Softice (Access the D-Flag)

How do they do this? When you type gdt in softice, it can display all information for the complete Global Descriptor table? I only know there is *NO* instruction of any kinds that allow you to access the hidden part of the descriptor, any source code, explanations, comments and algorithm is greatly appreciated!!!
Thank you
Jack

Of course you can access it... SGDT & LGDT...

If nothing can access it, then why is this for ?

For one single descriptor is 64-bit in length, in which 32-bit base address and 32-bit limit can be accessed with SGDT. However there are 32 bits of information that you cannot access with SGDT, such as the D-Flag...I reckon Softice used some algorithm to access the hidden part, as the table is not in the range of physical address space!Thank you
Jack

BTW, I'm doing this frenzy in Windows XP....

If you refer to Intel Manual Vol 3 somewhere, you will see that a PDE in GDT is 32 bits...

Base Address are the highest 10 bits (22 to 31)

Your Dirty Flag is Bit 6

No No, I am talking section 3-10. Thanks for your reply, have a nice day!
Jack

why my si31 cannot bpx messageboxa but si27 can.
and both si27 and si31 cannot bmsg hwnd wm...

I try many times and I am sure the hwnd of specified window is correct, but Ohh...

my system is win2k pro + sp4
and cpu is AMD Athlon 1.2G

does that cause problems?

cadinfo, please see this thread for the solution to your problem: http://www.exetools.com/forum/showthread.php?s=&threadid=2548

In short, you must switch to the address context of the process you wish to set the breakpoint in using the ADDR command before setting the breakpoint. Also, read on the ATTACH command, it makes this problem less tedious.

Regards