8086 段选择器
是否有一些“主管”位不让“用户空间”做类似的事情
mov CS, 200h
有什么样的保护?
Is there some "supervisor" bit to not let the "user space" do something like
mov CS, 200h
What kind of protection is there?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在实际 8086 CPU 上?不。高级保护功能直到 80286 才真正开始出现。在 8086 上,对于哪些程序可以将代码段设置为没有限制。
使用段寄存器(在实模式下),没有保护或虚拟内存,并且物理地址是通过简单的移位和加法计算出来的。例如,
1234:5678引用物理地址179B8,如下所示:在保护模式下,
CS中的值(和DS< /code>、ES等)从段寄存器更改为选择器,并且它们必须在描述符表中拥有条目(例如,全局GDT< /code> 或本地LDT)。选择器用于查找相关表中的条目并检索基地址、大小、保护等内容。
我不认为是加载到选择器寄存器导致了违规。相反,它是使用高于您的权限级别的选择器(或其他事情,例如尝试访问超出块末尾的内存)。
对于 CS,在您更改它后(当您尝试执行下一条指令时),这种情况会很快发生。其他寄存器可能需要更长的时间才能出现故障,因为您可能不会立即使用它们。
请记住,像
mov cs, 200h这样的指令,即使它存在,也会是一种相当奇怪的方式来实现jmp(就像任何独立于ip更改cs的指令一样)。它需要您确保要转移控制的代码在目标选择器引用的内存中具有非常特定的偏移量,因为
ip不会被该指令更改(当然,超出了顺序执行时通常发生的正常小增量)。On the actual 8086 CPU? No. The advanced protection features only really started appearing with the 80286. There were no restrictions on what programs could set the code segment to on the 8086.
With segment registers (in real mode), there were no protections or virtual memory, and the physical address was calculated by a simple shift and add. For example,
1234:5678referred to physical address179B8as per:In protected mode, the values in
CS(andDS,ES, and so on) changed from segment registers to selectors and they had to have entries in a descriptor table (eg, the globalGDTor localLDT).The selector was used to look up an entry in the relevant table and retrieve things like base address, size, protections, and so on.
I don't think it was the loading into a selector register that caused the violations. Rather it was the use of a selector above your privilege level (or other things, like trying to access memory beyond the end of the block).
For CS, that would happen pretty quickly after you changed it (as you tried to execute the next instruction). Other registers may take longer to fault because you may not use them straight away.
Just keep in mind that an instruction like
mov cs, 200h, even if it existed, would be a rather strange way to effect ajmp(as would any instruction that changedcsindependently ofip).It would require you to ensure the code you wanted to transfer control to had a very specific offset in the memory referenced by the target selector since
ipwould not be changed by that instruction (beyond the normal small increment that normally happens with sequential execution, of course).