Segment-registers’ hidden bits
A look at how segmentation
attributes are cached within the
CPU’s segment-registers
CPU segment-registers
16-bits
CS
Hidden portion of CS
SS
Hidden portion of SS
DS
Hidden portion of DS
ES
Hidden portion of ES
FS
Hidden portion of FS
GS
Hidden portion of GS
TR
Hidden portion of TR
LDTR
Hidden portion of LDTR
GDTR
GDTR
IDTR
IDTR
“Hidden” part of segment-registers
selector
segment base
segment limit
access
rights
The “invisible” parts of a segment-register
The programmer-visible part of a segment-register
Real-Mode Addresses
Logical Address:
segment
offset
x16
+
While in Real-Mode, the
memory-segments are
all 64-kilobytes in size
(and readable/writable)
Physical Address:
Operand’s effective address
Protected-Mode Addresses
Logical Address:
segment-selector
segment-offset
Segment Descriptor Table
descriptor
descriptor
Segment Base-address
descriptor
(also Segment-Limit
and Access Rights)
+
Validity is
checked
by CPU
descriptor
Physical Address:
Operand’s effective address
Segment-Descriptor Format
63
32
Base[31..24]
RA
D
CR
Limit
GDSV
P P SX / / A
[19..16]
VL
L
DW
Base[15..0]
31
Base[23..16]
Limit[15..0]
0
Several instances of this basic ‘segment-descriptor’ data-structure will occur in
the Global Descriptor Table (and maybe also in some Local Descriptor Tables)
EM64T TSS/LDTR descriptors
127
96
Reserved (must be 0)
base[
offset[63..32]
63..32 ]
Base[31..24]
base[ 31.. 24 ]
(if S=0)
A
D
CR
Reserved
limit
GDLV
P P 0 X Type
/ /
(must be
[19..16]
0)
L
L
DW
base[ 15..0 ]
31
base[ 23.. 16 ]
limit[15..0]
0
Type: 1010 = LDT descriptor, 1001 = available TSS, 1011 = busy TSS
48-bit Register-Format
47
16 15
0
Segment Base-Address
Segment
Limit
32 bits
16 bits
EM64T 80-bit Register-Format
79
16 15
Segment Base-Address
64 bits
0
Segment
Limit
16 bits
Intel instruction-format
maximum instruction-length equals 15 bytes
prefixes
opcode
address
mode
address
displacement
1, 2, or 3
bytes
0, 1, or 2
bytes
0, 1, 2, or 4
bytes
address
displacement
0, 1, 2, 4, or 8
bytes
Prefix bytes are used to ‘override’ the processor’s current default settings:
(1) selection of memory-operand segment-register
(2) current default setting of operand’s width
(3) current default setting of address’s width
Or to modify the way in which the subsequent instruction will execute:
(4) lock the bus for duration of instruction’s execution
(5) conditionally reexecute a string-instruction
(6) provide extra operand-selection bits (IA-32e mode)
Mode-r/m and SIB bytes
7
6 5
mod
7
3 2
reg
6 5
scale
0
r/m
3 2
index
0
base
‘hangdemo.s’
• This program shows why ‘illegal’ values
left in the FS and GS segment-registers
can cause our demo-programs to ‘hang’
when leaving ‘protected-mode’ and then
attempting to execute some ROM-BIOS
service-functions