Software Archive
Read-only legacy content
17060 Discussions

using different bases for code, data and stack segments

rile
Beginner
‎07-25-2007 07:35 AM
804 Views

Hello,

I have a question regarding the memory models. As far as I know under windows, CS and DS "overlap" i.e. they have the same base address in the LDT.THe consequence is thatit is possible to dynamically generate code as data (thunking) and execute it.

My question is: is there a good reason why is mechanism built into IA32 since x386 not being used? in my mind, if entries in LDT for CS, DS and SS had different bases, with proper limits,there would be no possiblity of executing data or segment at all, thus improving security.

Are there any OS-s that run on intel platforms that actually separate those segments?

Thank you

0 Kudos

Link Copied

2 Replies
Intel_Software_Netw1
Beginner
‎08-28-2007 10:08 AM
804 Views

This question has made the rounds among our various technicalcontacts, but we haven't yet found any answers for you.

Are there others reading this who can provide input?

==

Lexi S.

IntelSoftware NetworkSupport

http://www.intel.com/software

Contact us

0 Kudos
Copy link
jimdempseyatthecove
Honored Contributor III
‎08-30-2007 02:50 PM
804 Views

This is a consequence of "Flat Model" programming where code and data lie within a unified address space.

Note, while by convention in "Flat Model" mode CS, DS and SS all map to the same virtual address it is up to the operating system to manage the virtual addres page tables. Newer revisions of the IA32 and EMT64 processors have added an Execute Disable bit to the page table entries. Thus on newer processors and on newer operating systems that use Execute Disable you can protect various address ranges (pages).

Since Windows XP SP2 you have the option of using Execute Disable

http://msdn2.microsoft.com/en-us/library/bb430720.aspx

Jim Dempsey

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.