flat assembler
Message board for the users of flat assembler.

Index > Main > Access Violation problem

Author
Thread Post new topic Reply to topic
DarkLordTed



Joined: 25 Nov 2017
Posts: 14
DarkLordTed 02 Dec 2017, 23:48
I write a DLL. In code segment declaration is:
section '.code' code readable writeable executable

Into OllyDbg this row cause access violatio:
mov byte [cs:.m1+00000001h], (.a1 - .m1) + 02h

For me the reason is unknown. The message is:
Access violation when reading [FFFFFFFF], but on this row I do not read anything.
Please help!
Post 02 Dec 2017, 23:48
View user's profile Send private message Reply with quote
alexfru



Joined: 23 Mar 2014
Posts: 80
alexfru 03 Dec 2017, 04:04
Writing to memory through a code segment selector is not allowed. Why is there the CS segment prefix?
Post 03 Dec 2017, 04:04
View user's profile Send private message Reply with quote
DarkLordTed



Joined: 25 Nov 2017
Posts: 14
DarkLordTed 03 Dec 2017, 11:16
Is this really true? In real mode this is not a problem. Also why can set section '.code' to writeable when is not possible to write into it? Is it possible to set ES = CS and then mov byte [es:.m1+00000001h], (.a1 - .m1) + 02h
Post 03 Dec 2017, 11:16
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20445
Location: In your JS exploiting you and your system
revolution 03 Dec 2017, 11:51
In Windows in terms of addressing ranges CS == DS == ES always. You won't need any segment override prefixes unless you are doing something unusual with the TEB/PEB that uses FS.

You can't simply use "mov ds,cs" though, because in protected mode the actual values of CS and DS are different, but the scope of what they select is the same.
Post 03 Dec 2017, 11:51
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8358
Location: Kraków, Poland
Tomasz Grysztar 03 Dec 2017, 13:34
DarkLordTed wrote:
Is this really true? In real mode this is not a problem.
The fundamental difference between real and protected mode is exactly the protection mechanism (as the name implies), which enforces the permissions set up by structures like descriptor tables and page tables.

The original protected mode, as introduced by 80286, had no paging and all the protections were defined per segment. In protected mode the value you loaded into segment register was called selector and it defined an index in the descriptor table where the detailed information on the segment was set up. It included not only the base address of the segment, but also the limit (which defined how large the segment was, enabling protection against accessing any bytes outside of the defined area) and the permissions. The selector that was set up for CS would allow to execute the bytes as instructions, but would not allow to modify them. The data selector, intended to put into DS or ES, would allow writing but not execution.

Then 80386 came, and next to 32-bit addressing it also allowed paging, and setting up access permissions per page. This quickly led to the abandonment of segmentation, as you could set up all selectors to encompass entire flat 4 GiB addressing space and instead use page attributes to manage permissions on various area of memory.

When you declare section with attributes like "writeable" or "executable" you are setting up permissions on the pages that make up the section. But in addition to that you still have an old-school selector in CS that defines a segment that can be used to execute, but not to write. However, since both CS and DS are defined to encompass an entire flat addressing space starting from 0, you can safely use DS instead of CS on the same address to access exactly the same area of memory but through a different selector, the one that would allow you to write.
Post 03 Dec 2017, 13:34
View user's profile Send private message Visit poster's website Reply with quote
DarkLordTed



Joined: 25 Nov 2017
Posts: 14
DarkLordTed 03 Dec 2017, 14:05
Thank you to all of you, again!
Post 03 Dec 2017, 14:05
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.