Two bugs related to cs: addressing

Index > Compiler Internals > Two bugs related to cs: addressing

Author

Thread

MazeGen

Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia

MazeGen 22 Feb 2007, 09:45

In 32-bit protected mode, in readable code segment, or in 64-bit mode, where the code segment is treated readable, the following instruction is valid:

Code:

format PE

section '.text' code readable executable

cmp cs:[eax],ebx

Quote:

flat assembler version 1.67.21 (494689 kilobytes memory)
cmp_cs.asm [6]:
cmp cs:[eax],ebx
error: invalid operand.

Code:

use64

cmp cs:[eax],ebx

Quote:

cmp cs:[eax],ebx
error: invalid operand.

In 64-bit mode, the following instruction is valid because code segment is treated writable:

Code:

use64

mov cs:[eax],ebx

Quote:

mov cs:[eax],ebx
error: illegal instruction.

22 Feb 2007, 09:45

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8427
Location: Kraków, Poland

Tomasz Grysztar 22 Feb 2007, 10:50

fasm's syntax is:

Code:

mov [cs:eax],ebx

22 Feb 2007, 10:50

MazeGen

Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia

MazeGen 22 Feb 2007, 11:24

Then, this instruction gets assembled, but it is always illegal in its context:

Code:

format PE

mov [cs:eax],ebx

22 Feb 2007, 11:24

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8427
Location: Kraków, Poland

Tomasz Grysztar 22 Feb 2007, 11:33

Not necessarily illegal. Note that you can run PE files under DOS with an extender like WDOSX, and you may be able to modify your code segment descriptor using DPMI functions in such context, etc. etc.

And also: fasm isn't really supposed to check whether instruction can execute properly - it just ensures that instruction can be encoded properly.

22 Feb 2007, 11:33

MazeGen

Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia

MazeGen 22 Feb 2007, 11:43

1) Is there really any way how to make code segment writable, since there is no bit in the descriptor to mark it writable?

2) LEA EAX, EAX can be also encoded properly, but fasm doesn't accept it.

22 Feb 2007, 11:43

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8427
Location: Kraków, Poland

Tomasz Grysztar 22 Feb 2007, 12:00

MazeGen wrote:

1) Is there really any way how to make code segment writable, since there is no bit in the descriptor to mark it writable?

Well, you could even make some kind of extender based on my 32-bit unreal mode driver, which would use PE format (however stupid that idea might be). These are just examples to show that assembler shouldn't put constraints on how the generated code will be used.

MazeGen wrote:

2) LEA EAX, EAX can be also encoded properly, but fasm doesn't accept it.

There's no such instruction (even though there is such encoding). It cannot then be encoded properly, since it doesn't exist.

22 Feb 2007, 12:00

MazeGen

Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia

MazeGen 22 Feb 2007, 12:42

Ok, I got it, thanks Tomasz.

22 Feb 2007, 12:42

f0dder

Joined: 19 Feb 2004
Posts: 3174
Location: Denmark

f0dder 22 Feb 2007, 13:42

You can make the code section of memory writable, sure, but you can't write to [cs:whater] afaik... still, no reason that fasm shouldn't assemble the instruction, though Smile

22 Feb 2007, 13:42

rugxulo

Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)

rugxulo 22 Feb 2007, 18:42

Eh? Maybe I'm too dumb to understand (okay, I definitely am) but ...

Code:

use32
lea eax,[eax]

ndisasm -b32 wrote:

00000000 8D00 lea eax,[eax]

22 Feb 2007, 18:42

MazeGen

Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia

MazeGen 22 Feb 2007, 19:13

lea eax, eax (8DC0) is different from lea eax, [eax] (8D00)

22 Feb 2007, 19:13

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum