Page 1 of 1
CS/DS limit?
Posted: Thu Sep 24, 2009 9:25 pm
by okaox
hi my friends ...
- I activated Protected Mode x86
- I enabled a20
- Set descriptors CS/DS kernel
Code: Select all
descr_so_nulo:
dw 0x0, 0x0, 0x0, 0x0
descr_so_code:
dw 0xffff ; limit[0..15]
dw 0x0000 ; base[0..15]
db 0x00 ; base[16..23]
db 0x9a ; P=1 DPL=00 S=1 Type=1010 (code read/exec)
db 0x4f ; G=0 D/B=1 L=0 AVL=0 Limit[16..19]
db 0x00 ; base[24..31]
descr_so_data:
dw 0xffff ; limit[0..15]
dw 0x0000 ; base[0..15]
db 0x00 ; base[16..23]
db 0x92 ; P=1 DPL=00 S=1 Type=0010 (data read/write)
db 0x4f ; G=0 D/B=1 L=0 AVL=0 Limit[16..19]
db 0x00 ; Base[24..31]
is assumed that I can do this, but I get as output error limits in the debugger:
Code: Select all
; code load offset 0:800
mov ax, 0x08*2 ; DS
mov ds, ax
mov es, ax
mov fs, ax
mov gs, ax
mov ss, ax
mov esp, 0xfffff-4 ; Why? ... if Limit = 0xfffff !!!
jmp 0x08:.aqui
.aqui:
ret
What happens?
greetings!!!
PD: with [mov esp, 0xA0010] have no problem, more than this I get limit error ...
Re: CS/DS limit?
Posted: Thu Sep 24, 2009 9:49 pm
by Brendan
Hi,
Not sure if this is your problem or not, but...
The G (granularity) flag is used to tell the CPU if the limit has byte granularity (e.g. "limit = 0xFFFFF" means 1 MiB limit) or if the limit has page granularity (e.g. "limit = 0xFFFFF" means 1048575 pages or 4 GiB).
Basically the G (granularity) flag is clear so the segment limit is 1 MiB. For "mov esp, 0xA0010" your stack will be below the 1 MiB limit, so you'd be able to use the stack without general protection faults.
Cheers,
Brendan
Re: CS/DS limit?
Posted: Fri Sep 25, 2009 12:06 am
by okaox
Thank you for the response...
If the granularity flag is clear, the segment size can range from 1 byte to 1 MByte, in byte increments.
If the granularity flag is set, the segment size can range from 4 KBytes to 4 GBytes, in 4-KByte increments.
But I am still wondering, Why occur the error?, if the range from A0010 to 0xFFFFF is < 1MB
greetings!!!
pd: Sorry for the english, I speak Spanish
Re: CS/DS limit?
Posted: Fri Sep 25, 2009 3:58 am
by pcmattman
Correct me if I'm wrong, but shouldn't there be five f's there, not four?
Re: CS/DS limit?
Posted: Fri Sep 25, 2009 4:45 am
by Brendan
Hi,
okaox wrote:PD: with [mov esp, 0xA0010] have no problem, more than this I get limit error ...
okaox wrote:But I am still wondering, Why occur the error?, if the range from A0010 to 0xFFFFF is < 1MB
Are you *sure* it's a problem with the segment limit?
For example, is it possible that you're trying to put your stack in the middle of video display memory or ROM, and the error is caused by the CPU pushing stuff onto the stack (e.g. the return address for "call" instructions) and popping off something different later (e.g. some bytes of ROM that causes RET to return to a dodgy address and makes the CPU execute unknown instructions, that leads to lots of new and exciting ways to crash)?
pcmattman wrote:
Correct me if I'm wrong, but shouldn't there be five f's there, not four?
In the lowest 16 bits of the limit there's only four F's. In the next 4 bits of the limit (e.g. in the "Limit[16..19]" field) there's another F...
Cheers,
Brendan
Re: CS/DS limit?
Posted: Fri Sep 25, 2009 4:47 am
by pcmattman
In the lowest 16 bits of the limit there's only four F's. In the next 4 bits of the limit (e.g. in the "Limit[16..19]" field) there's another F...
Ah, of course. The whole [0..15] thing didn't really compute
Re: CS/DS limit?
Posted: Fri Sep 25, 2009 5:04 am
by qw
Brendan wrote:Are you *sure* it's a problem with the segment limit?
For example, is it possible that you're trying to put your stack in the middle of video display memory or ROM, and the error is caused by the CPU pushing stuff onto the stack (e.g. the return address for "call" instructions) and popping off something different later (e.g. some bytes of ROM that causes RET to return to a dodgy address and makes the CPU execute unknown instructions, that leads to lots of new and exciting ways to crash)?
I'm pretty confident that Brendan is right. With a base of zero, 0xfffff - 4 is in the middle of ROM. By the way, you'd better align the stack to 0xffffc.
Re: CS/DS limit?
Posted: Fri Sep 25, 2009 10:28 am
by okaox
I changed stak = 0xAFFFF
--> mov esp, 0xAFFFF
BOCHS: ¿?
Re: CS/DS limit?
Posted: Fri Sep 25, 2009 10:51 am
by okaox
thanks my friends !!!
I also thought something like this
, I'm accessing an area of read-only (Upper memory area) used by some devices i/o (video, etc)
sorry for the loss of time
greetings !!!
Re: CS/DS limit?
Posted: Fri Sep 25, 2009 11:06 am
by AJ
Hi,
Your stack pointer is fine, the return value on the stack is not. It's one of two things:
* You are deliberately trying to RET to code outside of the 0xFFFFF limit. In this case, set the granularity bit(s) in your GDT.
* You are intending to run code within the correct limits, but your stack is corrupted. What is the last value on your stack? Is it what you expect it to be?
Cheers,
Adam