nikolatesla20
May 2nd, 2005, 14:09
Ive just been refreshing myself on protected mode and stuff.
Can't quite figure out yet - In windows the first 4 entries in the GDT table contain:
code ring0 DPL 0 RE
data ring0 DPL 0 RW
code ring3 DPL 3 RE
data ring3 DPL 3 RW
and they all overlap from 0x00000000 to 0xFFFFFFFF, except of course their privilege bits differ.
I was curious, I have been googling over the past week, but I have not found a satisfactory answer to how, for example, windows can write data to a code area, (in either the ring3 or ring0 segment) when the protection of the segment in the GDT descriptor is set to RE (read-execute). Doesn't the processor throw an exception when this write is attempted?
Also, I actually tried to change an entry in the GDT while inside softICE (tried to change the privilege level of the ring0 segment) and my whole computer locked solid LOL.
I'm thinking maybe i'll just have to step thru WriteProcessMemory for a while and see what actually goes on.
-nt20
Can't quite figure out yet - In windows the first 4 entries in the GDT table contain:
code ring0 DPL 0 RE
data ring0 DPL 0 RW
code ring3 DPL 3 RE
data ring3 DPL 3 RW
and they all overlap from 0x00000000 to 0xFFFFFFFF, except of course their privilege bits differ.
I was curious, I have been googling over the past week, but I have not found a satisfactory answer to how, for example, windows can write data to a code area, (in either the ring3 or ring0 segment) when the protection of the segment in the GDT descriptor is set to RE (read-execute). Doesn't the processor throw an exception when this write is attempted?
Also, I actually tried to change an entry in the GDT while inside softICE (tried to change the privilege level of the ring0 segment) and my whole computer locked solid LOL.
I'm thinking maybe i'll just have to step thru WriteProcessMemory for a while and see what actually goes on.
-nt20