- 论坛徽章:
- 0
|
labelcallgatecode32:
descriptor labelcallgatelen - 1, 0000h,00h, ACER | AC_D ,00h
不能访问
是不是我的cpl和rpl设置出错了?
特权0时的cpu状态:
特权3时候的cpu:
- [section .s321]
- [BITS 32]
- pt:
- jmp $
- nop
- nop
- mov ax , gdt_ss_sel
- mov ss , ax
- mov esp , 512
- mov ax , data32_sel
- mov es , ax
- mov si , (80 * 5 + 10) * 2
- mov byte [es:si] , 'W'
- inc si
- mov byte [es:si] , 01101100b
- mov si , (80 * 7 + 18) * 2
- mov byte [es:si] , 'L'
- inc si
- mov byte [es:si] , 01101100b
- ;load ldt
- mov ax , ldt_sel
- lldt ax
- mov si , (80 * 7 + 19) * 2
- mov byte [es:si] , 'L'
- inc si
- mov byte [es:si] , 01101100b
- mov ax , tss_sel
- ltr ax
-
- ;jmp ldtcode32_sel:0
- ;
- ;修改特权级为3
- jmp $
- nop
- nop
- mov eax , 512
- push stack2_sel
- push eax
- push ldtcode32_sel2
- push 0
- retf
- JMPREAL:
- jmp dword code16_sel:0
- ptlen equ $ - pt
- ;end of [section .s321]
- ;use ldt jump ldtpt
- ;特权级别为3
- [section .s322]
- [BITS 32]
- ldtpt:
-
- mov ax , 01234h
-
- push ax
- pop ax
- call call_gate32_sel:0
- ;这里设置成了直接调用而 不是间接调用门去访问
- ;call labelcallgatecode32_sel:0
- mov ax , 3456h
- call call_gatecode32tocode16_sel:0
- ldtptlen equ $ - ldtpt
- ;end of [section .s322]
- [section .callgate32]
- [BITS 32]
- ;0级权限,但是通过gate能被ldtpt这个3级权限的code segment调用
- labelcallgate:
- mov ax , data32_ldt_sel
- mov es , ax
-
- mov si , (80 * 8 + 1) * 2
- mov byte [es:si] , 'C'
- inc si
- mov byte [es:si] , 01101100b
- ;retf
- call call_gatecode32tocode16_sel:0
- labelcallgatelen equ $ - labelcallgate
- ;end of [section .callgate32]
- [section .s162]
- ;----------------------------- ldt --------------------------------------
- [section .ldt]
- [BITS 16]
- LABEL_LDT:
-
- ;这里为什么DPL要于RPL一样呢?
- ldtcode32:
- descriptor ldtptlen - 1,0000h,00h,ACER | AC_D + DA_DPL2 ,00h
- ldtcode32_sel3 equ ldtcode32 - LABEL_LDT + SA_TIL + RA_RPL3
- ldtcode32_sel2 equ ldtcode32 - LABEL_LDT + SA_TIL + RA_RPL2
- ldtcode32_sel0 equ ldtcode32 - LABEL_LDT + SA_TIL
- ;调用门目标段代码
- labelcallgatecode32:
- descriptor labelcallgatelen - 1, 0000h,00h, ACER | AC_D ,00h
- labelcallgatecode32_sel0 equ labelcallgatecode32 - LABEL_LDT + SA_TIL
- labelcallgatecode32_sel3 equ labelcallgatecode32 - LABEL_LDT + SA_TIL + RA_RPL3
- data32_ldt:
- descriptor 0ffffh,0000h,00h,ADRW ,00h
- data32_ldt_sel equ data32_ldt - LABEL_LDT + SA_TIL
- data32_ldt_sel3 equ data32_ldt - LABEL_LDT + SA_TIL + RA_RPL3
- call_gate32:
- gate 0000h , labelcallgatecode32_sel0 , 00h , GA_386CALL + DA_DPL3 ,0000h
- call_gate32_sel equ call_gate32 - LABEL_LDT + SA_TIL
-
- ;call_gatecode32tocode16:
- ; gate 0000h , code16_sel , 00h , GA_386CALL ,00h
- ; call_gatecode32tocode16_sel equ call_gatecode32tocode16 - LABEL_LDT + SA_TIL
-
- call_gatecode32tocode16:
- gate 0000h ,backcode32_sel , 00h , GA_386CALL ,0000h
- call_gatecode32tocode16_sel equ call_gatecode32tocode16 - LABEL_LDT + SA_TIL
-
- backcode32:
- descriptor 0ffffh,0000h,00h,ACER | AC_D,00h
- backcode32_sel EQU backcode32 - LABEL_LDT + SA_TIL
- LDTLEN equ $ - LABEL_LDT
- ldtlen equ $ - LABEL_LDT
- ;end of [section .ldt]
复制代码
|
|