From: nowhere@nevernet.at   
      
   On 21/02/2022 13:13, James Harris wrote:   
      
   >>>> BUT how about   
   >>>> PM32:   
   >>>> 8B 44 24 fc     mov eax.[esp-04]  ;SP or ESP depending on seg-size ?   
   >>>> RM:   
   >>>> 67 8B 44 24 fc  mov ax,[esp-04]   ;could have an UnReal flat big stack   
      
   >>> How do you interpret those?   
   >> my disassembler do this for me.   
   > :)  I was asking what you thought they meant (in the context of   
   > different descriptor settings).   
      
   > I've been looking in to this a bit more and will have a go at it. See if   
   > you think I've got it right or not.   
      
   can't give you an A here ...   
   both of my and your example instructions use SS by default.   
      
   > Your first example:   
   > PM32:   
   >    8B 44 24 fc  mov eax.[esp-04]  ;SP or ESP depending on seg-size ?   
   > AIUI:   
   > * that will NOT use the SS segment's 'B' bit (which selects SP or ESP   
   > but does so only for /implicit/ references to the stack)   
      
   > * it will use the CS segment's D bit being set to 1 in two ways:   
   >    1) it will have adsiz as 32-bit so recognising ESP rather than SP   
   >    2) it will have opsiz as 32-bit so recognising EAX rather than AX   
      
   > * the accessible range will depend on DS.limit, not SS.limit   
   >   
   > * it will access ESP relative to DS.base, not relative to SS.base -   
   > which could be a source of significant confusion if they don't match.   
      
   My SS use a PM16 data-descriptor and my DS a Flat PM32 one.   
   No confusion detected :)   
      
   > Your second example:   
   > RM:   
   >    67 8B 44 24 fc  mov ax,[esp-04]   ;could have an UnReal flat big stack   
      
   > * again, won't use anything about the SS segment   
   > * will use CS.D=0 to recognise AX   
      
   yeah, RM uses 16 bit for AX by default, but 67 allow SIB (uses SS)   
      
   > * will use CS.D=0 and adsiz to recognise ESP   
      
   there aren't any [SP] addressing modes in RM nor in PM except   
   PUSH/POP/CALL/RET.   
      
   > * addressable range will depend on DS.limit, not SS.limit   
   > * linear address will depend on DS.base, not SS.base.   
      
   this is wrong!   
      
   > Note that it appears that the Big bit on DS (i.e. DS.B) is ignored even   
   > though the instructions access DS. Also, the base and limit and   
   > everything else from SS are ignored for those instructions.   
      
   > The findings may be unexpected (they certainly surprised me) but see the   
   > section entitled Segment Descriptors in CHAPTER 3 of PROTECTED-MODE   
   > MEMORY MANAGEMENT in Intel manuals.   
      
   such false statements are really printed in Intel docs ?   
   perhaps things changed meanwhile (40 years later) 80186/80286 books may   
   not apply to 80386++.   
      
   My AMD docs seem to follow the truth and I can confirm that all   
   [eBP/eSP]-based instructions including SIB-styled use SS.   
      
      
   >>> BTW, what happens when referring to BP or EBP as in   
   >>>   
   >>>    mov eax, [ebp + 4]   
   >>>    sub ebp, 8   
   >>>   
   >>> Does such code use the SS descriptor's B bit?   
      
   >> Yes, at least on CPUs which still support the B bit.   
      
   > Any advance on "Yes"? :)  As above, the Segment Descriptors section of   
   > the Intel manual suggests otherwise.   
      
   __   
   wolfgang   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)