Page 1 of 1
IRET
Posted: Tue Feb 03, 2009 2:18 pm
by justin
In the Intel manuals (5-18 vol 3), it says "If a stack switch occurred when calling the handler procedure, the IRET instruction
switches back to the interrupted procedure’s stack on the return."
How does the processor know that a stack switch occurred when the handler procedure was called, so that it can take the appropriate action during an IRET instruction?
Re: IRET
Posted: Tue Feb 03, 2009 2:33 pm
by AJ
Hi,
The only way it knows is by the PL of the return CS selector. If the return CS PL is greater than that of the handler, SS and ESP are popped off the stack.
Cheers,
Adam
Re: IRET
Posted: Tue Feb 03, 2009 8:37 pm
by blackoil
when executing IRET, it need to pop CS:EIP pair, if CS value to be popped is greater the current value in CS register, then after pop CS:EIP pair, SS:ESP pair follows implicitly.
customly switch to any greater previlege ring task, you need to set up CS:EIP SS:ESP pairs on your current stack, manually.
Re: IRET
Posted: Wed Feb 04, 2009 3:22 am
by AJ
blackoil wrote:when executing IRET, it need to pop CS:EIP pair, if CS value to be popped is greater the current value in CS register, then after pop CS:EIP pair, SS:ESP pair follows implicitly.
This is a bit misleading. It's not the CS value that matters - only the DPL of CS (the lower 2 bits). Also, the order of popped arguments is EIP, CS,
EFLAGS, ESP and then SS.
Cheers,
Adam
Re: IRET
Posted: Wed Feb 04, 2009 9:27 am
by blackoil
yes, the DPL of CS register
SS <---high address
ESP
EFLAGs
EIP
CS <---low address, current SS:ESP
Re: IRET
Posted: Wed Feb 04, 2009 11:36 am
by egos
Open your eyes:
SS <---high address
ESP
EFLAGs
CS
EIP <---low address, current SS:ESP
Edited: the low two bits of selector are RPL, not DPL.
Re: IRET
Posted: Fri Feb 06, 2009 9:48 pm
by blackoil
Oh yeah, I got asleep while typing