Extraordinary fragment registers

Presentation Transcript

Exceptional portion registers How to use registers FS and GS for tending to memory-operands while in IA-32e mode

Code/Data Descriptor-Format 63 32 Base[31..24] G D L A V L Limit [19..16] P D P L S X C/D R/W A Base[23..16] Base[15..0] Limit[15..0] 0 31 Legend: G = Granularity: (0=byte-granularity, 1=page-granularity) D = Default operand and address estimate: (0=16-bits, 1=32-bits) L = Long (0=compatibility mode code/information, 1=64-piece code) AVL = Available (this bit can be utilized by developers for any reason) NOTE: These descriptors can just store 32-bits as a fragment's base-address

IA32_FS_BASE This Model-Specific Register is presently a piece of the authority Intel Architecture It gives a "secondary passage" to the shrouded some portion of section enroll FS It permits utilization of a 64-bit base-address for fragment enlist tended to by FS when the CPU is executing in 64-bit mode Its MSR enlist file is 0xC0000100

Loading register FS In "similarity" mode the upper 32-bits of the "concealed" 64-bit portion base-address for FS will be ignored by the CPU for figuring memory-operand addresses But in 64-bit mode the full 64-bit estimation of the "shrouded" FS portion's base-address will be utilized as a part of framing powerful addresses How does FS portion base get stacked?

It relies on upon cpu mode In "similarity" mode, we keep on putting portion areas into enroll FS: mov $sel_fs, %ax mov %ax, %fs This heaps the last 32-bits into FS from the Global (or the Local) Descriptor Table The upper 32-bit are unmodified, and are dismissed, in "similarity" mode

Use "wrmsr" in 64-bit mode In 64-bit mode, the "wrmsr" guideline can be utilized to stack the full 64-bits of fragment base-address into the "shrouded" some portion of the FS section enlist: mov base_lo32, %eax mov base_hi32, %edx mov $0xC0000100, %ecx wrmsr

GS is comparable The prior comments about enlist FS likewise apply to enlist GS There is a 64-bit IA32_GS_BASE enlist that is gotten to with "rdmsr" and "wrmsr" Its MSR enlist file is 0xC0000101

The 'swapgs" direction There is a third Model Specific Register that gets utilized (in 64-bit mode) with the IA32_GS_BASE enlist, authoritatively named the IA32_KERNEL_GS_BASE enlist Its MSR enlist record is 0xC0000102 An uncommon instuction can be utilized by ring0 code to trade the substance of these two Model-Specific Registers

In-class practice Use our "newapp64.cpp" advancement apparatus to rapidly make the standard code for a boot-time program that takes the CPU into its IA-32e mode (where you can attempt a few examinations with registers FS and GS, and additionally the advantaged "swapgs" direction) Can you "delineate" highest page-casing to video-memory, then utilize IA32_FS_BASE to compose a message to screen-memory?