flat assembler
Message board for the users of flat assembler.

Index > Main > Info on Test Registers

Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Hi guys, do you know some good source of info on Test Registers (TR6, TR7)?

Particulary, I am interested in direct access to Branch Target Buffer, which should be supposedly possible via Test Registers.
Post 05 Oct 2008, 18:31
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
DJ Mauretto



Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy
DJ Mauretto
Ciao Wink
Try this http://www.jalix.org/ressources/miscellaneous/~vrac/faqsys/docs/pentium.txt
Test registers tr0 tr7 (386/486) don't exist anymore,in this document
there are model specific registers of pentium among them are 12 test registers
I do not think that standard.

_________________
Nil Volentibus Arduum Razz
Post 05 Oct 2008, 19:44
View user's profile Send private message Reply with quote
DJ Mauretto



Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy
DJ Mauretto
Read 10.6.2 section of intel386 manual for original test registers TR6 TR7 Wink
http://www.x86.org/intel.doc/386manuals.htm

_________________
Nil Volentibus Arduum Razz
Post 06 Oct 2008, 09:36
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
I asked Agner Fog about this, and he told me direct access to BTB is only possible on old pentiums.
Post 06 Oct 2008, 10:24
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
tom tobias



Joined: 09 Sep 2003
Posts: 1320
Location: usa
tom tobias
vid wrote:
...I am interested in direct access to Branch Target Buffer...
My understanding is that access to the BTB is sought in those situations in which one seeks to identify the out of order sequence of instructions, i.e. dynamic execution. I am unable to comprehend how the quest for that information relates to UEFI. Does some malware seek to disrupt the normal sequence of issuance of instructions?

Confused
Post 06 Oct 2008, 11:40
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
Does some malware seek to disrupt the normal sequence of issuance of instructions?

No... I don't want to talk about this too much now, it's just an idea I will try to follow. Some time later i will publish all the stuff ready for pleasant reading.
Post 06 Oct 2008, 16:52
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
IceStudent



Joined: 19 Dec 2003
Posts: 60
Location: Ukraine
IceStudent
vid wrote:
Particulary, I am interested in direct access to Branch Target Buffer, which should be supposedly possible via Test Registers.

Why not to use the MSR registers for it? You can to do it even in ring-3, via the NtSystemDebugControl(SysDbgReadMsr).
Post 16 Oct 2008, 18:25
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
IceStudent wrote:
Why not to use the MSR registers for it?
The reason is that any processor with test registers does not also have MSRs. I don't recall the exact change over point but the 80386 has test registers and the Pentium (and up) have MSRs. Somewhere in between the two the TRs were replaced with MSRs and they never existed together in the same CPU.
Post 16 Oct 2008, 23:31
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.