flat assembler
Message board for the users of flat assembler.

Index > Windows > Not fully flat?

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
Code:
include 'win32ax.inc' ; you can simply switch between win32ax, win32wx, win64ax and win64wx here

section '.text' code readable executable writable

  start:
        mov ax,cs
        mov bx,ds
        add ax,8
        cmp ax,bx
        jnz _
        mov [ds:stt], byte 'H'
  _:    invoke  MessageBox,HWND_DESKTOP,stt,invoke GetCommandLine,MB_OK
        invoke  ExitProcess,0
  stt:
        db "*i! I'm the example program!"
.end start       

I ran the program and got "Hi! ...", which means that cs+8=ds.
Thus cs and ds just go to the same memory but not the same segment ...
Post 14 Jul 2015, 08:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17270
Location: In your JS exploiting you and your system
revolution
In protected mode CS and DS are selectors, not segments. Perhaps you are thinking of DOS real mode?
Post 14 Jul 2015, 09:21
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
revolution wrote:
In protected mode CS and DS are selectors, not segments. Perhaps you are thinking of DOS real mode?
I just didn't know how to make a 3-able segment
Post 14 Jul 2015, 13:09
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
If I modify [cs:stt] in win xp, it tells me that command on 0x00401000 tried to read memory on 0xffffffff illegally
Post 14 Jul 2015, 13:16
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17270
Location: In your JS exploiting you and your system
revolution
Selectors in protected mode can have different access permissions. For example CS can be execute only, and reads/writes will cause a general protection fault.

If you want to make sure your selectors are "flat" then check the base and limit fields and you will see they are 0x00000000 and 0xffffffff respectively.

But note that the paging will restrict the actual memory accesses also. You can't simply read/write/execute the entire 4GB memory space because not all memory is paged into any particular process.
Post 14 Jul 2015, 13:24
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
revolution wrote:
Selectors in protected mode can have different access permissions. For example CS can be execute only, and reads/writes will cause a general protection fault.

If you want to make sure your selectors are "flat" then check the base and limit fields and you will see they are 0x00000000 and 0xffffffff respectively.

But note that the paging will restrict the actual memory accesses also. You can't simply read/write/execute the entire 4GB memory space because not all memory is paged into any particular process.
CS should may be readable. I don't really know too much about what the base and limit
Post 14 Jul 2015, 15:02
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
I know you now that you treat "flat" as "the seen address is just the real address"
Post 14 Jul 2015, 15:17
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17270
Location: In your JS exploiting you and your system
revolution
In protected mode it is not possible to have CS == DS. It could never work because the selectors need different values to do their job. CS must be able to execute, and DS must be able to read/write. So if you say that when CS != DS that makes it non-flat then all PM OSes will be non-flat to you.

But it doesn't matter actually. If you want to insist they are all non-flat then you can. It won't affect how they function.
Post 14 Jul 2015, 16:10
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.