VOGONS


First post, by superfury

User metadata
Rank l33t++
Rank
l33t++

I'm just thinking:
- For 8-bit memory operands, the location is checked against the descriptor and paging, faulting on the faults in predetermined order.
- For 16-bit memory operands, the first location is checked against the descriptor and paging, then the next location.

But what happens with 32-bit memory locations(the same might be said for 64-bit memory locations on x86_64)? Are each of the four locations checked? Or are only the first and last locations checked against paging and memory(which would speed up 32-bit memory access checks by a factor of twice as fast and four times as fast for 64-bit memory operands)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 2 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

A memory-mapped device won't help, because it's a CPU internal process(except TLB fetches from RAM)? It's all segment descriptor cache(segmentation) and Paging-related, thus happening without the bus activating(since those should be executed after verification only(except when counting modern CPUs executing, then reverting memory accesses due to prediction missing))?

The only issue that might be there, is that the priority of faults against each other?

When an operand crosses paging 4K borders and segmentation does fault on the higher location of the access(e.g. at n+3), but paging faults at the lower location of the access(e.g. up to n+1 is valid, n+2 is an invalid page). In UniPCemu, currently all memory accesses are faulted at a byte level, checking n against segmentation and paging, then n+1, n+2 and finally n+3.

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 3 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

Some more simple question:

What happens when a segment limit is broken with the segment selector value that's loaded from memory, where the segment selector value's location(e.g. the "LDS ESI,DS:xxxx" offset, thus xxxx+4 and xxxx+5 offsets) is past the limit of the segment selector, the offset(from the LDS operand) of the offset to load into ESI is in valid memory(not breaking the DS segment descriptor's limit) but the paging PTE/PDE for the xxxx memory location isn't valid?

Will it throw a #GP(0) for the invalid segment selector(to load into DS) at DS:[xxxx+4] offset(invalid offset) or a #PF(...) exception for the DS:[xxxx] memory location(invalid page)?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 5 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

So far made the segmentation system itself able to throw seperate segmentation, (data) breakpoint and page faults. Now it's mostly modifying all calls to the checkMMUaccess function(which checks for said segmentation and paging faults) in all CPU modules.

I guess the order of segmentation, then data breakpoints(which mainly just sets flags for faulting after the instruction completes and doesn't fault(no interrupt/exception raised)), and finally after those pass for all addresses(one byte at a time) check for paging faults?
Edit: After about 4-6 hours of manual work searching and replacing all memory access checks in the cpu modules, it should now (excluding common/instruction-specific split instructions like ADD etc., due to being checked in two places(once in the instruction handler and once in the internal instruction handler) first check all available parameters for segmentation faults(and also adding debug register checks(memory breakpoints) after each byte in a byte/word/dword is verified against the segment descriptors). Also stack accesses are counted as one block(sizing up to the total stack space to process) instead of one byte now(on both levels)), then once those are validated(and registered as data breakpoint if applicable internally) it will start checking the memory data against the paging mechanism.

The only instructions that don't fully follow said law are currently the split instruction parameters(where e.g. the opcode 01h ADD handler will check segmentation, debugger and paging in the order specified above as blocks(of 16-bit or 32-bit), executes a read from the source operand, after which (only if the destination is a memory operand) the internal ADD handler(which is common for all ADD instructions) will check the destination operand as specified above. Although that usually isn't a problem, since only one of the two operands is in memory(thus becoming entirely as documented as a result).

One place that will act kind of odd is the extended read opcodes like FFh JMP/CALL instructions, as the GRP handler will check(both layers in order as blocks) and read extra data, after the first 16 or 32-bits are already checked(through all layers), since only then it knows that there's some extra data(the segment to JMP/CALL) is to be read(and checked against).

All other single-variable instructions should work as documented(through both segmentation and paging after that). The major exception would be the conditional-write instructions(like ARPL, which only checks for writing to the destination when the privilege level of the destination privilege level is higher(numerically lower) than the source. The same kind of conditional applies to the 80486+ CMPXCHG instruction).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 6 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

Whoops, just tried to run Windows 95 again, noticed that it infinitely tries to execute a page fault due to the flag 0x10 being set, which I've added in checkMMUaccess to disable the segmentation check(used together with 0x20 to just run segmentation checks). Apparently it's also used to NOP the Paging unit... Oops... Having fixed said bug, the mechanism shouldn't bug out anymore(the only exceptions being conditional-write instructions).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 7 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just fixed the only two operands needing more data: FF/3 and FF/5 far CALL/JMP instructions to behave accordingly.

Edit: The crash at segment 117h still remains. One thing I did find out is that it's a protected-mode driver that's causing the issue, not a Virtual 8086 one(although one does get executed during boot, probably some real-mode drivers running in a Virtual machine).

The strange POP FS with the protected-mode driver(privilege level 3) is still odd though. Anyone? The bootlog.txt goes up to some esdi_506.pdr protected-mode driver when not in safe mode, but this problem(occuring in safe mode) seems to happen in privilege level 3 protected mode?

Normal boot "bootlog.txt" end of file:

[000DF26A] DEVICEINIT   = VDEF    
[000DF26A] DEVICEINITSUCCESS = VDEF
[000DF26C] Initing hsflop.pdr
[000DF2BE] Init Success hsflop.pdr
[000DF2C3] Initing esdi_506.pdr
[000DF2CB] Init Success esdi_506.pdr
[000DF2CB] Initing esdi_506.pdr

The safe mode log ends with something saying "Starting kernel" or something like that (as far as I can remember).

Edit: Hmmm... I see opcode 8E loading 12F into FS, where the base is 0(which usually is invalid in Windows, since that's starting with a NULL pointer on protected-mode software, an invalidated area, at which the entire TIB should be invalid to start with)? ESP is F88(just like at the location the invalid segmentation load is executed), CR3 is 295000h, CS:EIP is 117:00007DB8(the error location, or at least close to it)?

Bootlog in Safe mode with the blue screen cause(because of program at 117:7BDx):

[00142284] Loading Device = C:\WINDOWS\HIMEM.SYS
[001423FF] LoadSuccess = C:\WINDOWS\HIMEM.SYS
[001423FF] Loading Device = C:\WINDOWS\DBLBUFF.SYS
[00142400] LoadSuccess = C:\WINDOWS\DBLBUFF.SYS
[00142400] Loading Device = C:\WINDOWS\IFSHLP.SYS
[00142400] LoadSuccess = C:\WINDOWS\IFSHLP.SYS
[00142401] (Safe boot)
[00142416] Loading Vxd = VMM
[0014242A] LoadSuccess = VMM
[0014242A] Loading Vxd = vmouse
[0014242D] LoadSuccess = vmouse
[0014242D] Loading Vxd = configmg
[00142433] LoadSuccess = configmg
[00142433] Loading Vxd = vwin32
[00142437] LoadSuccess = vwin32
[00142437] Loading Vxd = vfbackup
[00142438] LoadSuccess = vfbackup
[00142438] Loading Vxd = vcomm
[00142439] LoadSuccess = vcomm
[00142439] Loading Vxd = ifsmgr
[00142448] LoadSuccess = ifsmgr
[00142448] Loading Vxd = ios
[0014244E] LoadSuccess = ios
[0014244E] Loading Vxd = vfat
[00142453] LoadSuccess = vfat
[00142454] Loading Vxd = vcache
[00142455] LoadSuccess = vcache
[00142455] Loading Vxd = vcond
[00142458] LoadSuccess = vcond
[00142458] Loading Vxd = int13
[00142459] LoadSuccess = int13
[00142459] Loading Vxd = vxdldr
[0014245B] LoadSuccess = vxdldr
[0014245B] Loading Vxd = vdef
[0014245C] LoadSuccess = vdef
[0014245C] Loading Vxd = dynapage
[0014245D] LoadSuccess = dynapage
[0014245D] Loading Vxd = reboot
[0014245E] LoadSuccess = reboot
[0014245E] Loading Vxd = vsd
[0014245F] LoadSuccess = vsd
[0014245F] Loading Vxd = parity
[0014245F] LoadSuccess = parity
[00142460] Loading Vxd = biosxlat
[00142460] LoadSuccess = biosxlat
[00142460] Loading Vxd = vmcpd
[00142461] LoadSuccess = vmcpd
[00142461] Loading Vxd = vkd
[00142463] LoadSuccess = vkd
[00142463] Loading Vxd = vdd
[00142469] LoadSuccess = vdd
[00142469] Loading Vxd = ebios
[0014246A] LoadSuccess = ebios
[0014246A] Loading Vxd = vtdapi
[0014246B] LoadSuccess = vtdapi
[0014246B] Loading Vxd = vmpoll
[0014246C] LoadSuccess = vmpoll
[0014246C] Loading Vxd = VPICD
[0014246E] LoadSuccess = VPICD
[0014246E] Loading Vxd = VDMAD
Show last 243 lines
[00142470] LoadSuccess = VDMAD
[00142470] Loading Vxd = VTD
[00142471] LoadSuccess = VTD
[00142471] Loading Vxd = V86MMGR
[00142477] LoadSuccess = V86MMGR
[00142477] Loading Vxd = PAGESWAP
[00142478] LoadSuccess = PAGESWAP
[00142478] Loading Vxd = DOSMGR
[0014247C] LoadSuccess = DOSMGR
[0014247C] Loading Vxd = SHELL
[00142480] LoadSuccess = SHELL
[00142480] Loading Vxd = VCD
[00142482] LoadSuccess = VCD
[00142482] Loading Vxd = VPD
[00142484] LoadSuccess = VPD
[00142485] SYSCRITINIT = VMM
[00142486] SYSCRITINITSUCCESS = VMM
[00142486] SYSCRITINIT = VCACHE
[00142486] SYSCRITINITSUCCESS = VCACHE
[00142486] SYSCRITINIT = VPICD
[00142486] SYSCRITINITSUCCESS = VPICD
[00142487] SYSCRITINIT = VTD
[00142487] SYSCRITINITSUCCESS = VTD
[00142487] SYSCRITINIT = VXDLDR
[00142487] SYSCRITINITSUCCESS = VXDLDR
[00142488] SYSCRITINIT = CONFIGMG
[00142488] SYSCRITINITSUCCESS = CONFIGMG
[00142488] SYSCRITINIT = IOS
[00142488] SYSCRITINITSUCCESS = IOS
[00142489] SYSCRITINIT = PAGEFILE
[00142489] SYSCRITINITSUCCESS = PAGEFILE
[00142489] SYSCRITINIT = PAGESWAP
[00142489] SYSCRITINITSUCCESS = PAGESWAP
[0014248A] SYSCRITINIT = PARITY
[0014248A] SYSCRITINITSUCCESS = PARITY
[0014248A] SYSCRITINIT = REBOOT
[0014248A] SYSCRITINITSUCCESS = REBOOT
[0014248B] SYSCRITINIT = EBIOS
[0014248B] SYSCRITINITSUCCESS = EBIOS
[0014248B] SYSCRITINIT = VDD
[0014248C] SYSCRITINITSUCCESS = VDD
[0014248C] SYSCRITINIT = VSD
[0014248C] SYSCRITINITSUCCESS = VSD
[0014248C] SYSCRITINIT = VCD
[0014248C] SYSCRITINITSUCCESS = VCD
[0014248D] SYSCRITINIT = VMOUSE
[0014248D] SYSCRITINITSUCCESS = VMOUSE
[0014248D] SYSCRITINIT = VKD
[0014248E] SYSCRITINITSUCCESS = VKD
[0014248E] SYSCRITINIT = VPD
[0014248E] SYSCRITINITSUCCESS = VPD
[0014248E] SYSCRITINIT = INT13
[0014248F] SYSCRITINITSUCCESS = INT13
[0014248F] SYSCRITINIT = VMCPD
[0014248F] SYSCRITINITSUCCESS = VMCPD
[00142490] SYSCRITINIT = BIOSXLAT
[00142490] SYSCRITINITSUCCESS = BIOSXLAT
[00142490] SYSCRITINIT = DOSMGR
[00142490] SYSCRITINITSUCCESS = DOSMGR
[00142491] SYSCRITINIT = VMPOLL
[00142491] SYSCRITINITSUCCESS = VMPOLL
[00142491] SYSCRITINIT = VWIN32
[00142491] SYSCRITINITSUCCESS = VWIN32
[00142491] SYSCRITINIT = VCOMM
[00142492] SYSCRITINITSUCCESS = VCOMM
[00142492] SYSCRITINIT = VCOND
[00142492] SYSCRITINITSUCCESS = VCOND
[00142492] SYSCRITINIT = VTDAPI
[00142493] SYSCRITINITSUCCESS = VTDAPI
[00142493] SYSCRITINIT = VDMAD
[00142493] SYSCRITINITSUCCESS = VDMAD
[00142493] SYSCRITINIT = V86MMGR
[00142494] SYSCRITINITSUCCESS = V86MMGR
[00142494] SYSCRITINIT = VFAT
[00142494] SYSCRITINITSUCCESS = VFAT
[00142494] SYSCRITINIT = VDEF
[00142494] SYSCRITINITSUCCESS = VDEF
[00142495] SYSCRITINIT = IFSMGR
[00142495] SYSCRITINITSUCCESS = IFSMGR
[00142495] SYSCRITINIT = VFBACKUP
[00142495] SYSCRITINITSUCCESS = VFBACKUP
[00142496] SYSCRITINIT = SHELL
[00142496] SYSCRITINITSUCCESS = SHELL
[00142497] DEVICEINIT = VMM
[00142497] DEVICEINITSUCCESS = VMM
[00142497] DEVICEINIT = VCACHE
[00142498] DEVICEINITSUCCESS = VCACHE
[00142499] DEVICEINIT = VPICD
[00142499] DEVICEINITSUCCESS = VPICD
[0014249A] DEVICEINIT = VTD
[0014249A] DEVICEINITSUCCESS = VTD
[0014249A] DEVICEINIT = VXDLDR
[0014249A] DEVICEINITSUCCESS = VXDLDR
[001424AB] DEVICEINIT = CONFIGMG
[001424AB] DEVICEINITSUCCESS = CONFIGMG
[001424AB] DEVICEINIT = IOS
[001424BD] Dynamic load device C:\WINDOWS\system\IOSUBSYS\apix.vxd
[001424BE] Dynamic load success C:\WINDOWS\system\IOSUBSYS\apix.vxd
[001424BE] Dynamic load device C:\WINDOWS\system\IOSUBSYS\cdfs.vxd
[001424C2] Dynamic load success C:\WINDOWS\system\IOSUBSYS\cdfs.vxd
[001424C2] Dynamic load device C:\WINDOWS\system\IOSUBSYS\cdtsd.vxd
[001424C3] Dynamic load success C:\WINDOWS\system\IOSUBSYS\cdtsd.vxd
[001424C3] Dynamic load device C:\WINDOWS\system\IOSUBSYS\cdvsd.vxd
[001424C4] Dynamic load success C:\WINDOWS\system\IOSUBSYS\cdvsd.vxd
[001424C5] Dynamic load device C:\WINDOWS\system\IOSUBSYS\disktsd.vxd
[001424C6] Dynamic load success C:\WINDOWS\system\IOSUBSYS\disktsd.vxd
[001424C6] Dynamic load device C:\WINDOWS\system\IOSUBSYS\diskvsd.vxd
[001424C7] Dynamic load success C:\WINDOWS\system\IOSUBSYS\diskvsd.vxd
[001424C7] Dynamic load device C:\WINDOWS\system\IOSUBSYS\voltrack.vxd
[001424C8] Dynamic load success C:\WINDOWS\system\IOSUBSYS\voltrack.vxd
[001424C9] Dynamic load device C:\WINDOWS\system\IOSUBSYS\necatapi.vxd
[001424C9] Dynamic load success C:\WINDOWS\system\IOSUBSYS\necatapi.vxd
[001424CA] Dynamic load device C:\WINDOWS\system\IOSUBSYS\scsi1hlp.vxd
[001424CB] Dynamic load success C:\WINDOWS\system\IOSUBSYS\scsi1hlp.vxd
[001424CB] Dynamic load device C:\WINDOWS\system\IOSUBSYS\rmm.pdr
[001424CC] Dynamic load success C:\WINDOWS\system\IOSUBSYS\rmm.pdr
[001424CD] DEVICEINITSUCCESS = IOS
[001424CD] DEVICEINIT = PAGEFILE
[001424CE] DEVICEINITSUCCESS = PAGEFILE
[001424CE] DEVICEINIT = PAGESWAP
[001424CE] DEVICEINITSUCCESS = PAGESWAP
[001424CE] DEVICEINIT = PARITY
[001424CE] DEVICEINITSUCCESS = PARITY
[001424CF] DEVICEINIT = REBOOT
[001424CF] DEVICEINITSUCCESS = REBOOT
[001424CF] DEVICEINIT = EBIOS
[001424D0] DEVICEINITSUCCESS = EBIOS
[001424D0] DEVICEINIT = VDD
[001424D7] DEVICEINITSUCCESS = VDD
[001424D8] DEVICEINIT = VSD
[001424D8] DEVICEINITSUCCESS = VSD
[001424D8] DEVICEINIT = VCD
[001424D8] DEVICEINITSUCCESS = VCD
[001424D8] DEVICEINIT = VMOUSE
[001424D9] DEVICEINITSUCCESS = VMOUSE
[001424D9] DEVICEINIT = VKD
[001424D9] DEVICEINITSUCCESS = VKD
[001424DA] DEVICEINIT = VPD
[001424DA] DEVICEINITSUCCESS = VPD
[001424DA] DEVICEINIT = INT13
[001424DA] DEVICEINITSUCCESS = INT13
[001424DB] DEVICEINIT = VMCPD
[001424DB] DEVICEINITSUCCESS = VMCPD
[001424DB] DEVICEINIT = BIOSXLAT
[001424DC] DEVICEINITSUCCESS = BIOSXLAT
[001424DC] DEVICEINIT = DOSMGR
[001424DC] DEVICEINITSUCCESS = DOSMGR
[001424DD] DEVICEINIT = VMPOLL
[001424DE] DEVICEINITSUCCESS = VMPOLL
[001424DE] DEVICEINIT = VWIN32
[001424DE] DEVICEINITSUCCESS = VWIN32
[001424DE] DEVICEINIT = VCOMM
[001424DF] DEVICEINITSUCCESS = VCOMM
[001424DF] DEVICEINIT = VCOND
[001424E0] DEVICEINITSUCCESS = VCOND
[001424E0] DEVICEINIT = VTDAPI
[001424E0] DEVICEINITSUCCESS = VTDAPI
[001424E0] DEVICEINIT = VDMAD
[001424E0] DEVICEINITSUCCESS = VDMAD
[001424E1] DEVICEINIT = V86MMGR
[001424E2] DEVICEINITSUCCESS = V86MMGR
[001424E2] DEVICEINIT = VFAT
[001424E2] DEVICEINITSUCCESS = VFAT
[001424E3] DEVICEINIT = VDEF
[001424E3] DEVICEINITSUCCESS = VDEF
[001424FF] INITCOMPLETE = VMM
[00142500] INITCOMPLETESUCCESS = VMM
[00142500] INITCOMPLETE = VCACHE
[00142500] INITCOMPLETESUCCESS = VCACHE
[00142500] INITCOMPLETE = VPICD
[00142501] INITCOMPLETESUCCESS = VPICD
[00142501] INITCOMPLETE = VTD
[00142501] INITCOMPLETESUCCESS = VTD
[00142502] INITCOMPLETE = VXDLDR
[00142502] INITCOMPLETESUCCESS = VXDLDR
[00142502] INITCOMPLETE = CONFIGMG
[00142503] INITCOMPLETESUCCESS = CONFIGMG
[00142503] INITCOMPLETE = IOS
[0014252B] INITCOMPLETESUCCESS = IOS
[0014252C] INITCOMPLETE = PAGEFILE
[0014252C] INITCOMPLETESUCCESS = PAGEFILE
[0014252C] INITCOMPLETE = PAGESWAP
[0014252C] INITCOMPLETESUCCESS = PAGESWAP
[0014252D] INITCOMPLETE = PARITY
[0014252D] INITCOMPLETESUCCESS = PARITY
[0014252D] INITCOMPLETE = REBOOT
[0014252E] INITCOMPLETESUCCESS = REBOOT
[0014252E] INITCOMPLETE = EBIOS
[0014252E] INITCOMPLETESUCCESS = EBIOS
[0014252F] INITCOMPLETE = VDD
[0014252F] INITCOMPLETESUCCESS = VDD
[0014252F] INITCOMPLETE = VSD
[00142530] INITCOMPLETESUCCESS = VSD
[00142530] INITCOMPLETE = VCD
[00142530] INITCOMPLETESUCCESS = VCD
[00142531] INITCOMPLETE = VMOUSE
[00142531] INITCOMPLETESUCCESS = VMOUSE
[00142532] INITCOMPLETE = VKD
[00142532] INITCOMPLETESUCCESS = VKD
[00142533] INITCOMPLETE = VPD
[00142533] INITCOMPLETESUCCESS = VPD
[00142534] INITCOMPLETE = INT13
[00142534] INITCOMPLETESUCCESS = INT13
[00142534] INITCOMPLETE = VMCPD
[00142534] INITCOMPLETESUCCESS = VMCPD
[00142535] INITCOMPLETE = BIOSXLAT
[00142536] INITCOMPLETESUCCESS = BIOSXLAT
[00142536] INITCOMPLETE = DOSMGR
[00142536] INITCOMPLETESUCCESS = DOSMGR
[00142537] INITCOMPLETE = VMPOLL
[00142537] INITCOMPLETESUCCESS = VMPOLL
[00142538] INITCOMPLETE = VWIN32
[0014253A] INITCOMPLETESUCCESS = VWIN32
[0014253A] INITCOMPLETE = VCOMM
[0014253A] INITCOMPLETESUCCESS = VCOMM
[0014253B] INITCOMPLETE = VCOND
[0014253B] INITCOMPLETESUCCESS = VCOND
[0014253C] INITCOMPLETE = VTDAPI
[0014253C] INITCOMPLETESUCCESS = VTDAPI
[0014253C] INITCOMPLETE = DiskTSD
[0014253C] INITCOMPLETESUCCESS = DiskTSD
[0014253D] INITCOMPLETE = voltrack
[0014253D] INITCOMPLETESUCCESS = voltrack
[0014253E] INITCOMPLETE = RMM
[0014253E] INITCOMPLETESUCCESS = RMM
[0014253E] INITCOMPLETE = VDMAD
[0014253E] INITCOMPLETESUCCESS = VDMAD
[00142540] INITCOMPLETE = V86MMGR
[00142540] INITCOMPLETESUCCESS = V86MMGR
[00142540] INITCOMPLETE = VFAT
[00142540] INITCOMPLETESUCCESS = VFAT
[00142541] INITCOMPLETE = VDEF
[00142541] INITCOMPLETESUCCESS = VDEF
[00142542] INITCOMPLETE = IFSMGR
[00142544] INITCOMPLETESUCCESS = IFSMGR
[00142545] INITCOMPLETE = VFD
[00142545] INITCOMPLETESUCCESS = VFD
[00142546] INITCOMPLETE = VFBACKUP
[00142546] INITCOMPLETESUCCESS = VFBACKUP
[00142546] INITCOMPLETE = SHELL
[00142547] INITCOMPLETESUCCESS = SHELL
Initializing KERNEL

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 8 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

The new, shorter and fixed/improved(proper segmentation+CR3+TSSbase+TR filtering instead of with segmentation filter disabled in other processor modes(Virtual and Real mode in this case)) log https://www.dropbox.com/s/1irnt6w7p4hvze9/deb … proved.zip?dl=0

Anyone can see what's going wrong?

Edit: Hmmmm... Those reads and writes to CS:[0002] and ES:[0002] (also DS:[0002]?)... It might be using said value as some kind of FS handler(exception handler?) buffer?
Edit: Linear address 000095c2 seems to contain said data?

Anyone?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 9 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

Another strange thing is that EIP is within 64K limits the entire time, even though it's a 4GB code segment? Why start within 64K? Isn't it usually loaded way higher? 0x40000 for executables and 0x80000000+ for drivers etc.? See https://www.tenouk.com/visualcplusmfc/visualcplusmfc20.html figure 3?

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 10 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just fixed the XCHG instructions to properly check segmentation first, then paging.

Also optimized up to 80286+ instructions to check writes against writes only and not against reads too(since write access on both paging and segmentation also requires read access by x86 design). Only 80386+ opcodes are left to do(normal and 0F opcodes). 80486 doesn't need changes(no new opcodes with checks).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io

Reply 11 of 11, by superfury

User metadata
Rank l33t++
Rank
l33t++

Just fixed a bug in the 80386+ BSF/BSR memory protection checks(checking for writes against the src operand instead of the dest operand).

Also optimized the 80386 0F opcodes for memory writes(see previous post). Now only the 32-bit 8086/80186 (the 80386 module) opcodes are left.

Edit: Just optimized the 32-bity 8086/80186(the 80386 module) opcodes. Now all memory checks should only be checked for once, during execution of an instruction(instead of multiple times for modifying memory operands, e.g. add [memory],reg will execute one check for reg and one for memory(except when memory has multiple operands, e.g. L*S instructions and far jmp/call instructions from memory operands, as well as MOV [memory],reg and MOV reg,[memory])).

Author of the UniPCemu emulator.
UniPCemu Git repository
UniPCemu for Android, Windows, PSP, Vita and Switch on itch.io