flat assembler
Message board for the users of flat assembler.

Index > Windows > 67h prefix under x86/x64

Author
Thread Post new topic Reply to topic
yoshimitsu



Joined: 07 Jul 2011
Posts: 96
yoshimitsu 13 Mar 2012, 15:03
Hi there,
I was just wondering whether an address-size override prefix was even valid under 32bits, because its displacement could only address the first 0FFFFh Bytes which are reserved.
I also tried the following:
Code:
format PE GUI at 20000h
;...
mov bx,0FFFFh
mov di,2
mov eax,[bx+di+0FFFFh]    

which actually should move 'MZ' into ax, shouldn't it? It doesn't seem to work, though.

So if 16bits addressing is apparently invalid under x86, then what is the 67h-prefix for?
Under x64, addressing with such a prefix apparently doesn't change the size of the displacement, but only the registers (rax -> eax) which remains valid.
Post 13 Mar 2012, 15:03
View user's profile Send private message Reply with quote
Goplat



Joined: 15 Sep 2006
Posts: 181
Goplat 13 Mar 2012, 16:05
The 67h prefix is pretty useless in Windows, because Windows never maps memory in 00000000-0000FFFF unless you force it to. (It's still not completely invalid though: "lea eax,[bx+di+0FFFFh]" uses a 67h prefix but would not crash. With BX=0FFFFh and DI=2, it will load an effective address of 0.)

The 67h prefix was much more useful in the early days of the 386 when you would often have a mixture of 16-bit and 32-bit code in a program.
Post 13 Mar 2012, 16:05
View user's profile Send private message Reply with quote
yoshimitsu



Joined: 07 Jul 2011
Posts: 96
yoshimitsu 13 Mar 2012, 16:33
Thanks for your reply
Kind of expected 0FFFFh+0FFFFh+2 to result in 20000h, which is actually pretty dumb because then again it wouldn't be 16bits-addressing anymore..

Tried to map an exe into 0000-FFFF which doesn't seem to work. Also I've read somewhere that it'd be a protected memory area where windows maps its information.
Post 13 Mar 2012, 16:33
View user's profile Send private message Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 14 Mar 2012, 08:06
yoshimitsu wrote:
I was just wondering whether an address-size override prefix was even valid under 32bits, because its displacement could only address the first 0FFFFh Bytes which are reserved.

Windows is not the only OS that runs in 32-bit protected mode.

As for 32-bit Windows, accesses to FS segment can use 16-bit memory access since the accessible area starts at offset zero.

You can also create your own segment in 32-bit Windows (even in user mode) with legal offset of zero but this is rather tricky and undocumented.

In 64-bit Windows, if you're sure your memory is accessible using 32-bit offset, you can use the prefix too.
Post 14 Mar 2012, 08:06
View user's profile Send private message Visit poster's website Reply with quote
Fanael



Joined: 03 Jul 2009
Posts: 168
Fanael 19 Mar 2012, 09:22
yoshimitsu wrote:
I was just wondering whether an address-size override prefix was even valid under 32bits, because its displacement could only address the first 0FFFFh Bytes which are reserved.
Think about LEA.
Post 19 Mar 2012, 09:22
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.