Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Feb 1998 15:43:20 +1030
From:      Greg Lehey <grog@lemis.com>
To:        The Hermit Hacker <scrappy@hub.org>
Cc:        emulation@FreeBSD.ORG
Subject:   Re: wine 980215
Message-ID:  <19980216154320.42865@freebie.lemis.com>
In-Reply-To: <Pine.BSF.3.96.980216005629.261r-100000@thelab.hub.org>; from The Hermit Hacker on Mon, Feb 16, 1998 at 12:56:52AM -0400
References:  <19980216134825.02381@freebie.lemis.com> <Pine.BSF.3.96.980216005629.261r-100000@thelab.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 16 February 1998 at  0:56:52 -0400, The Hermit Hacker wrote:
> On Mon, 16 Feb 1998, Greg Lehey wrote:
>
>> Could you go back into the core and try this, please:
>
> 	Gladly :)
>
> (gdb) list
> 134         GET_FS( fs );
> 135         if (!fs) return NULL;
> 136         GET_DS( ds );
> 137         if (fs == ds) return NULL; /* FIXME: should be an assert */
> 138         /* Get the TEB self-pointer */
> 139         __asm__( ".byte 0x64\n\tmovl (%1),%0"
> 140                  : "=r" (teb) : "r" (&((TEB *)0)->self) );
> 141         return teb;
> 142     #else
> 143         if (!pCurrentThread) return NULL;
> (gdb) x/10i $eip
> 0x162835 <NtCurrentTeb+29>:     movl   %fs:(%ecx),%eax
> 0x162838 <NtCurrentTeb+32>:     leave
> 0x162839 <NtCurrentTeb+33>:     ret
> 0x16283a <NtCurrentTeb+34>:     nop
> 0x16283b <NtCurrentTeb+35>:     nop
> 0x16283c <NtCurrentTeb+36>:     xorl   %eax,%eax
> 0x16283e <NtCurrentTeb+38>:     leave
> 0x16283f <NtCurrentTeb+39>:     ret
> 0x162840 <THREAD_Ops>:  movsb  %ds:(%esi),%es:(%edi)
> 0x162841 <THREAD_Ops+1>:        subl   (%esi),%edx
> (gdb) i reg
> eax            0x27     39
> ecx            0x18     24
> edx            0x1f     31
> ebx            0x20350000       540344320
> esp            0xefbfd608       0xefbfd608
> ebp            0xefbfd608       0xefbfd608
> esi            0x10     16
> edi            0x20350070       540344432
> eip            0x162835 0x162835
> eflags         0x10283  66179
> cs             0x1f     31
> ss             0x27     39
> ds             0x27     39
> es             0x27     39
> fs             0x1f     31
> gs             0x27     39
> (gdb)

Hmm.  That wasn't quite what I was expecting.  The instruction loads a
word from code space into register eax.  It does this by loading the
fs register to the same value as cs.  Unfortunately, the address
specified (in ecx) is invalid (0x18).  This is obviously the offset of
self in the TEB structure.

I can't see how this can work on FreeBSD, since we don't map anything
in the first page of any address space.  Maybe you can figure out what
they're trying to do and write a FreeBSD version.

Greg

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-emulation" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980216154320.42865>