Getting the GDT and LDT dump

[sleeper]

Is it possible to get a dump of the GDT an LDT tables using WinDBG?

I know you could do it in softice, but I was wondering if there was a
way in WinDBG

[Ivan Brugiolo [MSFT]]

there is the `!idt` command, and, there are registers exposed

//-------------------- decode IDT table entry
1: kd> r idtr
idtr=8501d8e0
1: kd> dc 8501d8e0
8501d8e0 0008f1d0 81848e00 0008f350 81848e00 ........P.......
8501d8f0 00580000 00008500 0008f7a4 8184ee00 ..X.............
8501d900 0008f92c 8184ee00 0008fa8c 81848e00 ,...............
8501d910 0008fc00 81848e00 00080270 81858e00 ........p.......
8501d920 00500000 00008500 00080698 81858e00 ..P.............
8501d930 000807bc 81858e00 000808fc 81858e00 ................
8501d940 00080b5c 81858e00 00080e44 81858e00 \.......D.......
8501d950 00081524 81858e00 000818b4 81858e00 $...............

------- int #3

0008 <--------------- selector
f7a4 8184
e
e
00
^------ type = IDT gate
^^^^^^^^^--------------- Address 8184f7a4

//-------------------------

1: kd> r gdtr
gdtr=8501d4e0
1: kd> dc 8501d4e0
8501d4e0 00000000 00000000 0000ffff 00cf9b00 ................
8501d4f0 0000ffff 00cf9300 0000ffff 00cffb00 ................
8501d500 0000ffff 00cff300 80c020ab 85008b01 ......... ......
8501d510 600020b8 85409301 00004000 0040f300 . .`..@..@....@.
8501d520 0400ffff 0000f200 00000000 00000000 ................
8501d530 a4000068 85008901 a4700068 85008901 h.......h.p.....
8501d540 00000000 00000000 00000000 00000000 ................
8501d550 100003ff 82009288 00000000 00000000 ................
// decode the entry for `fs` register fs = 0x30
1: kd> ?30/8
Evaluate expression: 6 = 00000006
1: kd> * 80c0
20ab
85
008b
01
^^^^------^^-----^^
(3) (1) (2)
1: kd> dc 850180c0
850180c0 00000000 85006de0 00000010 00000000 .....m..........
850180d0 00000000 00000000 00000000 00000000 ................
850180e0 00000000 00000000 00000000 00000000 ................
850180f0 00000000 00000000 00000000 00000000 ................
85018100 00000000 00000000 00000000 00000000 ................
85018110 00000000 00000000 00000000 00000000 ................
85018120 00000000 20ac0000 18000004 00000018 ....... ........
85018130 00000000 00000000 00000000 00000000 ................
1: kd>

--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"sleeper" <TheFa...@gmail.com> wrote in message
news:1157075719....@i42g2000cwa.googlegroups.com...

[sleeper]

this question is not quite related to GDT or LDT, well maybe it is :)

I was curious, when I put in

0:007> rds
ds=00000023
0:007> rcs
cs=0000001b

what exactly do those mean? I mean the values. Someone was telling me
that those are sort of an index into the GDT and this will have some
sort of descriptor that will explain where in physical memory those
segments reside? But I am not sure about that. It doesn't quite make
sense to me.

So for example, in my data segment selector, it has 00000023, can
someone give me a thorough explaination of what that number means?

Thanks in advance.

[Ivan Brugiolo [MSFT]]

Chapter 3 of 25366820.pdf and/or chapter 2 of 24592.pdf
will give you all the details.

In a given operative mode of the CPU, certain bits of the segment register
are inxes in the GDT or LDT table.
The entry in the GDT or LDT describes the base address, the limit and
certain protection attributes of the segment.

--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"sleeper" <TheFa...@gmail.com> wrote in message

news:1157326933.3...@i42g2000cwa.googlegroups.com...