2 years ago
#57051
rgba
Memory access only possible with stack registers after switching to 32-bit compat mode, in an x86-64 Linux process that started as 64-bit
After trying to switch an x86-64 linux process to 32 bit compatibility mode with an lret, we can't access memory except when addressing with ESP or EBP.
Does anyone have an idea what is going on here?
Example:
.text
.global _start
.code64
_start:
movl $0x23, 4(%rsp)
leal start32, %eax
movl %eax, (%rsp)
lretl // jmp to start32 and change mode to 32 bit
.code32
start32:
leal value, %esp
movl (%esp), %eax // works
leal value, %ebp
movl (%ebp), %eax // works
//leal value, %eax
//movl (%eax), %eax // segfault
//leal value, %ebx
//movl (%ebx), %eax // segfault
//leal value, %ecx
//movl (%ecx), %eax // segfault
//leal value, %edx
//movl (%edx), %eax // segfault
//leal value, %esi
//movl (%esi), %eax // segfault
//leal value, %edi
//movl (%edi), %eax // segfault
//movl value, %eax // segfault
movl $1, %eax // 32 bit style exit
movl $0, %ebx
int $128
.data
value:
.long 0x1337
linux
x86
x86-64
32bit-64bit
memory-segmentation
0 Answers
Your Answer