GDT

[slacker]

couple quetions...

the intel manual says the processor multiplies the index value in the selector by 8 (bytes in descriptor) but when i look at ppl's code like a flat memory model the index value is always 0x08, 0x10...is there an error in the manual or am i reading it wrong? cause if it multiplies the index by 8 the index should be 1,2,etc....

the granularity flag in the descriptor:
this effects the limit of the segment so if i wanted a segment to be 0x100000 in size would i have to divide by 4kb or something to take this into account?

[Pype.Clicker]

couple quetions...

the intel manual says the processor multiplies the index value in the selector by 8 (bytes in descriptor) but when i look at ppl's code like a flat memory model the index value is always 0x08, 0x10...is there an error in the manual or am i reading it wrong? cause if it multiplies the index by 8 the index should be 1,2,etc....

There's no error: the index field of a selector simply starts at bit 3 in the selector. so a selector of 0x08 is an index of 1 relative to GDT (ti bit cleared) with a RPL of 0.

the granularity flag in the descriptor:
this effects the limit of the segment so if i wanted a segment to be 0x100000 in size would i have to divide by 4kb or something to take this into account?

basically yes. if you want a 128Kb segment limit, just load 31 in the limit field and set granularity to 4Kb. According to the manual, your effective limit will then be 0x1f<<12 | 0xFFF = 0x1ffff

Check the auwful table in the manual for special cases like expand-down segments,etc.
as a special case, limit equal to 0xFFFFF with G=4K make a limit of 4GB, which means no limit at all, whatever your base is, but for the highest for bytes (i.e. i wouldn't try to read a dword at 0xFFFFFFFF if i were you. 0 is okay, 0xFFFFFFFC too

[bkilgore]

the granularity flag in the descriptor:
this effects the limit of the segment so if i wanted a segment to be 0x100000 in size would i have to divide by 4kb or something to take this into account?

Yes. Because the limit is only 20 bits wide, it can only specify a maximum of 2^20-1, or one byte less than 1MB. The granularity bit allows you to accomidate the full 4GB addressable by 32bits, and still allows specification down to the byte, by allowing you to specify if the limit is a multiple of 1, or a multiple of 4kb.

In your case, you're one byte over the maximum value specifiable by 20 bits, so you need to set the granularity bit and divide by 4kb, or 0x1000, which gives you a limit of 0x100.

- Brandon

[bkilgore]

Oops...guess I took too long writing my response, lol

[slacker]

There's no error: the index field of a selector simply starts at bit 3 in the selector. so a selector of 0x08 is an index of 1 relative to GDT (ti bit cleared) with a RPL of 0.

so your saying the index value in the selector should have a value of one,two,etc but i have seen code that works and have the index values set to 0x08 , 0x10,etc

[bkilgore]

so your saying the index value in the selector should have a value of one,two,etc but i have seen code that works and have the index values set to 0x08 , 0x10,etc

The index value of the selector and the hex value of the selector used as a segment are two different things....

The index value of a selector is the "number" of the selector, i.e. the 1st one, 2nd one, etc. whereas the value of the selector you use when using it as a segment value is the offset from the beginning of the GDT to the selector description. Because each selector description is 8 bytes, the index number is always 1/8th of the offset.

[Pype.Clicker]

There's no error: the index field of a selector simply starts at bit 3 in the selector. so a selector of 0x08 is an index of 1 relative to GDT (ti bit cleared) with a RPL of 0.

so your saying the index value in the selector should have a value of one,two,etc but i have seen code that works and have the index values set to 0x08 , 0x10,etc

seems i haven't made myself clear enough ...

Code: Select all

0x08 == 0000 0000 0000 1000b
         ==[0000 0000 0000 1]---  : 13 bits [i]index[/i] 
            + ---- ---- ---- -[0]-- : 1 bit of [i]table indicator[/i]
            + ---- ---- ---- --[00] : 2 bits of [i]requested privilege level[/i]

see it ? we took selector 0x08 and we have index 1. index 1 in the LDT with RPL3 (usermode) is selector 0x000F.

/dev/brain: > make sense ?

[slacker]

pype i liked the:
0x08 == 0000 0000 0000 1000b
==[0000 0000 0000 1]--- : 13 bits index
+ ---- ---- ---- -[0]-- : 1 bit of table indicator
+ ---- ---- ---- --[00] : 2 bits of requested privilege level

THATS WEIRD! but i understand it....
why does it work out like that? cause i tryed it with 0x10 and when you take the 3 first bytes off of it you get 2...hmmm

[slacker]

24(index 3) becomes 3 when 3 bits are taken off..whats up with that..coincidence? cant be

[bkilgore]

why does it work out like that? cause i tryed it with 0x10 and when you take the 3 first bytes off of it you get 2...hmmm

Why does two seem weird? 0x08, 0x10, 0x10, 0x20 in selectors is like counting 1,2,3,4 in indices (each selector is 8 bytes), so 0x10 should be the second one...

Unless I'm missing something...

[Pype.Clicker]

24(index 3) becomes 3 when 3 bits are taken off..whats up with that..coincidence? cant be

lol. didn't u notice that shifting 3 bits to the right (basically, removing the 3 low-order bits) and dividing by 8 is the same operation as 2^3=8 ?

[slacker]

yea i figured out the 2^X multiplication/divsion but its interesting how they designed the index value 13 bits with the 8 byte descriptor....

[bkilgore]

yea i figured out the 2^X multiplication/divsion but its interesting how they designed the index value 13 bits with the 8 byte descriptor....

Not so much interesting at it is ingenious

They took advantage of every possible bit. So if the last two bits are always going to be 0 (since the size of the field is 8 and then it will always be a multiple of , why not use them for flags and such? They did that a lot in paging and other places to save space. A lot of engineers working over there to try to make things as optimized as possible...

[slacker]

for the TYPE part of the GDT, what exactly is conforming , accessed, and expand down segments?

[Pype.Clicker]

conforming : the DPL is the minimum (numerically) priviledge level. If a conforming code with a DPL of 1 is called by a thread that has a CPL of 2, the the RPL of the selector will be 2 aswell (iirc).

accessed : set to 1 if the descriptor has been used since the last time you cleared that bit. Note that if you don't reload the selector, i'm unsure of what the accessed bit will be.

expand-down : valid offsets are [ limit .. 0xffff ffff ] rather than [0 .. limit ] it has weird interaction with granularity and big bits, so check the table in intel-manuals to be sure.