问题描述
0040103A CALL DWORD PTR DS:[40207A] USER32.MessageBoxA
DS: 是什么意思?
推荐答案
该指令正在从位于 ds:[40207A] 的内存中加载新的 EIP 值.即在地址 40207A 处有一个函数指针.(它推送一个返回地址,因为这是一个 call 而不仅仅是一个 jmp.)
The instruction is loading a new EIP value from memory at ds:[40207A]. i.e. there's a function pointer at address 40207A. (And it pushes a return address because this is a call not just a jmp.)
ds: 表示指令正在引用数据段中的内存 - 在现代操作系统上几乎可以被忽略,因为它们以平面地址空间模型(代码、数据和堆栈段)运行都指向同一个内存范围,内存保护通过分页处理).
The ds: means the instruction is referencing memory in the Data Segment - and can pretty much be ignored on modern OSes, since they run with a flat address space model (code, data and stack segments all refer to the same memory range, and memory protection is handled with paging).
ds: 是为了向您展示它绝对是一个内存操作数,并提醒您它使用哪个段/表明没有段覆盖前缀(可能除了 ds 前缀,因为这已经是默认值).
The ds: is there to show you it's definitely a memory operand, and to remind you which segment it uses / show that there were no segment override prefixes (except maybe a ds prefix because that's already the default).
稍微详细说明 - 请注意,为了简单起见,这是在运行 Windows 的 32 位保护模式的上下文中.
A little elaboration - note that, to keep things simple, this is in the context of 32bit protected mode running Windows.
一个段寄存器(CS、DS、SS、ES、FS、GS)持有一个指向描述符的selector.有两个描述符表:全局(GDT)和本地(LDT),并且选择器有一点指示要使用哪个.Windows(几乎?)专门使用全局表.
A segment register (CS,DS,SS,ES,FS,GS) holds a selector pointing to a descriptor. There's two descriptor tables: global (GDT) and local (LDT), and the selector has a bit indicating which to use. Windows (almost?) exclusively uses the global table.
一个描述符基本上是一个{beginning-address, size}对——还有更多,但这超出了本文的范围发布.
A descriptor is basically a {beginning-address, size} pair - there's more to it, but that's outside the scope of this post.
Windows 使用 平面内存模型:每个进程都有一个 4GB 的地址空间,从内存地址开始0,并使用分页来隔离进程.
Windows uses a Flat Memory Model: each process has a 4GB address space starting at memory address 0, and uses paging to isolate processes from eachother.
由于进程具有这种平面视图,它们使用 {0, 4GB} 描述符与所有段一起运行 - 因此,Windows 可以只使用少数全局描述符,而不是为每个进程分配描述符,并让所有进程使用
Since processes have this flat view of the world, they run with all segments using {0, 4GB} descriptors - and thus, instead of allocating per-process descriptors, Windows can use only a few global descriptors and have all processes use those.
Portable Executable 格式定义了 sections,与x86 segments - 即使有一些概念上的重叠.PE EXE 几乎可以有您想要的任何部分布局,但通常情况下是分成(至少)代码(读/执行)、数据(读/写)、资源(只读?).将可执行文件拆分为多个部分可以将 x86 页面级内存保护应用于内存范围.
The Portable Executable format defines sections, which are unrelated to the x86 segments - even if there's some conceptual overlap. The PE EXEs can have pretty much any section layout you wish, but the normal is to split into (at least) code (read/execute), data (read/write), resources (readonly?). Splitting the executable into sections makes it possible to apply x86 page-level memory protection to the memory ranges.
虽然普通段不会改变每个进程,但 Windows 使用 FS 寄存器来指向每个线程 TIB 结构.
While the normal segments don't change per-process, Windows uses the FS register to point to the per-thread TIB structure.
有关概述,请参阅此.这是 80386 上的旧文档,但信息仍然适用.
See this for an overview. This is from an old document on the 80386, but the information still applies.
这篇关于“DS:[40207A]"是什么意思?在组装中的意思?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!