segment base address in window9x system

HI,all,happy new year!

I have a dirty straightforward question.

I use a simple programm(not important for this question) in vc6.0 and i debug it and find the segments are these numbers:

CS = 015F DS = 0167 ES = 0167
SS = 0167

i know basics of protected mode and i know numbers above are segment selector pointing to the DGT OR LGT as index.

Once Nietod said all segments point to 0x00000000 in win9x 'cause it uses flat memory address by page mechanism.

But i feel curious  if that is true ,then 0167 = 0157 in the descritor table?

my question is how to find the bass address of a segment programmatically or use a tool in the virtual 32bits flat memory?

ie: the base address  of descriptor structure of DS or CS etc. in the LDT OR GDT.

or in other words.
in win9x,if all segments begin at the same addresss 0x000000?
here not include some specifi purpose segment,i just refer to DS,ES,CS ,SS etc.

I wanna know if nietod is right,so i must find what base address in GDT OR LDT a segment selector number points,like 167 etc....
Please comments more before your answer 'cause i need better solution and wide advices ,i'm very very urgent regarding this!!!!!!!!!!!!!!!!!!!!!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

>> Once Nietod said all segments point to
>> 0x00000000 in win9x 'cause it uses flat
>> memory address by page mechanism
Not all, but all used directly by a 32 bit program.  (if the 32 bit program calls a 16 bit driver, then some segments, like the code segment for sure, will switch to 16 bit segments that most likely don't start at 0.

You should see that your program uses only two selectors.  In this case 167h is used for all of you data segments and 15Fh is used for the code segment.  Bot indicate the same memory addresses, (0 to FFFFFFFFh) the difference is that the code segment descriptor has a flag set to indicate that the segment is read-only and executable and the data segment does not.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Starting with the selectors, the selectors have 3 parts.  The high 13 bits are an index into the descriptor table, bit 2 is a flag that indicates which descriptor table is to be used (1 for LDT and 0 for GDT), bits 0 and 1 form a 2 bit number that indicate the requested priviledge level to be used with the selector (this is used to decrease access rights to a segment, it can't be used to increase them, but that's getting off topic.)

So your two selectors break down as follows.
CS = 15Fh = 101011111b
index = 101011b = 43
table = 1 = LDT
RPL = 11 = least privildeged

DS = 167h = 101101111b
index = 101100b = 44
table = 1 = LDT
RPL = 11 = least privildeged

>> i feel curious  if that is true ,then 0167 = 0157
>> in the descritor table?
As you can now see--no.  They are adjacent entries 15F is entry 43 (44th entry) and 167 is entry 44 (45th entry).  but that should be expected, as I said at the start, the code segment needs a descriptor that indicates the segment is executable and the data segments (usually) need a descriptor that indicate the segments are writable, so they have to be different descriptors.

The next step you have to do yourself, I'll describe what you have to do.

Using a debugger get the 44th adn 45th entries from the LDT.  These entries are 64 bits and regratabely have an terrible format (due to changes that occured over time).  If we look at the numbers in terms of bytes (7 is the most significant (highest) byte and 0 the least significant (lowest) byte) its not to bad.

The segment base address is formed (most significant to least significant) from Bytes 7, 4, 3, 2.  That is a 32 bit number and should be 0 in both descriptors.  (or at least the same in both descriptors, it could be higher than 0, bit I believe it will be 0.)

The segment limit is formed by The low 3 bits of byte 6 and bytes 1 and 0.  This forms a 19 bit number.  This should be 7FFFF (all bits set).  Now the segment limit is the length of the segment.  This length is obviously short of 4Gig, the supposed length of these segments.  This is because the high bit of byte 6 indicates the granularity.  If it is set to 1, as it should be for both of these decriptors, it means the length is expressed in terms of 4K pages, not bytes.  So the length will be 4 Gig.

Does that answer your question?  Let me know if you have any questions.
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

binarydreamAuthor Commented:
I increase the points because I want to ask in more details.That 's all ,150 ,I have,thus i can not provide more.
thank you and hope you bear:-)

>>then some segments, like the code segment for sure, will switch to 16 bit segments that most likely don't start >>at 0.

1.Would you please tell me why 16 bit segment dont start at 0 ?
What's differences between 16bit program and 32bits program in essence?

>>Both indicate the same memory >>addresses, (0 to FFFFFFFFh) the >>difference is that the code segment >>descriptor has a flag set to indicate >>that the segment is read-only and >>executable and the data segment does >>not

2.So ,do you mean all segments point to the same base address 0x00000000 if it's 32bits program?

3.a silly  question.if the question 2 above is yes,does this feature(I mean all begin at 0x00000000) provide by CPU or specify by OS or compiler?
Can i change the base address?

4:Sorry,would you please tell me where can I download a debugger .I dont have and I can not try your suggestion:(

Thank you ,nietod.
If you think the points are too low(i dont know the standard of point i should give,newcomer here) ,i will wait it increasing and give it to you ,but hope you wait a little bit long time.
You might do very well to get yourself a copies of:
"PC Magazine's Programmer's Technical Reference:  The Processor and Coprocessor" by Robbert L Hummel
"Undocumented Windows" and "Undocumented Windows 95" by Andrew Schulman
"Inside Windows 95" Adrian King

These may answer your questions better than I.  

>> why 16 bit segment dont start at 0
A 16 bit segment has only a 16 bit length, which is 64K.  If they all started at 0 they woudl all have to share the first 64K of memory.  Instead they can start at any paragraph boundary (multiples of 16) in the first Meg of memory.  In unprotected mode (original DOS) the segment register is loaded with a segment address, which is the starting address of the segment divided by 16.  In protected mode the segment is loaded with a selector that indexes a segment descriptor that defines a length for the segment that is 64K.

>> What's differences between 16bit program
>> and 32bits program in essence?
in the windows world 32 bit programs use 32 addressing and 16 bit programs use 16 bit segmented addressing.  The 32 bit program can generate addresses anywhere in a single 4 Gig space (not all addresses are legal, however).  The 16 bit program can generate addresses that are 16 bit offset into 64K long segments.  The segments are located in the first meg (approximately) of linear memory  (because of paging and seperate address spaces, the first meg of linear memory may not be the first meg of physical (real) memory.)  The 16 bit program must often reload segment registers to change the location of the segments it can currently work with.  This is a relatively inneficient operation.  The 32bit program does not have this overhead.  

>> 2.So ,do you mean all segments point to the same
>> base address 0x00000000 if it's 32bits program?
Yes.  but keep in mind that each process has its own memory space.  so that base address (or any other address) is in the "linear" address space of that process, not the physcial address in memory (RAM).  So if  one process stores 1 at address 0 (which actually wouldn't be allowed, that is memory used by the OS) another process will not see that value at address 0, because it is in a seperate address space.
>>does this feature(I mean all begin at 0x00000000)
>> provide by CPU or specify by OS or compiler?
This feature is governed mostly by the windows OS design, the 80386 and later processors can support more complex memory desgins than the flat mode choosen by win32, but those designs really aren't necessary, at least not unless you are running out of memory in the 32bit address space of a single process, which is unlikely.  The CPU and compiler all work together in this scheme, but really its existance is dictated by the memory model chosen by win32--32bit flat.

>> Can i change the base address?
No.  It can be changed, but only the OS can change it.  (At least in a properly running OS a protected mode application cannot alter the descripton tables.) So windows ould change the base address, but never does as the memory model is 32bit flat.

>> where can I download a debugger
I don't know of any free ones.  I would recommend the numega soft-ice debugger, about $400.  I'm not sure if the debugger with VC will allow you to look at descriptor tables or not.  It might.

The points seem about right.
binarydreamAuthor Commented:
Thank you ,dear nietod!!!!!!

I have gotten soft-ice for win95 ,is it okay?
Can I use it in win98,win2000?

Final probs:

1:Would you please tell me where I can get some tutorial or so about how to use soft-ice to debug window program?

The help file is too unfriendly ,dont help much,i need a hand-on-hand tutorial or something alike.

>>At least in a properly running OS a protected mode application cannot alter >>the descripton tables.

2.SO,do you mean The flat memory is chosen by establishing the GDT by the OS or by other means(e.g,by switch a register bit or..)?

Best wishes to you.
You probably can use it for win98.  I'm not sure about that though.  You almost certainly cannot use it for win2000.  Win2000 is very similar to NT not win95. But numega does sell a package for working on all the windows platforms and they are likely to offer a win2000 version with that.

>> where I can get some tutorial or so
>> about how to use soft-ice
I don't know of any.  If you contact numega they might know of some.  There isn't much to it.  Its a low-level debugger so it doesn't have many fancy features to learn.  99% of your debugging can be done in a high level debugger, like VC's or BCB's integrated debuggers.  You only need soft-ice for rare occasions--like poking through window's memory.

>> The flat memory is chosen by establishing
Yes.  The OS sets up the descriptor tables and related information for 32-bit programs so that they have a flat memory model.
binarydreamAuthor Commented:
So,How can I find the content of the descirptor? I even dont know how to activate the SOFT-ICE!!!!
By default, <alt><d> will  bring up soft-ice.  But you need to bring it up in the context of your program.  To do that place a debugger interrupt in the program.  Like in C you can use

_asm int 3;

once in the debugger and in the context of your program, you can use

LDT sel

where "sel" is the numerical value of the selector to look at the descriptor for the selector.

Then use the "g" command to continue the program.
binarydreamAuthor Commented:
I try your suggestion but here are some probs:
1:I run the program in VC ,it stopped at the _asm int 3 and I use alt+d but a debug window of VC pop-up ,not soft-ice.
2:If I run the program as common(not in the context VC),a error pop-up ,the _asm int 3 cause it.
3:whatever situations,alt+d donest activeate soft-ice.
4:I find if i use ctrl+d in win98(my system),same that's soft-ice but the screen shut down into a dark,if i use ctrl+d again ,it back to windows98.
I find installation of soft-ice need me to specify the screen driver,i specify VGA because I CAN NOT find riva128 in it's list.Does this cause the probs?
Simply ,I can not activate soft-ice using alt+d,but using ctrl+d do effects,strange effect as above:(

Would you please give me some cues?

Regarding points,i promise give you extra 50 later.I will do a test:)
thank you very much!!!
>> I use alt+d but a debug window of VC
>> pop-up ,not soft-ice.
Do you have soft-ice loaded?  If so and if alt-d is still the hot-key, then it will pop up soft-ice.

Also don't run this when the VC debugger is loaded and you don't want just-in-time debugging on.  Otherwise the int3 will pop-up the VC debugger.

>> I find if i use ctrl+d
Perhaps control-D is the default, not alt-D.  whichever works.

>> but the screen shut down into a dark
It sounds like the debugger can't use your video card.  (So it can't show you the debug iformation)  You might try reinstalling soft-ice and making sure that you specify the video card you have in your computer.  If you specify the wrong card, it probably won't work.  The techs at numega can probably help you get it working, if needed.   The other option is to get a monochrome monitor and a hercules monochrome card.   Softice will use this monitor to display debugging information so it doesn't need to use your video card.  This is the method I use and it works great.  (You can watch both monitors simultaneously, so it is ideal.)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.