这样做在保护模式下一个间接远跳转/调用 [英] Doing a indirect far jump/call in protected mode
问题描述
如何执行在保护模式下的间接远跳转/调用?首先,我在想,这样做是允许的:
How do I perform an indirect far jump/call in protected mode? First I was thinking that doing this is allowable:
jmp 0x10:eax;
(不要担心我GDT的段selector..the第二项是有效的code段)
(Don't worry about the segment selector..the 2nd entry of my GDT is a valid code segment)
但是,当NASM组装它,这是一个语法错误。纵观英特尔(指令集)手册的书2A,它只能使用 JMP ptr16完成:32
,其中 ptr16:32
是一个立即值,或使用 JMP M16:32
,其中 M16:32
是包含48位跳跃地址(16:32)的存储器位置
But when nasm assembled it, it was a syntax error. Looking at the Book 2a of the Intel (instruction set reference) manual, it can only be done using jmp ptr16:32
, where the ptr16:32
is an immediate value, or using jmp m16:32
, where the m16:32
is a memory location containing the 48-bit jump address (the 16:32).
现在我试图连接code这种方式:
Now I tried to encode it this way:
mov dword[ds:jumpaddress_offset],eax
; or just dword[jumpaddress_offset],eax
mov word[ds:jumpaddress_sel],0x10;
; or just mov word[ds:jumpaddress_sel],0x10;
jmp dword far [dword ds:jumpaddress];
...
jumpaddress:
jumpaddress_sel dw 0
jumpaddress_offset dd 0
据组装成功,但是当我试图运行它的处理器获得一个一般性保护错误并重新启动。我不知道发生了什么。
It assembled successfully, but when I tried to run it the processor gets a general protection fault and restarts. I don't know what happened.
我假设的编码是这样的:
I assumed the encoding is like this:
(比如我想跳为0x10:0x8010使用间接跳转)
(for example I want to jump to 0x10:0x8010 using indirect jump)
dw 0x10
dd 0x8010
这可能是什么问题呢?
难道48位的内存值应美元的小尾数C $ CD?
而且它应该是codeD这样?
What could be the wrong with this? Is it that the 48-bit memory value should be coded in little endian? And should it be coded like this?
;0010 0000 8010
dd 0x10,0x80,0,0,0x10,0
我还没有尝试过做最后一个。
I haven't tried doing the last one.
推荐答案
一个常用的伎俩是使用远RET效仿跳跃,如:
A frequently used trick is to emulate the jump using a far ret, such as:
push 0x10
push eax
retf
这篇关于这样做在保护模式下一个间接远跳转/调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!