深入解析GDT

深入解析 GDTCPU相信大家都知道是什么，但GDT对于一些不搞底层的人，知道的可能就不多了。

GDT是 global descriptor table的缩写，相应的还有个 1、留后门，就是进入 R0后设置（R3）进入 R0的后门（如调用门、中断门、任务门等）。

2、了解/编写操作系统。微软的 Windows经历了很多变化，如今都到了 Windows 10。但这对咱有意思吗？顶多认识了解和应用/利用。好像有不少的变化（PC端）都是基于硬件的，基于软件的算法不说。

3、虚拟化。如 intel-VT就要设置许多段（如 cs、ss、ds、es、fs、gs等）的 Base、Limit、access rights、Selectors等。

好了，废话不多说，进入正题。以 Windows系统为例进行分析。

kd vertarget

Windows XP Kernel Version 2600 (Service Pack 3) MP (1 procs) Free x86 compatible

Built by: 2600.xpsp_sp3_qfe.130704-0421

Machine Name:

Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055e720

Debug session time: Thu Aug 6 14:25:16.468 2015 (UTC + 8:00)

System Uptime: 0 days 0:01:19.984

这是操作系统的环境信息，GDT是由 GDTR指向的。

kd r gdtr

gdtr=8003f000

其大小为：kdr gdtlgdtl=000003ff

其全部的内容为：

kd db 8003f000 L(000003ff + 1)

00 00 00 00 00 00 00 00-ff ff 00 00 00 9b cf 00

ff ff 00 00 00 93 cf 00-ff ff 00 00 00 fb cf 00

ff ff 00 00 00 f3 cf 00-ab 20 00 20 04 8b 00 80 ......... . ....

8003f000

8003f010

8003f020

8003f030

8003f040

8003f050

8003f060

8003f070

8003f080

8003f090

8003f0a0

8003f0b0

8003f0c0

8003f0d0

8003f0e0

8003f0f0

8003f100

8003f110

8003f120

8003f130

8003f140

8003f150

8003f160

8003f170

8003f180

8003f190

8003f1a0

8003f1b0

8003f1c0

8003f1d0

8003f1e0

8003f1f0

................

01 00 00 f0 df 93 c0 ff-ff 0f 00 00 00 f3 40 00

ff ff 00 04 00 f2 00 00-00 00 00 00 00 00 00 00

..............@.

................

68 00 00 27 55 89 00 80-68 00 68 27 55 89 00 80

h..'U...h.h'U...

ff ff 40 2f 02 93 00 00-ff 3f 00 80 0b 92 00 00

ff 03 00 70 ff 92 00 ff-ff ff 00 00 40 9a 00 80

ff ff 00 00 40 92 00 80-00 00 00 00 00 92 00 00

00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00

68 00 b8 16 38 89 00 82-00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00

..@/.....?......

...p........@...

....@...........

................

h...8...........

................

ff ff 00 f0 50 9f 00 f8-ff ff 00 00 00 92 00 00

b7 03 40 d0 4f 98 00 80-ff ff 00 00 00 92 00 00

ff ff 00 24 4d 93 40 ba-ff ff 00 24 4d 93 40 ba

....P...........

..@.O...........

...$M.@....$M.@.

ff ff 00 24 4d 93 40 ba-20 f1 03 80 00 00 00 00 ...$M.@. .......

28 f1 03 80 00 00 00 00-30 f1 03 80 00 00 00 00

38 f1 03 80 00 00 00 00-40 f1 03 80 00 00 00 00

48 f1 03 80 00 00 00 00-50 f1 03 80 00 00 00 00

58 f1 03 80 00 00 00 00-60 f1 03 80 00 00 00 00

68 f1 03 80 00 00 00 00-70 f1 03 80 00 00 00 00

78 f1 03 80 00 00 00 00-80 f1 03 80 00 00 00 00

88 f1 03 80 00 00 00 00-90 f1 03 80 00 00 00 00

98 f1 03 80 00 00 00 00-a0 f1 03 80 00 00 00 00

a8 f1 03 80 00 00 00 00-b0 f1 03 80 00 00 00 00

b8 f1 03 80 00 00 00 00-c0 f1 03 80 00 00 00 00

c8 f1 03 80 00 00 00 00-d0 f1 03 80 00 00 00 00

d8 f1 03 80 00 00 00 00-e0 f1 03 80 00 00 00 00

e8 f1 03 80 00 00 00 00-f0 f1 03 80 00 00 00 00

f8 f1 03 80 00 00 00 00-00 f2 03 80 00 00 00 00

(.......0.......

8.......@.......

H.......P.......

X.......`.......

h.......p.......

x...............

................

8003f200

8003f210

8003f220

8003f230

8003f240

8003f250

8003f260

8003f270

8003f280

8003f290

8003f2a0

8003f2b0

8003f2c0

8003f2d0

8003f2e0

8003f2f0

8003f300

8003f310

8003f320

8003f330

8003f340

8003f350

8003f360

8003f370

8003f380

8003f390

8003f3a0

8003f3b0

8003f3c0

8003f3d0

8003f3e0

8003f3f0

08 f2 03 80 00 00 00 00-10 f2 03 80 00 00 00 00 ................

18 f2 03 80 00 00 00 00-20 f2 03 80 00 00 00 00 ........ .......

28 f2 03 80 00 00 00 00-30 f2 03 80 00 00 00 00

38 f2 03 80 00 00 00 00-40 f2 03 80 00 00 00 00

48 f2 03 80 00 00 00 00-50 f2 03 80 00 00 00 00

58 f2 03 80 00 00 00 00-60 f2 03 80 00 00 00 00

68 f2 03 80 00 00 00 00-70 f2 03 80 00 00 00 00

78 f2 03 80 00 00 00 00-80 f2 03 80 00 00 00 00

88 f2 03 80 00 00 00 00-90 f2 03 80 00 00 00 00

98 f2 03 80 00 00 00 00-a0 f2 03 80 00 00 00 00

a8 f2 03 80 00 00 00 00-b0 f2 03 80 00 00 00 00

b8 f2 03 80 00 00 00 00-c0 f2 03 80 00 00 00 00

c8 f2 03 80 00 00 00 00-d0 f2 03 80 00 00 00 00

d8 f2 03 80 00 00 00 00-e0 f2 03 80 00 00 00 00

e8 f2 03 80 00 00 00 00-f0 f2 03 80 00 00 00 00

f8 f2 03 80 00 00 00 00-00 f3 03 80 00 00 00 00

08 f3 03 80 00 00 00 00-10 f3 03 80 00 00 00 00

(.......0.......

8.......@.......

H.......P.......

X.......`.......

h.......p.......

x...............

................

18 f3 03 80 00 00 00 00-20 f3 03 80 00 00 00 00 ........ .......

28 f3 03 80 00 00 00 00-30 f3 03 80 00 00 00 00

38 f3 03 80 00 00 00 00-40 f3 03 80 00 00 00 00

48 f3 03 80 00 00 00 00-50 f3 03 80 00 00 00 00

58 f3 03 80 00 00 00 00-60 f3 03 80 00 00 00 00

68 f3 03 80 00 00 00 00-70 f3 03 80 00 00 00 00

78 f3 03 80 00 00 00 00-80 f3 03 80 00 00 00 00

88 f3 03 80 00 00 00 00-90 f3 03 80 00 00 00 00

98 f3 03 80 00 00 00 00-a0 f3 03 80 00 00 00 00

a8 f3 03 80 00 00 00 00-b0 f3 03 80 00 00 00 00

b8 f3 03 80 00 00 00 00-c0 f3 03 80 00 00 00 00

c8 f3 03 80 00 00 00 00-d0 f3 03 80 00 00 00 00

d8 f3 03 80 00 00 00 00-e0 f3 03 80 00 00 00 00

e8 f3 03 80 00 00 00 00-f0 f3 03 80 00 00 00 00

f8 f3 03 80 00 00 00 00-00 00 00 00 00 00 00 00

(.......0.......

8.......@.......

H.......P.......

X.......`.......

h.......p.......

x...............

................

注意：是 8字节对齐，并不是 8的整数倍。不过这些数据不好看，要解析，这就是我们的任务。其实也可以这样看：

kd dg 0 3ff

P Si Gr Pr Lo

l ze an es ng Flags

Sel

Base

Limit

Type

---- -------- -------- ---------- - -- -- -- -- --------

0000 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b

0010 00000000 ffffffff Data RW Ac 0 Bg Pg P Nl 00000c93

0018 00000000 ffffffff Code RE Ac 3 Bg Pg P Nl 00000cfb

0020 00000000 ffffffff Data RW Ac 3 Bg Pg P Nl 00000cf3

0028 80042000 000020ab TSS32 Busy 0 Nb By P Nl 0000008b

0030 ffdff000 00001fff Data RW Ac 0 Bg Pg P Nl 00000c93

0038 00000000 00000fff Data RW Ac 3 Bg By P Nl 000004f3

0040 00000400 0000ffff Data RW

3 Nb By P Nl 000000f2

0048 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

0050 80552700 00000068 TSS32 Avl 0 Nb By P Nl 00000089

0058 80552768 00000068 TSS32 Avl 0 Nb By P Nl 00000089

0060 00022f40 0000ffff Data RW Ac 0 Nb By P Nl 00000093

0068 000b8000 00003fff Data RW

0070 ffff7000 000003ff Data RW

0078 80400000 0000ffff Code RE

0080 80400000 0000ffff Data RW

0088 00000000 00000000 Data RW

0 Nb By P Nl 00000092

0 Nb By P Nl 0000009a

0 Nb By P Nl 00000092

0090 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

0098 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

00A0 823816b8 00000068 TSS32 Avl 0 Nb By P Nl 00000089

00A8 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

00B0 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

00B8 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

00C0 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

00C8 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

00D0 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

00D8 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

00E0 f850f000 0000ffff Code RE Ac 0 Nb By P Nl 0000009f

00E8 00000000 0000ffff Data RW

00F0 804fd040 000003b7 Code EO

00F8 00000000 0000ffff Data RW

0 Nb By P Nl 00000092

0 Nb By P Nl 00000098

0 Nb By P Nl 00000092

0100 ba4d2400 0000ffff Data RW Ac 0 Bg By P Nl 00000493

0108 ba4d2400 0000ffff Data RW Ac 0 Bg By P Nl 00000493

0110 ba4d2400 0000ffff Data RW Ac 0 Bg By P Nl 00000493

0118 00008003 0000f120 Reserved 0 Nb By Np Nl 00000000

0120 00008003 0000f128 Reserved 0 Nb By Np Nl 00000000

0128 00008003 0000f130 Reserved 0 Nb By Np Nl 00000000

0130 00008003 0000f138 Reserved 0 Nb By Np Nl 00000000

0138 00008003 0000f140 Reserved 0 Nb By Np Nl 00000000

0140 00008003 0000f148 Reserved 0 Nb By Np Nl 00000000

0148 00008003 0000f150 Reserved 0 Nb By Np Nl 00000000

0150 00008003 0000f158 Reserved 0 Nb By Np Nl 00000000

0158 00008003 0000f160 Reserved 0 Nb By Np Nl 00000000

0160 00008003 0000f168 Reserved 0 Nb By Np Nl 00000000

0168 00008003 0000f170 Reserved 0 Nb By Np Nl 00000000

0170 00008003 0000f178 Reserved 0 Nb By Np Nl 00000000

0178 00008003 0000f180 Reserved 0 Nb By Np Nl 00000000

0180 00008003 0000f188 Reserved 0 Nb By Np Nl 00000000

0188 00008003 0000f190 Reserved 0 Nb By Np Nl 00000000

0190 00008003 0000f198 Reserved 0 Nb By Np Nl 00000000

0198 00008003 0000f1a0 Reserved 0 Nb By Np Nl 00000000

01A0 00008003 0000f1a8 Reserved 0 Nb By Np Nl 00000000

01A8 00008003 0000f1b0 Reserved 0 Nb By Np Nl 00000000

01B0 00008003 0000f1b8 Reserved 0 Nb By Np Nl 00000000

01B8 00008003 0000f1c0 Reserved 0 Nb By Np Nl 00000000

01C0 00008003 0000f1c8 Reserved 0 Nb By Np Nl 00000000

01C8 00008003 0000f1d0 Reserved 0 Nb By Np Nl 00000000

01D0 00008003 0000f1d8 Reserved 0 Nb By Np Nl 00000000

01D8 00008003 0000f1e0 Reserved 0 Nb By Np Nl 00000000

01E0 00008003 0000f1e8 Reserved 0 Nb By Np Nl 00000000

01E8 00008003 0000f1f0 Reserved 0 Nb By Np Nl 00000000

01F0 00008003 0000f1f8 Reserved 0 Nb By Np Nl 00000000

01F8 00008003 0000f200 Reserved 0 Nb By Np Nl 00000000

0200 00008003 0000f208 Reserved 0 Nb By Np Nl 00000000

0208 00008003 0000f210 Reserved 0 Nb By Np Nl 00000000

0210 00008003 0000f218 Reserved 0 Nb By Np Nl 00000000

0218 00008003 0000f220 Reserved 0 Nb By Np Nl 00000000

0220 00008003 0000f228 Reserved 0 Nb By Np Nl 00000000

0228 00008003 0000f230 Reserved 0 Nb By Np Nl 00000000

0230 00008003 0000f238 Reserved 0 Nb By Np Nl 00000000

0238 00008003 0000f240 Reserved 0 Nb By Np Nl 00000000

0240 00008003 0000f248 Reserved 0 Nb By Np Nl 00000000

0248 00008003 0000f250 Reserved 0 Nb By Np Nl 00000000

0250 00008003 0000f258 Reserved 0 Nb By Np Nl 00000000

0258 00008003 0000f260 Reserved 0 Nb By Np Nl 00000000

0260 00008003 0000f268 Reserved 0 Nb By Np Nl 00000000

0268 00008003 0000f270 Reserved 0 Nb By Np Nl 00000000

0270 00008003 0000f278 Reserved 0 Nb By Np Nl 00000000

0278 00008003 0000f280 Reserved 0 Nb By Np Nl 00000000

0280 00008003 0000f288 Reserved 0 Nb By Np Nl 00000000

0288 00008003 0000f290 Reserved 0 Nb By Np Nl 00000000

0290 00008003 0000f298 Reserved 0 Nb By Np Nl 00000000

0298 00008003 0000f2a0 Reserved 0 Nb By Np Nl 00000000

02A0 00008003 0000f2a8 Reserved 0 Nb By Np Nl 00000000

02A8 00008003 0000f2b0 Reserved 0 Nb By Np Nl 00000000

02B0 00008003 0000f2b8 Reserved 0 Nb By Np Nl 00000000

02B8 00008003 0000f2c0 Reserved 0 Nb By Np Nl 00000000

02C0 00008003 0000f2c8 Reserved 0 Nb By Np Nl 00000000

02C8 00008003 0000f2d0 Reserved 0 Nb By Np Nl 00000000

02D0 00008003 0000f2d8 Reserved 0 Nb By Np Nl 00000000

02D8 00008003 0000f2e0 Reserved 0 Nb By Np Nl 00000000

02E0 00008003 0000f2e8 Reserved 0 Nb By Np Nl 00000000

02E8 00008003 0000f2f0 Reserved 0 Nb By Np Nl 00000000

02F0 00008003 0000f2f8 Reserved 0 Nb By Np Nl 00000000

02F8 00008003 0000f300 Reserved 0 Nb By Np Nl 00000000

0300 00008003 0000f308 Reserved 0 Nb By Np Nl 00000000

0308 00008003 0000f310 Reserved 0 Nb By Np Nl 00000000

0310 00008003 0000f318 Reserved 0 Nb By Np Nl 00000000

0318 00008003 0000f320 Reserved 0 Nb By Np Nl 00000000

0320 00008003 0000f328 Reserved 0 Nb By Np Nl 00000000

0328 00008003 0000f330 Reserved 0 Nb By Np Nl 00000000

0330 00008003 0000f338 Reserved 0 Nb By Np Nl 00000000

0338 00008003 0000f340 Reserved 0 Nb By Np Nl 00000000

0340 00008003 0000f348 Reserved 0 Nb By Np Nl 00000000

0348 00008003 0000f350 Reserved 0 Nb By Np Nl 00000000

0350 00008003 0000f358 Reserved 0 Nb By Np Nl 00000000

0358 00008003 0000f360 Reserved 0 Nb By Np Nl 00000000

0360 00008003 0000f368 Reserved 0 Nb By Np Nl 00000000

0368 00008003 0000f370 Reserved 0 Nb By Np Nl 00000000

0370 00008003 0000f378 Reserved 0 Nb By Np Nl 00000000

0378 00008003 0000f380 Reserved 0 Nb By Np Nl 00000000

0380 00008003 0000f388 Reserved 0 Nb By Np Nl 00000000

0388 00008003 0000f390 Reserved 0 Nb By Np Nl 00000000

0390 00008003 0000f398 Reserved 0 Nb By Np Nl 00000000

0398 00008003 0000f3a0 Reserved 0 Nb By Np Nl 00000000

03A0 00008003 0000f3a8 Reserved 0 Nb By Np Nl 00000000

03A8 00008003 0000f3b0 Reserved 0 Nb By Np Nl 00000000

03B0 00008003 0000f3b8 Reserved 0 Nb By Np Nl 00000000

03B8 00008003 0000f3c0 Reserved 0 Nb By Np Nl 00000000

03C0 00008003 0000f3c8 Reserved 0 Nb By Np Nl 00000000

03C8 00008003 0000f3d0 Reserved 0 Nb By Np Nl 00000000

03D0 00008003 0000f3d8 Reserved 0 Nb By Np Nl 00000000

03D8 00008003 0000f3e0 Reserved 0 Nb By Np Nl 00000000

03E0 00008003 0000f3e8 Reserved 0 Nb By Np Nl 00000000

03E8 00008003 0000f3f0 Reserved 0 Nb By Np Nl 00000000

03F0 00008003 0000f3f8 Reserved 0 Nb By Np Nl 00000000

03F8 00000000 00000000 Reserved 0 Nb By Np Nl 00000000

我们的功能就是要解析出这样的格式。注意，另外一个话题是：也可以手动分析出这个格式，如：

kd r cs

cs=00000008

然后根据一定的算法得出的结论要如下（一种思路是根据_KGDTENTRY的定义）：

kd dg cs

P Si Gr Pr Lo

Sel

Base

Limit

Type

l ze an es ng Flags

---- -------- -------- ---------- - -- -- -- -- --------

0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b

这个算法就不说了，相信你会的。GDT就是一个（数组格式的）表，里面的每一项是一个 Segment Descriptors。

关于这个的格式，可见 Intel 64 and IA-32 Architectures Software Developer’s Manual（OrderNumber: 325462-055US June 2015）的 Volume 3: System Programming Guide的 3.4.5 SegmentDescriptors小节及附图。

Segment Descriptors具体分两大类：一类是 application (code or data) descriptor，这就是常见的代码/数据段，如大多数的 CS、DS都指向这里；一类是 system descriptor，这里又分为 system-segment descriptors（LDT and TSS segments）。但是，这些结构在 Windows下的定义是什么样的呢？经查 WRK和 WINDBG，结果如下：

// Special Registers for i386

typedef struct _X86_DESCRIPTOR {

USHORT

ULONG

Pad;

Limit;

Base;

} X86_DESCRIPTOR, *PX86_DESCRIPTOR;

// GDT Entry

typedef struct _KGDTENTRY {

USHORT

union {

LimitLow;

BaseLow;

struct {

UCHAR

BaseMid;

Flags1;

// Declare as bytes to avoid alignment

// Problems.

Flags2;

BaseHi;

} Bytes;

struct {

ULONG

BaseMid : 8;

ULONG

Type : 5;//把 S位包含进去了，也就是是否为系统段描述符的位。

Dpl : 2;

Pres : 1;

LimitHi : 4;

Sys : 1;//即 AVL，系统软件自定义的。

Reserved_0 : 1;//LongMode

Default_Big : 1;//即 INTEL的 D/B (default operation size/default stack

pointer size and/or upper bound) flag

ULONG

Granularity : 1;

BaseHi : 8;

} Bits;

} HighWord;

} KGDTENTRY, *PKGDTENTRY;

为什么定义的名字是 KGDTENTRY呢？其实你想想结构的位置。这个其实就是SegmentDescriptors，但是定义和 Intel的不完全一样。

kd dt nt!_KGDTENTRY

+0x000 LimitLow

+0x002 BaseLow

+0x004 HighWord

kd dt nt!_KGDTENTRY -b

+0x000 LimitLow

+0x002 BaseLow

+0x004 HighWord

+0x000 Bytes

: Uint2B

: __unnamed

: Uint2B

: __unnamed

: UChar

+0x000 BaseMid

+0x001 Flags1

: UChar

+0x002 Flags2

: UChar

+0x003 BaseHi

+0x000 Bits

: UChar

: __unnamed

+0x000 BaseMid

+0x000 Type

: Pos 0, 8 Bits

: Pos 8, 5 Bits

: Pos 13, 2 Bits

: Pos 15, 1 Bit

: Pos 16, 4 Bits

: Pos 20, 1 Bit

: Pos 21, 1 Bit

: Pos 22, 1 Bit

: Pos 23, 1 Bit

: Pos 24, 8 Bits

+0x000 Dpl

+0x000 Pres

+0x000 LimitHi

+0x000 Sys

+0x000 Reserved_0

+0x000 Default_Big

+0x000 Granularity

+0x000 BaseHi

上面分析的是 32位下的 Windows系统，再看看64位下Windows的GDT。

0: kd vertarget

Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64

Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603

Machine Name:

Kernel base = 0xfffff800`01e64000 PsLoadedModuleList = 0xfffff800`020ab730

Debug session time: Thu Aug 6 14:37:33.359 2015 (UTC + 8:00)

System Uptime: 0 days 0:13:15.757

0: kd r gdtr

gdtr=fffff80001d51000

0: kd r gdtl

gdtl=007f

0: kd db fffff80001d51000 L(007f + 1)

fffff800`01d51000

fffff800`01d51010

fffff800`01d51020

fffff800`01d51030

fffff800`01d51040

fffff800`01d51050

fffff800`01d51060

fffff800`01d51070

0: kd dg 0 80

00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00 00 00 00 00 9b 20 00-ff ff 00 00 00 93 cf 00 ...... .........

ff ff 00 00 00 fb cf 00-ff ff 00 00 00 f3 cf 00

................

00 00 00 00 00 fb 20 00-00 00 00 00 00 00 00 00 ...... .........

67 00 80 20 d5 8b 00 01-00 f8 ff ff 00 00 00 00 g.. ............

00 3c 00 a0 f9 f3 40 ff-00 00 00 00 00 00 00 00 .....@.........

ff ff 00 00 00 9a cf 00-00 00 00 00 00 00 00 00 ................

00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

P Si Gr Pr Lo

l ze an es ng Flags

Sel

Base

Limit

Type

---- ----------------- ----------------- ---------- - -- -- -- -- --------

0000 00000000`00000000 00000000`00000000 Reserved 0 Nb By Np Nl 00000000

0008 00000000`00000000 00000000`00000000 Reserved 0 Nb By Np Nl 00000000

0010 00000000`00000000 00000000`00000000 Code RE Ac 0 Nb By P Lo 0000029b

0018 00000000`00000000 00000000`ffffffff Data RW Ac 0 Bg Pg P Nl 00000c93

0020 00000000`00000000 00000000`ffffffff Code RE Ac 3 Bg Pg P Nl 00000cfb

0028 00000000`00000000 00000000`ffffffff Data RW Ac 3 Bg Pg P Nl 00000cf3

0030 00000000`00000000 00000000`00000000 Code RE Ac 3 Nb By P Lo 000002fb

0038 00000000`00000000 00000000`00000000 Reserved 0 Nb By Np Nl 00000000

0040 00000000`01d52080 00000000`00000067 TSS32 Busy 0 Nb By P Nl 0000008b

0048 00000000`0000ffff 00000000`0000f800 Reserved 0 Nb By Np Nl 00000000

0050 ffffffff`fff9a000 00000000`00003c00 Data RW Ac 3 Bg By P Nl 000004f3

0058 00000000`00000000 00000000`00000000 Reserved 0 Nb By Np Nl 00000000

0060 00000000`00000000 00000000`ffffffff Code RE

0 Bg Pg P Nl 00000c9a

0068 00000000`00000000 00000000`00000000 Reserved 0 Nb By Np Nl 00000000

0070 00000000`00000000 00000000`00000000 Reserved 0 Nb By Np Nl 00000000

0078 00000000`00000000 00000000`00000000 Reserved 0 Nb By Np Nl 00000000

0080 Unable to get descriptor

WRK及WINDBG的相关（验证）信息如下：

// Special Registers for AMD64.

typedef struct _AMD64_DESCRIPTOR {

USHORT

Pad[3];

Limit;

ULONG64 Base;

} AMD64_DESCRIPTOR, *PAMD64_DESCRIPTOR;

typedef union _KGDTENTRY64 {

struct {

USHORT

LimitLow;

BaseLow;

USHORT

union {

struct {

UCHAR

BaseMiddle;

Flags1;

Flags2;

BaseHigh;

} Bytes;

struct {

ULONG

BaseMiddle : 8;

ULONG

Type : 5;//把 S位包含进去了，也就是是否为系统段描述符的位。

Dpl : 2;

Present : 1;

LimitHigh : 4;

System : 1;//即 AVL，系统软件自定义的。

LongMode : 1;

DefaultBig : 1;//即 INTEL的 D/B (default operation size/default

stack pointer size and/or upper bound) flag。

ULONG

Granularity : 1;

BaseHigh : 8;

} Bits;

};

//ULONG BaseUpper;

//ULONG MustBeZero;

};

//ULONG64 Alignment;

} KGDTENTRY64, *PKGDTENTRY64;

0: kd dt _KGDTENTRY64

hal!_KGDTENTRY64

+0x000 LimitLow

+0x002 BaseLow

+0x004 Bytes

: Uint2B

: unnamed-tag

: Uint4B

+0x004 Bits

+0x008 BaseUpper

+0x00c MustBeZero

+0x000 Alignment

0: kd dt _KGDTENTRY64 -b

hal!_KGDTENTRY64

+0x000 LimitLow

+0x002 BaseLow

+0x004 Bytes

: Uint4B

: Uint8B

: Uint2B

: unnamed-tag

+0x000 BaseMiddle

+0x001 Flags1

: UChar

+0x002 Flags2

: UChar

+0x003 BaseHigh

: UChar

+0x004 Bits

: unnamed-tag

: Pos 0, 8 Bits

: Pos 8, 5 Bits

: Pos 13, 2 Bits

: Pos 15, 1 Bit

: Pos 16, 4 Bits

: Pos 20, 1 Bit

: Pos 21, 1 Bit

: Pos 22, 1 Bit

: Pos 23, 1 Bit

: Pos 24, 8 Bits

: Uint4B

+0x000 BaseMiddle

+0x000 Type

+0x000 Dpl

+0x000 Present

+0x000 LimitHigh

+0x000 System

+0x000 LongMode

+0x000 DefaultBig

+0x000 Granularity

+0x000 BaseHigh

+0x008 BaseUpper

+0x00c MustBeZero

+0x000 Alignment

: Uint4B

: Uint8B

注意：

1、以上只分析一个 CPU的情况，如果计算机有多颗 CPU要分别处理。

2、为了和 WINDBG的 DG命令处理/显示的相似，特意根据 INTEL的 Table 3-1. Code- andData-Segment Types，制作一个字符串数组，但还有待改善。

3、GetGdtLimit的这个功能没有相应的 C代码，只有汇编代码（.asm文件），包括 X86

和 X64。最后只有代码了，具体如下：

功能：显示每个 CPU的 GDT信息。

注释：以下结构摘自 WRK。

homepage:http://correy.webs.com注释：需翻墙，有的翻墙软件也打不开。

#include ntifs.h

#include windef.h

#if defined(_AMD64_) || defined(_IA64_) //defined(_WIN64)

// Special Registers for AMD64.

typedef struct _AMD64_DESCRIPTOR {

USHORT

Pad[3];

Limit;

ULONG64 Base;

} AMD64_DESCRIPTOR, *PAMD64_DESCRIPTOR;

typedef union _KGDTENTRY64 {

struct {

USHORT

union {

LimitLow;

BaseLow;

struct {

UCHAR

BaseMiddle;

Flags1;

Flags2;

BaseHigh;

} Bytes;

struct {

ULONG

BaseMiddle : 8;

ULONG

Type : 5;//把 S位包含进去了，也就是是否为系统段描述符的位、

Dpl : 2;

Present : 1;

LimitHigh : 4

System : 1;//即 AVL，系统软件自定义的。

LongMode : 1;

DefaultBig : 1;//即 INTEL的 D/B (default operation size/default

stack pointer size and/or upper bound) flag。

ULONG

Granularity : 1;

BaseHigh : 8;

} Bits;

};

//ULONG BaseUpper;/*经观察，64下的结构的长度是 6字节，不是上面定义的 16

字节。*/

//ULONG MustBeZero;

};

//ULONG64 Alignment;

} KGDTENTRY64, *PKGDTENTRY64;

#else

// Special Registers for i386

typedef struct _X86_DESCRIPTOR {

USHORT

ULONG

Pad;

Limit;

Base;

} X86_DESCRIPTOR, *PX86_DESCRIPTOR;

// GDT Entry

typedef struct _KGDTENTRY {

USHORT

union {

LimitLow;

BaseLow;

struct {

UCHAR

BaseMid;

Flags1;

UCHAR

// Declare as bytes to avoid alignment

// Problems.

Flags2;

BaseHi;

} Bytes;

struct {

ULONG

BaseMid : 8;

ULONG

Type : 5;//把 S位包含进去了，也就是是否为系统段描述符的位。

Dpl : 2;

Pres : 1;

LimitHi : 4;

Sys : 1;//即 AVL，系统软件自定义的。

Reserved_0 : 1;//LongMode

Default_Big : 1;//即 INTEL的 D/B (default operation size/default stack

pointer size and/or upper bound) flag。

ULONG

Granularity : 1;

BaseHi : 8;

} Bits;

} HighWord;

} KGDTENTRY, *PKGDTENTRY;

#endif

根据：Table 3-1. Code- and Data-Segment Types，仿照 WINDBG的 dg命令定义。

char SegmentTypes[][256] = {

"Reserved",//Data Read-Only缩写是：Data RO，也可认为是： Reserved。如果结构

（UINT64）全部为零，也可认为是 Reserved。

"Data RO AC",//Data Read-Only, accessed

"Data RW",//Data Read/Write

"Data RW AC",//Data Read/Write, accessed

"Data RO ED",//Data Read-Only, expand-down

"Data RO ED AC",//Data Read-Only, expand-down, accessed

"Data RW ED",//Data Read/Write, expand-down

"Data RW ED AC",//Data Read/Write, expand-down, accessed

"Code EO",//Code Execute-Only

"Code EO AC",//Code Execute-Only, accessed

"Code RE",//Code Execute/Read加空格以便显示的对齐。

"Code RE AC",//Code Execute/Read, accessed

"Code EO CO",//Code Execute-Only, conforming

"Code EO CO AC",//Code Execute-Only, conforming, accessed

"Code RE CO",//Code Execute/Read, conforming

"Code RE CO AC",//Code Execute/Read, conforming, accessed

"TSS32 Busy ",//这个也可显示只要识别了 TSS及内容。

"TSS32 Avl" //这个在 X86上出现了。

};

DRIVER_UNLOAD DriverUnload;

VOID DriverUnload(__in PDRIVER_OBJECT DriverObject)

{

#ifdef _X86_

__forceinline PKPCR KeGetPcr (VOID)

{

return (PKPCR)__readfsdword(FIELD_OFFSET(KPCR, SelfPcr));

}

#endif

USHORT NTAPI GetGdtLimit ();//汇编函数。

#if defined(_WIN64)

void show_gdt(int i)

i的取值可以是 0.

{

//SIZE_T IDTR;

//X86_DESCRIPTOR gdtr = {0};//A pointer to the memory location where the IDTR is stored.

//KGDTENTRY * GDT = 0;

USHORT GdtLimit = 0;

SIZE_T r = 0;

PVOID p = 0;

int index = 0;

int maximun = 0;

PKGDTENTRY64 pkgdte;

SIZE_T ISR = 0;

KeSetSystemAffinityThread(i + 1);

pkgdte = KeGetPcr()-GdtBase;//没有__sgdt,也不用 sgdt汇编指令的办法。但是这个获取

的没有长度。

GdtLimit = GetGdtLimit ();//一般等于 0x7f.

KeRevertToUserAffinityThread();

//p = &gdtr.Limit;

//r = * (SIZE_T *)p;

//pkgdte = (PKGDTENTRY)r;

其实直接 maximun = (idtr.Base + 1) / sizeof(KIDTENTRY);也可以。maximun一般等于 256。

//if (gdtr.Pad % sizeof(KIDTENTRY) == 0) {

maximun = gdtr.Pad / sizeof(KIDTENTRY);

//} else {

maximun = gdtr.Pad / sizeof(KIDTENTRY);

maximun++;

//}

//if (GdtLimit % sizeof(KGDTENTRY64) == 0) {

maximun = GdtLimit / sizeof(KGDTENTRY64);

//} else {

maximun = GdtLimit / sizeof(KGDTENTRY64);

maximun++;//一般是 128.

//}

maximun = (GdtLimit + 1) / sizeof(KGDTENTRY64);

显示格式：

CPU SN Sel

Base

Limit

Type

Pl Size Gran Pres Long

Flags

注释：CPU和 SN是自己添加的。SN即 Segment Name，如 CS、DS、FS等。

KdPrint(("Sel

Base

Limit

Type

DPl Size Gran Pres

Long Flags\n"));//CPU SN

KdPrint(("---- ---------------- ---------------- ------------- --- ---- ---- ---- ---- --------\n"));//--- --

KdPrint(("\n"));

for ( ;index maximun ;index++ )

{

PKGDTENTRY64 pkgdte_t = &pkgdte[index];

SIZE_T Base = 0;

SIZE_T Limit = 0;

ULONG

Type = 0;

char * size = NULL;

char * Granularity = NULL;

char * Present = NULL;

char * LongMode = NULL;

int

Flags = 0;

Base = pkgdte_t-Bits.BaseHigh;

Base = (Base 24);

Base += (pkgdte_t-BaseLow + (pkgdte_t-Bits.BaseMiddle 16));

Limit = pkgdte_t-LimitLow + (pkgdte_t-Bits.LimitHigh 16);

if (pkgdte_t-Bits.DefaultBig && Base)

{

//扩充高位为 1.即 F.

Base += 0xffffffff00000000;

}

if (pkgdte_t-Bits.DefaultBig && pkgdte_t-Bits.Granularity)

{

//扩充高位为 1.即 F.

SIZE_T t = Limit;

Limit = (Limit 12);

Limit += PAGE_SIZE - 1;

}

Type = pkgdte_t-Bits.Type;

_bittestandreset(&Type, 4);//因为这个包含了 S位，所以要清除这个位标志。

if (pkgdte_t-Bits.DefaultBig)

{

size = "Bg ";//Big加空格是为了对齐显示。

}

else

{

size = "Nb ";//Not Big加空格是为了对齐显示。

}

if (pkgdte_t-Bits.Granularity)

{

Granularity = "Pg ";//Page加空格是为了对齐显示。

}

else

{

Granularity = "By ";//Byte加空格是为了对齐显示。

}

if (pkgdte_t-Bits.Present)

{

Present = "P ";//Present加空格是为了对齐显示。

}

else

{

Present = "NP ";//NO Present加空格是为了对齐显示。

}

if (pkgdte_t-Bits.LongMode)

{

LongMode = "Lo ";//Long加空格是为了对齐显示。

}

else

{

LongMode = "Nl ";//NO long加空格是为了对齐显示。

}

Flags = (pkgdte_t-Bytes.Flags2 4);//去掉 Segment limit的那几位。

Flags = Flags 8;

Flags = Flags + pkgdte_t-Bytes.Flags1;

KdPrint(("%04x %p %p %13s %03x %s %s %s %s 0x%04x\n",

index * 8, //sizeof (KGDTENTRY)

Base,

Limit,

SegmentTypes[Type],

pkgdte_t-Bits.Dpl,

size,

Granularity,

Present,

LongMode,

Flags

));

}

#else

void show_gdt(int i)

i的取值可以是 0.

{

//SIZE_T IDTR;

//X86_DESCRIPTOR gdtr = {0};//A pointer to the memory location where the IDTR is stored.

//KGDTENTRY * GDT = 0;

USHORT GdtLimit = 0;

SIZE_T r = 0;

PVOID p = 0;

int index = 0;

int maximun = 0;

PKGDTENTRY pkgdte;

SIZE_T ISR = 0;

KeSetSystemAffinityThread(i + 1);

pkgdte = KeGetPcr()-GDT;//没有__sgdt,也不用 sgdt汇编指令的办法。但是这个获取的没

有长度。

GdtLimit = GetGdtLimit ();//一般等于 0x3ff.

KeRevertToUserAffinityThread();

//p = &gdtr.Limit;

//r = * (SIZE_T *)p;

//pkgdte = (PKGDTENTRY)r;

其实直接：

maximun = (idtr.Base + 1) / sizeof(KIDTENTRY);

也可以。

maximun一般等于 256.

//if (gdtr.Pad % sizeof(KIDTENTRY) == 0) {

maximun = gdtr.Pad / sizeof(KIDTENTRY);

//} else {

maximun = gdtr.Pad / sizeof(KIDTENTRY);

maximun++;

//}

if (GdtLimit % sizeof(KGDTENTRY) == 0) {

maximun = GdtLimit / sizeof(KGDTENTRY);

} else {

maximun = GdtLimit / sizeof(KGDTENTRY);

maximun++;//一般是 128.

}

显示格式：

CPU SN Sel

Base

Limit

Type

Pl Size Gran Pres Long

Flags

--- -- ---- ----------------- ----------------- ---------- -- ---- ---- ---- ---- --------

注释：CPU和 SN是自己添加的。SN即 Segment Name,如：CS，DS，FS等.

KdPrint(("Sel

Base

Limit

Type DPl Size Gran Pres Long

Flags\n"));//CPU SN

KdPrint(("---- -------- ------------- ------------- --- ---- ---- ---- ---- --------\n"));//--- --

KdPrint(("\n"));

for ( ;index maximun ;index++ )

{

PKGDTENTRY pkgdte_t = &pkgdte[index];

SIZE_T Base = 0;

SIZE_T Limit = 0;

ULONG

Type = 0;

char * size = NULL;

char * Granularity = NULL;

char * Present = NULL;

char * LongMode = NULL;

int

Flags = 0;

//注意：0x38处的值不停的变化。

USHORT

ULONG

BaseLow = pkgdte_t-BaseLow;

BaseMid = pkgdte_t-HighWord.Bits.BaseMid;

BaseHi = pkgdte_t-HighWord.Bits.BaseHi;

Base = (BaseHi 24) + (BaseMid 16) + BaseLow;//其实用位与更快 |。

(pkgdte_t-HighWord.Bits.Granularity

BooleanFlagOn(pkgdte_t-HighWord.Bits.Type, 2 ) ) {//关于标志位及算法，见权威资料。

Limit = pkgdte_t-LimitLow + (pkgdte_t-HighWord.Bits.LimitHi 16);

Limit *= PAGE_SIZE;

Limit += PAGE_SIZE - 1;

} else {

Limit = pkgdte_t-LimitLow + (pkgdte_t-HighWord.Bits.LimitHi 16);

}

Type = pkgdte_t-HighWord.Bits.Type;

_bittestandreset(&Type, 4);//因为这个包含了 S位，所以要清除这个位标志。

if (pkgdte_t-HighWord.Bits.Default_Big)

{

size = "Bg ";//Big加空格是为了对齐显示。

}

else

{

size = "Nb ";//Not Big加空格是为了对齐显示。

}

if (pkgdte_t-HighWord.Bits.Granularity)

{

Granularity = "Pg ";//Page加空格是为了对齐显示。

}

else

{

Granularity = "By ";//Byte加空格是为了对齐显示。

}

if (pkgdte_t-HighWord.Bits.Pres)

{

Present = "P ";//Present加空格是为了对齐显示。

}

else

{

Present = "NP ";//NO Present加空格是为了对齐显示。

}

if (pkgdte_t-HighWord.Bits.Reserved_0)

{

LongMode = "Lo ";//Long加空格是为了对齐显示。

}

else

{

LongMode = "Nl ";//NO long加空格是为了对齐显示。

}

Flags = (pkgdte_t-HighWord.Bytes.Flags2 4);//去掉 Segment limit的那几位。

Flags = Flags 8;

Flags = Flags + pkgdte_t-HighWord.Bytes.Flags1;

KdPrint(("%04x %p %p %13s %03x %s %s %s %s 0x%04x\n",

index * 8, //sizeof (KGDTENTRY)

Base,

Limit,

SegmentTypes[Type],

pkgdte_t-HighWord.Bits.Dpl,

size,

Granularity,

Present,

LongMode,

Flags

));

}

#endif

#pragma INITCODE

DRIVER_INITIALIZE DriverEntry;

NTSTATUS DriverEntry(__in struct _DRIVER_OBJECT * DriverObject, __in PUNICODE_STRING

RegistryPath)

{

int i = 0;

KdBreakPoint();

DriverObject-DriverUnload = DriverUnload;

for

(

KeNumberProcessors

;i++

)//KeQueryMaximumProcessorCount()

KeGetCurrentProcessorNumber

{

show_gdt(i);

}

return STATUS_SUCCESS;

}

结果及验证如下：

32位 Windows的结果：

kd g

Sel

Base

Limit

Type DPl Size Gran Pres Long Flags

---- -------- ------------- ------------- --- ---- ---- ---- ---- --------

0000 00000000 00000000

0008 00000000 FFFFFFFF

0010 00000000 FFFFFFFF

0018 00000000 FFFFFFFF

0020 00000000 FFFFFFFF

0028 80042000 000020AB

0030 FFDFF000 00001FFF

0038 00000000 00000FFF

0040 00000400 0000FFFF

0048 00000000 00000000

0050 80552700 00000068

Reserved 000 Nb

Code RE AC 000 Bg

Data RW AC 000 Bg

Code RE AC 003 Bg

Data RW AC 003 Bg

Code RE AC 000 Nb

Data RW AC 000 Bg

Data RW AC 003 Bg

Data RW 003 Nb

0x0000

0x0c9b

0x0c93

0x0cfb

0x0cf3

0x008b

0x0c93

0x04f3

0x00f2

0x0000

0x0089

Reserved 000 Nb

Code EO AC 000 Nb

0058 80552768 00000068

0060 00022F40 0000FFFF

0068 000B8000 00003FFF

0070 FFFF7000 000003FF

0078 80400000 0000FFFF

0080 80400000 0000FFFF

0088 00000000 00000000

0090 00000000 00000000

0098 00000000 00000000

00a0 823816B8 00000068

00a8 00000000 00000000

00b0 00000000 00000000

00b8 00000000 00000000

00c0 00000000 00000000

00c8 00000000 00000000

00d0 00000000 00000000

00d8 00000000 00000000

Code EO AC 000 Nb

Data RW AC 000 Nb

Data RW 000 Nb

0x0089

0x0093

0x0092

0x009a

0x0092

0x0000

0x0089

0x0000

0x009f

0x0092

0x0098

0x0092

0x0493

0x0000

Data RW 000 Nb

Code RE 000 Nb

Data RW 000 Nb

Reserved 000 Nb

Code EO AC 000 Nb

Reserved 000 Nb

00e0 F850F000 0000FFFF Code RE CO AC 000 Nb

00e8 00000000 0000FFFF

00f0 804FD040 000003B7

00f8 00000000 0000FFFF

0100 BA4D2400 0000FFFF

0108 BA4D2400 0000FFFF

0110 BA4D2400 0000FFFF

0118 00008003 0000F120

0120 00008003 0000F128

0128 00008003 0000F130

0130 00008003 0000F138

0138 00008003 0000F140

0140 00008003 0000F148

0148 00008003 0000F150

0150 00008003 0000F158

0158 00008003 0000F160

0160 00008003 0000F168

0168 00008003 0000F170

0170 00008003 0000F178

0178 00008003 0000F180

0180 00008003 0000F188

0188 00008003 0000F190

0190 00008003 0000F198

0198 00008003 0000F1A0

01a0 00008003 0000F1A8

01a8 00008003 0000F1B0

01b0 00008003 0000F1B8

Data RW 000 Nb

Code EO 000 Nb

Data RW 000 Nb

Data RW AC 000 Bg

Reserved 000 Nb

01b8 00008003 0000F1C0

01c0 00008003 0000F1C8

01c8 00008003 0000F1D0

01d0 00008003 0000F1D8

01d8 00008003 0000F1E0

01e0 00008003 0000F1E8

01e8 00008003 0000F1F0

01f0 00008003 0000F1F8

01f8 00008003 0000F200

0200 00008003 0000F208

0208 00008003 0000F210

0210 00008003 0000F218

0218 00008003 0000F220

0220 00008003 0000F228

0228 00008003 0000F230

0230 00008003 0000F238

0238 00008003 0000F240

0240 00008003 0000F248

0248 00008003 0000F250

0250 00008003 0000F258

0258 00008003 0000F260

0260 00008003 0000F268

0268 00008003 0000F270

0270 00008003 0000F278

0278 00008003 0000F280

0280 00008003 0000F288

0288 00008003 0000F290

0290 00008003 0000F298

0298 00008003 0000F2A0

02a0 00008003 0000F2A8

02a8 00008003 0000F2B0

02b0 00008003 0000F2B8

02b8 00008003 0000F2C0

02c0 00008003 0000F2C8

02c8 00008003 0000F2D0

02d0 00008003 0000F2D8

02d8 00008003 0000F2E0

02e0 00008003 0000F2E8

02e8 00008003 0000F2F0

02f0 00008003 0000F2F8

02f8 00008003 0000F300

0300 00008003 0000F308

0308 00008003 0000F310

0310 00008003 0000F318

Reserved 000 Nb

0x0000

0318 00008003 0000F320

0320 00008003 0000F328

0328 00008003 0000F330

0330 00008003 0000F338

0338 00008003 0000F340

0340 00008003 0000F348

0348 00008003 0000F350

0350 00008003 0000F358

0358 00008003 0000F360

0360 00008003 0000F368

0368 00008003 0000F370

0370 00008003 0000F378

0378 00008003 0000F380

0380 00008003 0000F388

0388 00008003 0000F390

0390 00008003 0000F398

0398 00008003 0000F3A0

03a0 00008003 0000F3A8

03a8 00008003 0000F3B0

03b0 00008003 0000F3B8

03b8 00008003 0000F3C0

03c0 00008003 0000F3C8

03c8 00008003 0000F3D0

03d0 00008003 0000F3D8

03d8 00008003 0000F3E0

03e0 00008003 0000F3E8

03e8 00008003 0000F3F0

03f0 00008003 0000F3F8

03f8 00000000 00000000

Reserved 000 Nb

0x0000

64位 Windows的结果：

0: kd g

Sel

Base

Limit

Type

DPl Size Gran Pres Long Flags

---- ---------------- ---------------- ------------- --- ---- ---- ---- ---- --------

0000 0000000000000000 0000000000000000

Reserved 000 Nb

0x0000

0008 0000000000000000 0000000000000000

Reserved 000 Nb

Code RE AC 000 Nb

Data RW AC 000 Bg

0x0000

0010 0000000000000000 0000000000000000

0x029b

0018 0000000000000000 00000000FFFFFFFF

0x0c93

0020 0000000000000000 00000000FFFFFFFF

Code RE AC 003 Bg

0x0cfb

0028 0000000000000000 00000000FFFFFFFF

Data RW AC 003 Bg

Code RE AC 003 Nb

Reserved 000 Nb

Code RE AC 000 Nb

Reserved 000 Nb

Data RW AC 003 Bg

Reserved 000 Nb

Code RE 000 Bg

0x0cf3

0030 0000000000000000 0000000000000000

0x02fb

0038 0000000000000000 0000000000000000

0x0000

0040 0000000001D52080 0000000000000067

0x008b

0048 000000000000FFFF 000000000000F800

0x0000

0050 FFFFFFFFFFFA0000 0000000000003C00

0x04f3

0058 0000000000000000 0000000000000000

0x0000

0060 0000000000000000 00000000FFFFFFFF

0x0c9a

0068 0000000000000000 0000000000000000

Reserved 000 Nb

0x0000

0070 0000000000000000 0000000000000000

0x0000

0078 0000000000000000 0000000000000000

0x0000

Sel

Base

Limit

Type

DPl Size Gran Pres Long Flags

---- ---------------- ---------------- ------------- --- ---- ---- ---- ---- --------

0000 0000000000000000 0000000000000000

Reserved 000 Nb

0x0000

0008 0000000000000000 0000000000000000

Reserved 000 Nb

Code RE AC 000 Nb

Data RW AC 000 Bg

0x0000

0010 0000000000000000 0000000000000000

0x029b

0018 0000000000000000 00000000FFFFFFFF

0x0c93

0020 0000000000000000 00000000FFFFFFFF

0028 0000000000000000 00000000FFFFFFFF

0x0cf3

Code RE AC 003 Bg

0x0cfb

Data RW AC 003 Bg

Code RE AC 003 Nb

Reserved 000 Nb

Code RE AC 000 Nb

Reserved 000 Nb

0030 0000000000000000 0000000000000000

0x02fb

0038 0000000000000000 0000000000000000

0x0000

0040 00000000009F7E40 0000000000000067

0x008b

0048 000000000000FFFF 000000000000F880

0x0000

0050 FFFFFFFFFFFE0000 0000000000007C00

Data RW AC 003 Bg

Reserved 000 Nb

Code RE 000 Bg

0x04f3

0058 0000000000000000 0000000000000000

0x0000

0060 0000000000000000 00000000FFFFFFFF

0x0c9a

0068 0000000000000000 0000000000000000

Reserved 000 Nb

0x0000

0070 0000000000000000 0000000000000000

0x0000

0078 0000000000000000 0000000000000000

0x0000

这里显示 2个，是因为有两颗 CPU。细心的你应该（从对比中）还会发现一些不足和不一样的地方，期待你的改正，剩下的任务也就是你要改正的地方。如添加显示 CPU的个数，及段的名字（特别是系统段，各种门）等。不当之处，敬请指出。

相关推荐

网站分类