x86 控制转移权限检查精要
来源:互联网 发布:淘宝天猫数据分析报告 编辑:程序博客网 时间:2024/06/06 16:39
一、 直接转移(far call及 far jmp)
直接转移通过执行一条 call 或 jmp指令,在段内转移不需selector近跳转,段间转移通过selector(不带gate或 tss)远跳转,CPL不改变。
权限检查的4个要素:
★ CPL:当前运行级别(也就是CS.CPL)
★ RPL:门符选择子(RPL for code descriptor)
★ DPL:门符DPL(DPL of code descriptor)
★ nonconforming/conforming:目标代码段类型(C flag of code segment descriptor)
权限的检查:
● 当 nonconforming时:CPL == DPL且 RPL <= DPL
● 当 conforming时:仅需 CPL >= DPL
注意事项:
★可直接转移到conforming 类型的高权限代码。
★转移后CPL不会改变。
二、 使用call gate进行控制权的转移
使用call gate进行转移控制,目的是建立一个利用gate进行向高权限代码转移的一种保护机制。gate符相当一个进入高权限代码的一个通道。
权限检查的5个要素:
★ CPL:当前运行级别(也就是CS.CPL)
★ RPL:门符选择子(RPL for call gate descriptor)
★ DPLg:门符DPL(DPL of call gate descriptor)
★ DPLs:目标代码段DPL(DPL of descstination code segment descriptor)
★ nonconforming/conforming:目标代码段类型(C flag of descstination code segment descriptor)
1、 使用call访问门符时:
● CPL <= DPLg 且 RPL <= DPLg
● 当 nonconforming时:CPL >= DPLs
● 当 conforming 时:CPL >= DPLs
2、 使用jmp访问门符时:
● CPL <= DPLg 且 RPL <= DPLg
● 当nonconforming 时:CPL == DPLs
● 当 conforming 时:CPL >= DPLs
注意事项:
★仅有使用 call 才能转到高权限的nonconforming code segment
★仅有使用 call 转到高权限nonconforming code segment时,才改变CPL并且发生stack切换。
★当使用call或jmp转到高权限conforming code segment时,不会改变CPL并且不发生 stack切换。
Conforming and Non-Conforming Code Segments
Non-conforming code segments are far more common than conforming code segments. The definitions of both follow:
Non-Conforming (you must match me). A code segment with C = 0 is a non-conforming code segment. Code in a non-conforming code segment can only be jumped to or called by programs whose CPL matches the target code segment's DPL (i.e., CPL = DPL).
Conforming (I'll lower myself to your level). A code segment with C = 1 is a conforming code segment. Code in a conforming code segment can be jumped to or called by programs whose CPL is the same as or less privileged than the target segment's DPL. Furthermore, the processor then executes the code in the conforming code segment at the same privilege level as that of the program that called it. In other words, the code in the conforming code segment "conforms to" or assumes the privilege level of the program that called it. The CPL remains the same as that of the calling program.
As an example, if the CPL of the currently executing program = 2, it may successfully call or jump to one of the following:
a non-conforming code segment with a DPL = CPL of the calling program (in other words, the DPL = 2).
a conforming code segment with a privilege level (i.e., a DPL) of 0, 1 or 2.
It cannot jump to or call code in either of the following without causing a GP exception:
a non-conforming code segment with a DPL | its CPL (in this case, privilege level two).
a conforming code segment with a privilege level (i.e., a DPL) of 3.
- x86 控制转移权限检查精要
- x86控制转移及相关的权限检查
- 代码段间转移控制时的特权级检查(JMP/CALL)——《x86汇编语言:从实模式到保护模式》读书笔记28
- 代码段之间转移控制时的特权级检查
- x86 转移指令机器码
- 转移控制
- Vol3.5.8 代码段间转移控制时的检查 【序言】
- 笔记:setAccessible方法启用/禁用权限控制检查
- 第7篇:ui-router登录检查实现权限控制
- 使用注解(Annotation)实现系统登录检查和权限控制
- 权限检查
- 检查权限
- 通过调用门进行控制转移 ——《x86汇编语言:从实模式到保护模式》读书笔记29
- 精要2.5之 流程控制
- 控制转移指令
- 控制转移类指令
- 控制转移(一)
- 控制转移(二)
- 堆栈的切换
- DM6446 Codec Engine问题总结及解决办法
- 调试Tomcat 6.0.35碰到的问题
- GDB筆記.
- Android平台基于Pull方式对XML文件解析及写入
- x86 控制转移权限检查精要
- AMD64 ABI 的几个主要特性
- 保留内存泄漏原因
- x86控制转移及相关的权限检查
- 嵌入式Linux
- TSS的定义
- 描述符相关的几个系统结构
- 段式管理的几个相关寄存器
- char wchar_t WCHAR TCHAR ACHAR