Part 3: Finding the TSS
It is relatively simple to find and display this critical control block
which is used by the hardware for ring transitions.
- Get the debug kernel's attention, so you can
display data.
- The TSS is located via the Task Register (TR),
which is a selctor.
You can find the value in TR
by entering ? TR
Entering RT toggles register terse mode. Try R before and after entering
RT. You can look for TR in the output.
You really do not want TR, but the TSS, which is at TR:0.
DD TR:0 to display
the TSS as doublewords
DT TR:0 to format the TSS.
- The first doubleword is the link field.
It
indicates which TSS called this one through a task gate.
The next two doublewords are the ESP and SS for entry to ring 0.
The next pair of doublewords are unused by OS/2; they would have the ESP
and SS for entry into ring 1.
The next pair of doublewords are the ESP and SS for entry to ring 2.
- To display the stack used at entry to ring 0,
use the DD command with the SS and ESP values from
the TSS; BUT Stacks grow downward, so put -80 after the ESP value. 80
is the number of bytes displayed by default; this will show you the top
of the stack for ring 0, with the saved SS value as the last item shown.
[Back: Part 2: Some Techniques]
[Next: Part 4: Watching a Ring Transition]