Saturday, March 26, 2011

x86 architecture specifics


Some basic information that might be useful to someone working in security:
  • SDT(Segment Descriptor Table)
    • GDT(Global Descriptor Table)-OS code and data segments that are not specific to any process
    • SDT(Segment Descriptor Table)-process specific segments
    • GDTR and LDTR are registers that hold pointers to these tables in memory
    • segment descriptor has: Descriptor Table(13 bits), Table selector-GDT or LDT(1 bit), Requester's priv. Level(2 bits)
  • "int <offset>"-x86 soft interrupt instruction, 2e used by windows for syscall, OLD METHOD used by WinNT
  • has kernel and usermode stacks
  • Windows NT:
    • IDT(Interrupt Descriptor Table) contains interrupt gates
    • Interrupt Gate-contains index into GDT and ISR offset into a code segment
    • uses 8 byte gate descriptor, stored in IDT
    • ISR looks @ EAX for syscall number and passes params to respective functions

No comments:

Post a Comment