flat assembler
Message board for the users of flat assembler.
Index
> Compiler Internals > Bug in mov to/from control register |
Author |
|
Tomasz Grysztar 02 Mar 2020, 21:38
Probably CR9 should not be allowed at all here. Looking at recent AMD manuals I see that only CR8 has ever been documented for F0-prefixed variant.
|
|||
02 Mar 2020, 21:38 |
|
revolution 02 Feb 2023, 10:20
Intel manuals mention that cr8 is not encodable in 32-bit mode.
https://www.felixcloutier.com/x86/mov-1 |
|||
02 Feb 2023, 10:20 |
|
Tomasz Grysztar 02 Feb 2023, 10:29
That's because this is an AMD-specific feature.
AMD64 Architecture Programmer’s Manual Volume 3 wrote: CR8 can be read and written in 64-bit mode, using a REX prefix. CR8 can be read and written in all modes using a LOCK prefix instead of a REX prefix to specify the additional opcode bit. To verify whether the LOCK prefix can be used in this way, check for support of this feature. CPUID Fn8000_0001_ECX[AltMovCr8] = 1, indicates that this feature is supported. |
|||
02 Feb 2023, 10:29 |
|
Roman 02 Feb 2023, 12:05
Windows 10 CPU AMD Ryzen 3500
I try this. Fasmw 1.73 compiled ok. Code: lock mov rax,cr15 ;this crash. IDA Pro show priveleged instruction mov rax,cr15 ;this crash. mov rax,cr0 ;funny IDA Pro show mov rax,cr8d |
|||
02 Feb 2023, 12:05 |
|
revolution 02 Feb 2023, 12:43
All the CR0...CR15 require PL=0.
You need kernel code to execute them. And CR15 doesn't exist anyway, so even PL=0 isn't going to work for that. |
|||
02 Feb 2023, 12:43 |
|
Roman 02 Feb 2023, 17:27
What is PL = 0?
How set PL to 0 ? |
|||
02 Feb 2023, 17:27 |
|
revolution 02 Feb 2023, 17:36
Privilege level 0. The kernel code.
If you use Windows then you need a kernel mode driver. Or hack the kernel binaries. You can't get there from user code, unless you can find a vulnerability. |
|||
02 Feb 2023, 17:36 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.