Index
> Windows > fs? TEB? |
| Author |
|
|
revolution 19 Jul 2010, 19:36
Set your thread affinities to lock them to a core.
|
|||
19 Jul 2010, 19:36 |
|
|
b1528932 19 Jul 2010, 19:44
its not core issue!
every single time my thread get diffrent data! how do i check segment base from ring3? it would make trhings easier. |
|||
|
19 Jul 2010, 19:44 |
|
|
revolution 19 Jul 2010, 19:48
Moving to Windows section since the subject doesn't involve fasm.
|
|||
|
19 Jul 2010, 19:48 |
|
|
LocoDelAssembly 19 Jul 2010, 19:57
GetThreadSelectorEntry
BTW, GDT or LDT? Anyway, do you realize that FS is thread-specific and clearly the base has to be different for every thread? Because of this it should not be really necessary to have a fixed base address for the main thread. PS: 0x38 or 0x3B? |
|||
|
19 Jul 2010, 19:57 |
|
|
b1528932 19 Jul 2010, 20:41
Code: base: 7FFDD000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFDC000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFDA000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFDB000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFD9000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFD7000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFD5000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFAF000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFD8000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFD6000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFAD000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFAE000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFD4000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFAB000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFAC000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFA9000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFAA000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFA7000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFA8000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFA5000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFA3000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFA6000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFA4000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFA2000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FFA0000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FF9F000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FFA1000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FF9D000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FF9E000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FF9B000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FF99000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 base: 7FF9C000, limit: 00000FFF, present: 1, GDTR: 3FF F7870190 base: 7FF9A000, limit: 00000FFF, present: 1, GDTR: 3FF 8003F000 done this test with few threads. 38 is the same as 3b, only rpl differ. i found this be examinig getlasterror, first i though its a reace condition between threads. do you know how does os implement this? 3b is a gdt entry, so segment base has to be changed with each task switch. but as u can see in my example, gdt isnt changed, so thread scheduler updates gdt entry. so each time i switch to another thread, GDT is being changed. |
|||
|
19 Jul 2010, 20:41 |
|
|
LocoDelAssembly 19 Jul 2010, 21:13
Quote: 38 is the same as 3b, only rpl differ. Quote: do you know how does os implement this? 3b is a gdt entry, so segment base has to be changed with each task switch. |
|||
|
19 Jul 2010, 21:13 |
|
|
LocoDelAssembly 19 Jul 2010, 21:21
No wait, I made a silly mistake... You're right, it is GDT. If you say that GDT is not changed (and neither the entry in the table?), then I don't know how it is implemented.
|
|||
|
19 Jul 2010, 21:21 |
|
|
b1528932 19 Jul 2010, 22:12
No, entry is changed. my simple program reveals that. It execute sgdt in each thread, along with GetSelectorEntry.
you see that base is always diffrent, and gdt offset is always 8003F000 or F7870190. i think the topic is closed, unless there is something interesting to add. what about kernel mode? when i change privilege, i think os also change fs base to point to other structure. |
|||
|
19 Jul 2010, 22:12 |
|
|
baldr 19 Jul 2010, 22:32
b1528932,
TEB is a per-thread structure, these structures are (usually) stacked starting somewhere near top of user address space (linear 0x7FFDF000 for my XP SP2, and IIRC 0x7FFDE000 on Windows 2000). To provide uniform access to this structure, descriptor corresponding to fs selector is updated during context switch so fs:0 is the address of TEB for current thread. Naturally, each CPU core has its own GDT (BSP has it fixed, 0x8003F000 in your case, for each AP it's allocated dynamically). TEB.Self member (fs:18h) contains linear address of TEB to simplify access to its other members (no need for segment override each time). Last error code is per-thread too, thus it's [fs:34h]. In kernel mode fs points to KPCR. |
|||
|
19 Jul 2010, 22:32 |
|
< Last Thread | Next Thread > |
Forum Rules:
|