x86 protection checks with 32-bit and 64-bit operands?

Emulation of old PCs, PC hardware, or PC peripherals.

x86 protection checks with 32-bit and 64-bit operands?

Postby superfury » 2019-1-09 @ 19:12

I'm just thinking:
- For 8-bit memory operands, the location is checked against the descriptor and paging, faulting on the faults in predetermined order.
- For 16-bit memory operands, the first location is checked against the descriptor and paging, then the next location.

But what happens with 32-bit memory locations(the same might be said for 64-bit memory locations on x86_64)? Are each of the four locations checked? Or are only the first and last locations checked against paging and memory(which would speed up 32-bit memory access checks by a factor of twice as fast and four times as fast for 64-bit memory operands)?
superfury
l33t
 
Posts: 2736
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby peterferrie » 2019-1-09 @ 20:19

It seems to make sense that only first and last bytes are checked, but to verify it would seem to require a memory-mapped device that can log the order of accesses.
peterferrie
Oldbie
 
Posts: 626
Joined: 2008-5-08 @ 21:54

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby superfury » 2019-1-10 @ 11:58

A memory-mapped device won't help, because it's a CPU internal process(except TLB fetches from RAM)? It's all segment descriptor cache(segmentation) and Paging-related, thus happening without the bus activating(since those should be executed after verification only(except when counting modern CPUs executing, then reverting memory accesses due to prediction missing))?

The only issue that might be there, is that the priority of faults against each other?

When an operand crosses paging 4K borders and segmentation does fault on the higher location of the access(e.g. at n+3), but paging faults at the lower location of the access(e.g. up to n+1 is valid, n+2 is an invalid page). In UniPCemu, currently all memory accesses are faulted at a byte level, checking n against segmentation and paging, then n+1, n+2 and finally n+3.
superfury
l33t
 
Posts: 2736
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby superfury » 2019-1-10 @ 13:28

Some more simple question:

What happens when a segment limit is broken with the segment selector value that's loaded from memory, where the segment selector value's location(e.g. the "LDS ESI,DS:xxxx" offset, thus xxxx+4 and xxxx+5 offsets) is past the limit of the segment selector, the offset(from the LDS operand) of the offset to load into ESI is in valid memory(not breaking the DS segment descriptor's limit) but the paging PTE/PDE for the xxxx memory location isn't valid?

Will it throw a #GP(0) for the invalid segment selector(to load into DS) at DS:[xxxx+4] offset(invalid offset) or a #PF(...) exception for the DS:[xxxx] memory location(invalid page)?
superfury
l33t
 
Posts: 2736
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby peterferrie » 2019-1-11 @ 23:45

I seem to remember that GP will occur first because the bounds are checked before the page access is verified.
It's probably the cheaper test.
peterferrie
Oldbie
 
Posts: 626
Joined: 2008-5-08 @ 21:54

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby superfury » 2019-1-13 @ 13:06

So far made the segmentation system itself able to throw seperate segmentation, (data) breakpoint and page faults. Now it's mostly modifying all calls to the checkMMUaccess function(which checks for said segmentation and paging faults) in all CPU modules.

I guess the order of segmentation, then data breakpoints(which mainly just sets flags for faulting after the instruction completes and doesn't fault(no interrupt/exception raised)), and finally after those pass for all addresses(one byte at a time) check for paging faults?
Edit: After about 4-6 hours of manual work searching and replacing all memory access checks in the cpu modules, it should now (excluding common/instruction-specific split instructions like ADD etc., due to being checked in two places(once in the instruction handler and once in the internal instruction handler) first check all available parameters for segmentation faults(and also adding debug register checks(memory breakpoints) after each byte in a byte/word/dword is verified against the segment descriptors). Also stack accesses are counted as one block(sizing up to the total stack space to process) instead of one byte now(on both levels)), then once those are validated(and registered as data breakpoint if applicable internally) it will start checking the memory data against the paging mechanism.

The only instructions that don't fully follow said law are currently the split instruction parameters(where e.g. the opcode 01h ADD handler will check segmentation, debugger and paging in the order specified above as blocks(of 16-bit or 32-bit), executes a read from the source operand, after which (only if the destination is a memory operand) the internal ADD handler(which is common for all ADD instructions) will check the destination operand as specified above. Although that usually isn't a problem, since only one of the two operands is in memory(thus becoming entirely as documented as a result).

One place that will act kind of odd is the extended read opcodes like FFh JMP/CALL instructions, as the GRP handler will check(both layers in order as blocks) and read extra data, after the first 16 or 32-bits are already checked(through all layers), since only then it knows that there's some extra data(the segment to JMP/CALL) is to be read(and checked against).

All other single-variable instructions should work as documented(through both segmentation and paging after that). The major exception would be the conditional-write instructions(like ARPL, which only checks for writing to the destination when the privilege level of the destination privilege level is higher(numerically lower) than the source. The same kind of conditional applies to the 80486+ CMPXCHG instruction).
superfury
l33t
 
Posts: 2736
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby superfury » 2019-1-13 @ 18:28

Whoops, just tried to run Windows 95 again, noticed that it infinitely tries to execute a page fault due to the flag 0x10 being set, which I've added in checkMMUaccess to disable the segmentation check(used together with 0x20 to just run segmentation checks). Apparently it's also used to NOP the Paging unit... Oops... Having fixed said bug, the mechanism shouldn't bug out anymore(the only exceptions being conditional-write instructions).
superfury
l33t
 
Posts: 2736
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby superfury » 2019-1-14 @ 06:48

Just fixed the only two operands needing more data: FF/3 and FF/5 far CALL/JMP instructions to behave accordingly.

Edit: The crash at segment 117h still remains. One thing I did find out is that it's a protected-mode driver that's causing the issue, not a Virtual 8086 one(although one does get executed during boot, probably some real-mode drivers running in a Virtual machine).

The strange POP FS with the protected-mode driver(privilege level 3) is still odd though. Anyone? The bootlog.txt goes up to some esdi_506.pdr protected-mode driver when not in safe mode, but this problem(occuring in safe mode) seems to happen in privilege level 3 protected mode?

Normal boot "bootlog.txt" end of file:
Code: Select all
[000DF26A] DEVICEINIT   = VDEF   
[000DF26A] DEVICEINITSUCCESS   = VDEF   
[000DF26C] Initing hsflop.pdr
[000DF2BE] Init Success hsflop.pdr
[000DF2C3] Initing esdi_506.pdr
[000DF2CB] Init Success esdi_506.pdr
[000DF2CB] Initing esdi_506.pdr


The safe mode log ends with something saying "Starting kernel" or something like that (as far as I can remember).

Edit: Hmmm... I see opcode 8E loading 12F into FS, where the base is 0(which usually is invalid in Windows, since that's starting with a NULL pointer on protected-mode software, an invalidated area, at which the entire TIB should be invalid to start with)? ESP is F88(just like at the location the invalid segmentation load is executed), CR3 is 295000h, CS:EIP is 117:00007DB8(the error location, or at least close to it)?

Bootlog in Safe mode with the blue screen cause(because of program at 117:7BDx):
Code: Select all
[00142284] Loading Device = C:\WINDOWS\HIMEM.SYS
[001423FF] LoadSuccess    = C:\WINDOWS\HIMEM.SYS
[001423FF] Loading Device = C:\WINDOWS\DBLBUFF.SYS
[00142400] LoadSuccess    = C:\WINDOWS\DBLBUFF.SYS
[00142400] Loading Device = C:\WINDOWS\IFSHLP.SYS
[00142400] LoadSuccess    = C:\WINDOWS\IFSHLP.SYS
[00142401] (Safe boot)
[00142416] Loading Vxd = VMM
[0014242A] LoadSuccess = VMM
[0014242A] Loading Vxd = vmouse
[0014242D] LoadSuccess = vmouse
[0014242D] Loading Vxd = configmg
[00142433] LoadSuccess = configmg
[00142433] Loading Vxd = vwin32
[00142437] LoadSuccess = vwin32
[00142437] Loading Vxd = vfbackup
[00142438] LoadSuccess = vfbackup
[00142438] Loading Vxd = vcomm
[00142439] LoadSuccess = vcomm
[00142439] Loading Vxd = ifsmgr
[00142448] LoadSuccess = ifsmgr
[00142448] Loading Vxd = ios
[0014244E] LoadSuccess = ios
[0014244E] Loading Vxd = vfat
[00142453] LoadSuccess = vfat
[00142454] Loading Vxd = vcache
[00142455] LoadSuccess = vcache
[00142455] Loading Vxd = vcond
[00142458] LoadSuccess = vcond
[00142458] Loading Vxd = int13
[00142459] LoadSuccess = int13
[00142459] Loading Vxd = vxdldr
[0014245B] LoadSuccess = vxdldr
[0014245B] Loading Vxd = vdef
[0014245C] LoadSuccess = vdef
[0014245C] Loading Vxd = dynapage
[0014245D] LoadSuccess = dynapage
[0014245D] Loading Vxd = reboot
[0014245E] LoadSuccess = reboot
[0014245E] Loading Vxd = vsd
[0014245F] LoadSuccess = vsd
[0014245F] Loading Vxd = parity
[0014245F] LoadSuccess = parity
[00142460] Loading Vxd = biosxlat
[00142460] LoadSuccess = biosxlat
[00142460] Loading Vxd = vmcpd
[00142461] LoadSuccess = vmcpd
[00142461] Loading Vxd = vkd
[00142463] LoadSuccess = vkd
[00142463] Loading Vxd = vdd
[00142469] LoadSuccess = vdd
[00142469] Loading Vxd = ebios
[0014246A] LoadSuccess = ebios
[0014246A] Loading Vxd = vtdapi
[0014246B] LoadSuccess = vtdapi
[0014246B] Loading Vxd = vmpoll
[0014246C] LoadSuccess = vmpoll
[0014246C] Loading Vxd = VPICD
[0014246E] LoadSuccess = VPICD
[0014246E] Loading Vxd = VDMAD
[00142470] LoadSuccess = VDMAD
[00142470] Loading Vxd = VTD
[00142471] LoadSuccess = VTD
[00142471] Loading Vxd = V86MMGR
[00142477] LoadSuccess = V86MMGR
[00142477] Loading Vxd = PAGESWAP
[00142478] LoadSuccess = PAGESWAP
[00142478] Loading Vxd = DOSMGR
[0014247C] LoadSuccess = DOSMGR
[0014247C] Loading Vxd = SHELL
[00142480] LoadSuccess = SHELL
[00142480] Loading Vxd = VCD
[00142482] LoadSuccess = VCD
[00142482] Loading Vxd = VPD
[00142484] LoadSuccess = VPD
[00142485] SYSCRITINIT  = VMM     
[00142486] SYSCRITINITSUCCESS  = VMM     
[00142486] SYSCRITINIT  = VCACHE 
[00142486] SYSCRITINITSUCCESS  = VCACHE 
[00142486] SYSCRITINIT  = VPICD   
[00142486] SYSCRITINITSUCCESS  = VPICD   
[00142487] SYSCRITINIT  = VTD     
[00142487] SYSCRITINITSUCCESS  = VTD     
[00142487] SYSCRITINIT  = VXDLDR 
[00142487] SYSCRITINITSUCCESS  = VXDLDR 
[00142488] SYSCRITINIT  = CONFIGMG
[00142488] SYSCRITINITSUCCESS  = CONFIGMG
[00142488] SYSCRITINIT  = IOS     
[00142488] SYSCRITINITSUCCESS  = IOS     
[00142489] SYSCRITINIT  = PAGEFILE
[00142489] SYSCRITINITSUCCESS  = PAGEFILE
[00142489] SYSCRITINIT  = PAGESWAP
[00142489] SYSCRITINITSUCCESS  = PAGESWAP
[0014248A] SYSCRITINIT  = PARITY 
[0014248A] SYSCRITINITSUCCESS  = PARITY 
[0014248A] SYSCRITINIT  = REBOOT 
[0014248A] SYSCRITINITSUCCESS  = REBOOT 
[0014248B] SYSCRITINIT  = EBIOS   
[0014248B] SYSCRITINITSUCCESS  = EBIOS   
[0014248B] SYSCRITINIT  = VDD     
[0014248C] SYSCRITINITSUCCESS  = VDD     
[0014248C] SYSCRITINIT  = VSD     
[0014248C] SYSCRITINITSUCCESS  = VSD     
[0014248C] SYSCRITINIT  = VCD     
[0014248C] SYSCRITINITSUCCESS  = VCD     
[0014248D] SYSCRITINIT  = VMOUSE 
[0014248D] SYSCRITINITSUCCESS  = VMOUSE 
[0014248D] SYSCRITINIT  = VKD     
[0014248E] SYSCRITINITSUCCESS  = VKD     
[0014248E] SYSCRITINIT  = VPD     
[0014248E] SYSCRITINITSUCCESS  = VPD     
[0014248E] SYSCRITINIT  = INT13   
[0014248F] SYSCRITINITSUCCESS  = INT13   
[0014248F] SYSCRITINIT  = VMCPD   
[0014248F] SYSCRITINITSUCCESS  = VMCPD   
[00142490] SYSCRITINIT  = BIOSXLAT
[00142490] SYSCRITINITSUCCESS  = BIOSXLAT
[00142490] SYSCRITINIT  = DOSMGR 
[00142490] SYSCRITINITSUCCESS  = DOSMGR 
[00142491] SYSCRITINIT  = VMPOLL 
[00142491] SYSCRITINITSUCCESS  = VMPOLL 
[00142491] SYSCRITINIT  = VWIN32 
[00142491] SYSCRITINITSUCCESS  = VWIN32 
[00142491] SYSCRITINIT  = VCOMM   
[00142492] SYSCRITINITSUCCESS  = VCOMM   
[00142492] SYSCRITINIT  = VCOND   
[00142492] SYSCRITINITSUCCESS  = VCOND   
[00142492] SYSCRITINIT  = VTDAPI 
[00142493] SYSCRITINITSUCCESS  = VTDAPI 
[00142493] SYSCRITINIT  = VDMAD   
[00142493] SYSCRITINITSUCCESS  = VDMAD   
[00142493] SYSCRITINIT  = V86MMGR
[00142494] SYSCRITINITSUCCESS  = V86MMGR
[00142494] SYSCRITINIT  = VFAT   
[00142494] SYSCRITINITSUCCESS  = VFAT   
[00142494] SYSCRITINIT  = VDEF   
[00142494] SYSCRITINITSUCCESS  = VDEF   
[00142495] SYSCRITINIT  = IFSMGR 
[00142495] SYSCRITINITSUCCESS  = IFSMGR 
[00142495] SYSCRITINIT  = VFBACKUP
[00142495] SYSCRITINITSUCCESS  = VFBACKUP
[00142496] SYSCRITINIT  = SHELL   
[00142496] SYSCRITINITSUCCESS  = SHELL   
[00142497] DEVICEINIT   = VMM     
[00142497] DEVICEINITSUCCESS   = VMM     
[00142497] DEVICEINIT   = VCACHE 
[00142498] DEVICEINITSUCCESS   = VCACHE 
[00142499] DEVICEINIT   = VPICD   
[00142499] DEVICEINITSUCCESS   = VPICD   
[0014249A] DEVICEINIT   = VTD     
[0014249A] DEVICEINITSUCCESS   = VTD     
[0014249A] DEVICEINIT   = VXDLDR 
[0014249A] DEVICEINITSUCCESS   = VXDLDR 
[001424AB] DEVICEINIT   = CONFIGMG
[001424AB] DEVICEINITSUCCESS   = CONFIGMG
[001424AB] DEVICEINIT   = IOS     
[001424BD] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\apix.vxd
[001424BE] Dynamic load success C:\WINDOWS\system\IOSUBSYS\apix.vxd
[001424BE] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\cdfs.vxd
[001424C2] Dynamic load success C:\WINDOWS\system\IOSUBSYS\cdfs.vxd
[001424C2] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\cdtsd.vxd
[001424C3] Dynamic load success C:\WINDOWS\system\IOSUBSYS\cdtsd.vxd
[001424C3] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\cdvsd.vxd
[001424C4] Dynamic load success C:\WINDOWS\system\IOSUBSYS\cdvsd.vxd
[001424C5] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\disktsd.vxd
[001424C6] Dynamic load success C:\WINDOWS\system\IOSUBSYS\disktsd.vxd
[001424C6] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\diskvsd.vxd
[001424C7] Dynamic load success C:\WINDOWS\system\IOSUBSYS\diskvsd.vxd
[001424C7] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\voltrack.vxd
[001424C8] Dynamic load success C:\WINDOWS\system\IOSUBSYS\voltrack.vxd
[001424C9] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\necatapi.vxd
[001424C9] Dynamic load success C:\WINDOWS\system\IOSUBSYS\necatapi.vxd
[001424CA] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\scsi1hlp.vxd
[001424CB] Dynamic load success C:\WINDOWS\system\IOSUBSYS\scsi1hlp.vxd
[001424CB] Dynamic load device  C:\WINDOWS\system\IOSUBSYS\rmm.pdr
[001424CC] Dynamic load success C:\WINDOWS\system\IOSUBSYS\rmm.pdr
[001424CD] DEVICEINITSUCCESS   = IOS     
[001424CD] DEVICEINIT   = PAGEFILE
[001424CE] DEVICEINITSUCCESS   = PAGEFILE
[001424CE] DEVICEINIT   = PAGESWAP
[001424CE] DEVICEINITSUCCESS   = PAGESWAP
[001424CE] DEVICEINIT   = PARITY 
[001424CE] DEVICEINITSUCCESS   = PARITY 
[001424CF] DEVICEINIT   = REBOOT 
[001424CF] DEVICEINITSUCCESS   = REBOOT 
[001424CF] DEVICEINIT   = EBIOS   
[001424D0] DEVICEINITSUCCESS   = EBIOS   
[001424D0] DEVICEINIT   = VDD     
[001424D7] DEVICEINITSUCCESS   = VDD     
[001424D8] DEVICEINIT   = VSD     
[001424D8] DEVICEINITSUCCESS   = VSD     
[001424D8] DEVICEINIT   = VCD     
[001424D8] DEVICEINITSUCCESS   = VCD     
[001424D8] DEVICEINIT   = VMOUSE 
[001424D9] DEVICEINITSUCCESS   = VMOUSE 
[001424D9] DEVICEINIT   = VKD     
[001424D9] DEVICEINITSUCCESS   = VKD     
[001424DA] DEVICEINIT   = VPD     
[001424DA] DEVICEINITSUCCESS   = VPD     
[001424DA] DEVICEINIT   = INT13   
[001424DA] DEVICEINITSUCCESS   = INT13   
[001424DB] DEVICEINIT   = VMCPD   
[001424DB] DEVICEINITSUCCESS   = VMCPD   
[001424DB] DEVICEINIT   = BIOSXLAT
[001424DC] DEVICEINITSUCCESS   = BIOSXLAT
[001424DC] DEVICEINIT   = DOSMGR 
[001424DC] DEVICEINITSUCCESS   = DOSMGR 
[001424DD] DEVICEINIT   = VMPOLL 
[001424DE] DEVICEINITSUCCESS   = VMPOLL 
[001424DE] DEVICEINIT   = VWIN32 
[001424DE] DEVICEINITSUCCESS   = VWIN32 
[001424DE] DEVICEINIT   = VCOMM   
[001424DF] DEVICEINITSUCCESS   = VCOMM   
[001424DF] DEVICEINIT   = VCOND   
[001424E0] DEVICEINITSUCCESS   = VCOND   
[001424E0] DEVICEINIT   = VTDAPI 
[001424E0] DEVICEINITSUCCESS   = VTDAPI 
[001424E0] DEVICEINIT   = VDMAD   
[001424E0] DEVICEINITSUCCESS   = VDMAD   
[001424E1] DEVICEINIT   = V86MMGR
[001424E2] DEVICEINITSUCCESS   = V86MMGR
[001424E2] DEVICEINIT   = VFAT   
[001424E2] DEVICEINITSUCCESS   = VFAT   
[001424E3] DEVICEINIT   = VDEF   
[001424E3] DEVICEINITSUCCESS   = VDEF   
[001424FF] INITCOMPLETE = VMM     
[00142500] INITCOMPLETESUCCESS = VMM     
[00142500] INITCOMPLETE = VCACHE 
[00142500] INITCOMPLETESUCCESS = VCACHE 
[00142500] INITCOMPLETE = VPICD   
[00142501] INITCOMPLETESUCCESS = VPICD   
[00142501] INITCOMPLETE = VTD     
[00142501] INITCOMPLETESUCCESS = VTD     
[00142502] INITCOMPLETE = VXDLDR 
[00142502] INITCOMPLETESUCCESS = VXDLDR 
[00142502] INITCOMPLETE = CONFIGMG
[00142503] INITCOMPLETESUCCESS = CONFIGMG
[00142503] INITCOMPLETE = IOS     
[0014252B] INITCOMPLETESUCCESS = IOS     
[0014252C] INITCOMPLETE = PAGEFILE
[0014252C] INITCOMPLETESUCCESS = PAGEFILE
[0014252C] INITCOMPLETE = PAGESWAP
[0014252C] INITCOMPLETESUCCESS = PAGESWAP
[0014252D] INITCOMPLETE = PARITY 
[0014252D] INITCOMPLETESUCCESS = PARITY 
[0014252D] INITCOMPLETE = REBOOT 
[0014252E] INITCOMPLETESUCCESS = REBOOT 
[0014252E] INITCOMPLETE = EBIOS   
[0014252E] INITCOMPLETESUCCESS = EBIOS   
[0014252F] INITCOMPLETE = VDD     
[0014252F] INITCOMPLETESUCCESS = VDD     
[0014252F] INITCOMPLETE = VSD     
[00142530] INITCOMPLETESUCCESS = VSD     
[00142530] INITCOMPLETE = VCD     
[00142530] INITCOMPLETESUCCESS = VCD     
[00142531] INITCOMPLETE = VMOUSE 
[00142531] INITCOMPLETESUCCESS = VMOUSE 
[00142532] INITCOMPLETE = VKD     
[00142532] INITCOMPLETESUCCESS = VKD     
[00142533] INITCOMPLETE = VPD     
[00142533] INITCOMPLETESUCCESS = VPD     
[00142534] INITCOMPLETE = INT13   
[00142534] INITCOMPLETESUCCESS = INT13   
[00142534] INITCOMPLETE = VMCPD   
[00142534] INITCOMPLETESUCCESS = VMCPD   
[00142535] INITCOMPLETE = BIOSXLAT
[00142536] INITCOMPLETESUCCESS = BIOSXLAT
[00142536] INITCOMPLETE = DOSMGR 
[00142536] INITCOMPLETESUCCESS = DOSMGR 
[00142537] INITCOMPLETE = VMPOLL 
[00142537] INITCOMPLETESUCCESS = VMPOLL 
[00142538] INITCOMPLETE = VWIN32 
[0014253A] INITCOMPLETESUCCESS = VWIN32 
[0014253A] INITCOMPLETE = VCOMM   
[0014253A] INITCOMPLETESUCCESS = VCOMM   
[0014253B] INITCOMPLETE = VCOND   
[0014253B] INITCOMPLETESUCCESS = VCOND   
[0014253C] INITCOMPLETE = VTDAPI 
[0014253C] INITCOMPLETESUCCESS = VTDAPI 
[0014253C] INITCOMPLETE = DiskTSD
[0014253C] INITCOMPLETESUCCESS = DiskTSD
[0014253D] INITCOMPLETE = voltrack
[0014253D] INITCOMPLETESUCCESS = voltrack
[0014253E] INITCOMPLETE = RMM     
[0014253E] INITCOMPLETESUCCESS = RMM     
[0014253E] INITCOMPLETE = VDMAD   
[0014253E] INITCOMPLETESUCCESS = VDMAD   
[00142540] INITCOMPLETE = V86MMGR
[00142540] INITCOMPLETESUCCESS = V86MMGR
[00142540] INITCOMPLETE = VFAT   
[00142540] INITCOMPLETESUCCESS = VFAT   
[00142541] INITCOMPLETE = VDEF   
[00142541] INITCOMPLETESUCCESS = VDEF   
[00142542] INITCOMPLETE = IFSMGR 
[00142544] INITCOMPLETESUCCESS = IFSMGR 
[00142545] INITCOMPLETE = VFD     
[00142545] INITCOMPLETESUCCESS = VFD     
[00142546] INITCOMPLETE = VFBACKUP
[00142546] INITCOMPLETESUCCESS = VFBACKUP
[00142546] INITCOMPLETE = SHELL   
[00142547] INITCOMPLETESUCCESS = SHELL   
Initializing KERNEL
superfury
l33t
 
Posts: 2736
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby superfury » 2019-1-15 @ 09:20

The new, shorter and fixed/improved(proper segmentation+CR3+TSSbase+TR filtering instead of with segmentation filter disabled in other processor modes(Virtual and Real mode in this case)) log https://www.dropbox.com/s/1irnt6w7p4hvz ... d.zip?dl=0

Anyone can see what's going wrong?

Edit: Hmmmm... Those reads and writes to CS:[0002] and ES:[0002] (also DS:[0002]?)... It might be using said value as some kind of FS handler(exception handler?) buffer?
Edit: Linear address 000095c2 seems to contain said data?

Anyone?
superfury
l33t
 
Posts: 2736
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: x86 protection checks with 32-bit and 64-bit operands?

Postby superfury » 2019-1-16 @ 17:02

Another strange thing is that EIP is within 64K limits the entire time, even though it's a 4GB code segment? Why start within 64K? Isn't it usually loaded way higher? 0x40000 for executables and 0x80000000+ for drivers etc.? See https://www.tenouk.com/visualcplusmfc/v ... mfc20.html figure 3?
superfury
l33t
 
Posts: 2736
Joined: 2014-3-08 @ 11:25
Location: Netherlands


Return to PC Emulation

Who is online

Users browsing this forum: kjliew and 0 guests