From: Charles Krug Newsgroups: comp.os.msdos.djgpp Subject: Re: [Q] Is it possible to write-protect the text section ? Date: Tue, 29 Jul 1997 08:57:53 -0400 Lines: 50 Message-ID: <33DDE8D1.303@pentek.com> References: <199707201651 DOT JAA09428 AT adit DOT ap DOT net> NNTP-Posting-Host: mail.pentek.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp Precedence: bulk Nate Eldredge wrote: > > > Does anyone know why the decision was made to have CS and DS refer to the > same region of memory, the program's entire address space? IMHO, CS should > be `text' only, and DS and SS should be `DGROUP' (or whatever it's called) > only. This would keep problems of this sort from occuring, since you can't > write to the CS segment. Yes--but. There is no way to guarantee that the selectors (or segments, in real mode) found in the segment registers do not refer to the same region of memory. Certainly, I could set my segments to point to regions which overlap. Indeed, this is often done in real mode to save address space-- if, for example, your program uses small amounts of near variables. In MS systax assembler, real mode: .dgroup .data (your variables less than 64k) .stack 4096 ; your stack .text lea dx, .dgroup ; get the dgroup into ds push dx pop ds lea dx, .heap ; get the heap into es push dx pop es ( your code etc) .heap Where .heap starts after the end of .text. In this case, since .dgroup is small, you could generate addresses ds:dx that actually point into .text. This would usually have undesirable effects, but not necessarily. For example, Windoze 3.x has a section of code that determines whether or not you're using genuine MS-DOS or a clone. In the beta versions, it would complain and exit. In the release versions, it does nothing. This code is obfuscated and xor encoded. In order to execute, it must be read into .text, then xor'd with its key string, then executed. It is convenient to have both es and cs point to the same region of RAM, in this case, so that x86 string operators can be used. This is documented in "Undocumented DOS" -- Charles Krug, Jr.