How is the implicit segment register of a near pointer determined?

Question

In section 4.3 of Intel 64® and IA-32 Architectures Software Developer's Manual. Volume 1: Basic Architecture, it says:

A near pointer is a 32-bit offset ... within a segment. Near pointers are used for all memory references in a flat memory model or for references in a segmented model where the identity of the segment being accessed is implied.

This leads me to wondering: how is the implied segment register determined?

I know that (%eip) and displaced (%eip) (e.g. -4(%eip)) addresses use %cs by default, and that (%esp) and displaced (%esp) addresses use %ss, but what about (%eax), (%edx), (%edi), (%ebp) etc., and can the implicit segment register depend also on the instruction that the memory address operand appears in?

Answer 1

Other than CS and SS register accesses that you mentioned, most other accesses will use the DS segment register. A couple exceptions that I can recall:

• the string-oriented instructions will use the ES for the 'destination' (implicitly addressed by the EDI register) segment register
• memory accesses using the EBP register as a 'base address' register will use the SS segment register. However, if the EBP register is used as a scaled index register, the segment used will be DS (unless the base address register is ESP)