The base address, remember, is a field in the GDT/LDT records. The selector (the value in the segment register) selects the requested privileges (lower two bits), the table type (GDT/LDT, the third bit from the end), and the table entry number (all other bits).
Agree, this is not at all what you expected?
Looking at your picture, it can be said that the code from the segment in the sixth entry in the GDT is executed with the privileges of the third protection ring, and the data access through ds / es / ss / gs is carried out through the segment in the fifth entry in the GDT with the privileges of the third ring.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question