On Apr 4, 8:23 am, "Rod Pemberton" <spamt...@[EMAIL PROTECTED]
> wrote:
>
> ELSE IF StackAddrSize = 32
> THEN
> IF OperandSize = 32
> THEN
> ESP <- (ESP - 4);
> IF (SRC is FS or GS)
> THEN
> TEMP = ZeroExtend32(SRC);
> ELSE IF (SRC is IMMEDIATE)
> TEMP = SignExtend32(SRC); FI;
> ELSE
> TEMP = SRC;
> FI;
> SS:ESP <- TEMP; (* Push doubleword *)
> ELSE (* OperandSize = 16*)
> ESP <- (ESP - 2);
> SS:ESP <- SRC; (* Push word *)
> FI;
Hi Rod,
where did you get the above from, can't see it in my Intel pdf's.
Is it an update for later models? Maybe that's why I don't see zero
extension for P4/P3.
I think the reason your seeing EFLAGS (P2) is due to the segment
register being pushed as..
ELSE StackAddrSize = 16
...
ELSE (* OperandSize = 32 *)
...
IF (SRC is CS or DS or ES or SS of FS or GS)
SP <- (SP - 4);
SS:SP <- SRC; (* Push word *) <--not dword for segment reg's
FI;
or something like that..
To test I pushed and popped a known 32 bit value first to put a known
on the stack..
push 66666666h
pop edx
db 66h
push gs
push 55555555h
pop edx
db 66h
push fs
.....
then popped eax and printed it's value 6 times (once for each segment
push) then I would get
1111xCSx
2222xDSx
.....
6666xGSx
If you try to use a debugger to see this then you need to run to a
breakpoint, not step, a least with GRDB...
0100 MOV EDX,88888888 ;upto you
0106 PUSH EDX
0108 POP ECX ;SP-4 still has 88888888
010A PUSH DS ;SP <- (SP - 4), SS:SP <- DS (16bits)
010C POP EAX ;EAX=8888xDSx
010E INT 03 ;Break
run with ->G
Hope this helps.
-- Cranky
|
