Index
> Main > ia32e consditional jumpsGoto page 1, 2 Next |
| Author |
|
|
Goplat 13 Mar 2010, 19:32
If your program's code is smaller than 2GB, then any Jcc you make in it is guaranteed to be within range. If your program's code is larger than 2GB, you need to ask yourself "What the hell am I doing?".
 |
|||
13 Mar 2010, 19:32 |
|
|
a115433 13 Mar 2010, 20:45
virtual address space is 64 bit. (48 bit in canonical form, but it can be expanded to 64 in future).
i for example allocate memory from heap, so system can give me any address from 0 to 0x7FFFFFFFFFFFFFFF. and thats 63 bits of space, i can access only 31 with jcc. why you assume my program cant be > 2 GB? todays games use 1GB++ of ram just to store objects (AC2 recommended ram is 2GB). Is there something i dont know? |
|||
|
13 Mar 2010, 20:45 |
|
|
Fanael 13 Mar 2010, 21:50
Most of these data are... um, well... data. I have yet to see two gigabytes of code.
|
|||
|
13 Mar 2010, 21:50 |
|
|
a115433 13 Mar 2010, 21:52
while you are waiitng to see 2 giga app, i am waiting for explanation and more important, SOLUTION if any exist to this problem.
|
|||
|
13 Mar 2010, 21:52 |
|
|
LocoDelAssembly 13 Mar 2010, 22:31
Quote:
Run-time generated code? The range of memory you say is right, but still if the block of generated code is below 2GB in size you could still use jcc without problems (and the limit is actually 4 GB, but only a jcc in the middle of the block has that broad range). |
|||
|
13 Mar 2010, 22:31 |
|
|
a115433 13 Mar 2010, 22:56
no, the range is 4 GB.
limit is 2 GB, on each side. you wont reach byte beyond. Quote: but still if the block of generated code is below 2GB so in order to do simple jcc jump, i must check is requested memory is within range? i would prefer not to worry about it, just calculate jump and execute it. now, i have to substract address of next instruction from jumps destination, check if highest 32 bits are extension of bit 31, and if they are, jump. if they not - thor error and not jump. Dont forget that in order to do this check, i must use conditional jump, wich is unacceptable. Why would i assume that next few instruction is within 2 giga rande? Its pathetic, at least in my opinion. I cant JCC in ia32e mode. Oh well, good that they didnt screw up cmovcc instruction. i cal load r* and jump anyway. value loaded would depend on condition. if met - handler. i htink they did it to enforce us to using cmovcc's. Code: use64 call qword [someting] test rax,rax mov rax,default_code mov rbx,error_handler cmovz rax,rbx jmp rax default_code: error_handler: welcome to ia32e world! |
|||
|
13 Mar 2010, 22:56 |
|
|
LocoDelAssembly 13 Mar 2010, 23:02
You quoted me wrong, finish it with "in size" as I've wrote in my post.
Quote:
So, if RIP is 0x1000000000000000, where is the problem in accessing from 0x0FFFFFFF80000000 to 0x1000000080000000? |
|||
|
13 Mar 2010, 23:02 |
|
|
a115433 13 Mar 2010, 23:13
yes you can access it:
actually its off by 5 bytes, because if rip is 0x1000000000000000, and jcc specify 4 byte jump, start address is 0x1000000000000005 (next instruction). so you can jump from RIP = 0x1000000000000000 to: 0x0FFFFFFF80000005 <> 0x1000000080000004 because: 0x1000000000000005 + 0x000000007FFFFFFF = 0x1000000080000004 0x1000000000000005 - 0x0000000080000000 = 0x0FFFFFFF80000005 but if 48 bit address bus is used, only 48 sign extended addreses can be accesed. if jump will reach beyond that - i guess general protection will fire. or page fault, my guess is GPF. |
|||
|
13 Mar 2010, 23:13 |
|
|
LocoDelAssembly 13 Mar 2010, 23:59
RIP != $
 (RIP is documented as address of next instruction)
I still can't see the problem, for me, not matter where your 2 GB block is allocated, Jcc will always cover it all (except in the case it is placed in the last 6 bytes of the block, in that case you can jump backwards to block offset 6 maximum). |
|||
|
13 Mar 2010, 23:59 |
|
|
a115433 14 Mar 2010, 00:22
it doesnt matter where my 2 GB code is, but rather if my code exceed 2 GB.
Or if system will allocate memory for me with a range of 2 GB (no rule say it cannot, i have 63 bits of virtual address in userland, and even this is not a rule. windows for example allow 3:1 in ia32 mode.) And dont forget about systems where i use only ring0, i want to access all pieces of code, no matter where am i! i will go with cmovcc, its without this flaw. and also displacement is STILL 32 bits. if ihave a pointer in register, i can only displace it by 32bits, so instruction: mov rax,[rcx+DISP32] will still have range of 32 bits. Last edited by a115433 on 14 Mar 2010, 00:27; edited 1 time in total |
|||
|
14 Mar 2010, 00:22 |
|
|
baldr 14 Mar 2010, 00:27
a115433,
cmovcc can jump somewhere? |
|||
|
14 Mar 2010, 00:27 |
|
|
a115433 14 Mar 2010, 00:30
baldr wrote: a115433, not directly, i gave example. Code: call qword [someting] test rax,rax ;check if its 0, or any other condition instruction. mov rax,default_code ;default code mov rbx,error_handler ;handler of error cmove rax,rbx ;if rax was 0 (mov dont touch flags) default handler (in rax) is replaced with error handler (in rbx) jmp rax ;jump to handler, or default code default_code: error_handler: |
|||
|
14 Mar 2010, 00:30 |
|
|
baldr 14 Mar 2010, 00:40
a115433,
Code: test rax, rax jnz @f mov rax, error_handler jmp rax @@: 2+ GiB of code? Hmmm… |
|||
|
14 Mar 2010, 00:40 |
|
|
revolution 14 Mar 2010, 01:40
a115433: You are arguing in the wrong place. Talk to AMD or Intel and get them to fix the problem. None of us here can help you, the assembler cannot fix the CPU limitations.
And I seriously doubt you have 2GB+ of code. Nobody has that much code (not even asmcoder has that much code). It is a non-issue. Unless you do something stupid like this Code: mov rax,... cmp rbx,rcx je A_long_WAY_forward jmp backwards rb 3 shl 30 ;3GB of data? A_long_WAY_forward: mul r14 ;...  Last edited by revolution on 14 Mar 2010, 03:15; edited 1 time in total |
|||
|
14 Mar 2010, 01:40 |
|
|
godomega 14 Mar 2010, 03:03
If you're not jumping across different pages I don't see how you could get into any trouble.
Anyway for whatever practical purposes absolute jumps may have, I use this for detouring API.: PUSH <Absolute Address> RET As I can't guarantee if other applications are in my 2 GB boundary. |
|||
|
14 Mar 2010, 03:03 |
|
|
revolution 14 Mar 2010, 03:19
godomega wrote: If you're not jumping across different pages I don't see how you could get into any trouble.
You would need this instead: Code: mov rax,<Absolute Address> push rax ret |
|||
|
14 Mar 2010, 03:19 |
|
|
godomega 14 Mar 2010, 12:43
Quote: Except that push const is also limited to signed 32 bits values. |
|||
|
14 Mar 2010, 12:43 |
|
|
a115433 14 Mar 2010, 12:44
Code: test rax, rax jnz @f mov rax, error_handler jmp rax @@: Quote: Indirect jmp can be used too. why you assume that range between jnz and @@ is < 2 GB? i can patch this code, and it will crash. simple address fix wont solve this problem, and i will have to use another solution. Quote: Talk to AMD or Intel and get them to fix the problem. hardware is alreade released, too late 
Quote: Nobody has that much code (not even asmcoder has that much code). yeah, and 640 kilo RAM is enough for everyone! Quote: In which case the push rax and ret can just be substituted with jmp rax. in my opinion, using stack to solve those issues is just lame. And in ia32e mode, when you have NULL SS upon each interrupt, its really great to use stack, even if your code doesnt need it, just to jump. |
|||
|
14 Mar 2010, 12:44 |
|
|
revolution 14 Mar 2010, 12:48
a115433 wrote:
But hey, why not complain about the lame 64bit address limitation, those noobs at Intel and AMD don't know what they a doing, lozerz.  |
|||
|
14 Mar 2010, 12:48 |
|
| Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|