tags:

views:

57

answers:

1
+1  Q: 

Why is 0x1F segment special in OSX?

Some of the Mach-O executables have an LC_UNIXTHREAD command with the following initial register values:

cmd LC_UNIXTHREAD
    cmdsize 80
     flavor i386_THREAD_STATE
      count i386_THREAD_STATE_COUNT
        eax 0x00000000 ebx    0x00000000 ecx 0x00000000 edx 0x00000000
        edi 0x00000000 esi    0x00000000 ebp 0x00000000 esp 0x00000000
        ss  0x0000001f eflags 0x00000000 eip 0x00002788 cs  0x00000017
        ds  0x0000001f es     0x0000001f fs  0x00000000 gs  0x00000000

The eip is set to the entry point of the app, but for some reason the rest also have a special initial value. (If they are all zeroes, the application crashes randomly because some of the malloc() does not return with clean memory area.) Any idea about the mysterious 0x1F segment?

+1  A: 

What's mysterious about it? You kinda need valid selectors for CS,DS,SS :)

selector 0x17: RPL3, LDT, descriptor index 0x10
selector 0x1F: RPL3, LDT, descriptor index 0x18

Windows (at least win7-32bit) uses the following two:

CODE: 0x1B - RPL3, GDT, descriptor index 0x10
DATA: 0x23 - RPL3, GDT, descriptor index 0x20
snemarch  2010-10-05 08:32:07
90% of my apps has zeroes everywhere (except the eip obviously). What selectors do they use if you do not specify any?
psaghelyi  2010-10-05 12:07:10
That I don't know - try examining descriptor base+size (as well as register contents for "normal" threads) in a debugger.
snemarch  2010-10-05 12:36:15

related questions

Any pitfalls developing C#/.NET code in a Virtual Machine running on a MAC?
Height of NSTextView with one line?
What could prevent OpenGL glDrawPixels from working on some video cards?
What's a good machine for iPhone development?
MacPorts or Fink?
How to Stop NTFS volume auto-mounting on OS X
Any ReSharper equivalent for Xcode?
Rich GUI OS X Frameworks?
How do I open the default mail program with a Subject and Body in a cross-platform way?
Developer Setup for Starting Out with Cocoa/Mac Programming
Drawing a view hierachy into a specific context in Cocoa
Why is the PyObjC documentation so bad?
_wfopen equivalent under Mac OS X
Reading Other Process' Memory in Mac OS / BSD
better command for Windows?
Keep Remote Directory Up-to-date
How do I configure a Vista Ultimate (64bit) account so it can access a SMB share on OSX?
Programmatically talking to a Serial Port in OS X or Linux
I have some RAM to burn - any suggestions?
SQL Client for Mac OS X that works with MS SQL Server
How to tab between buttons on an Mac OS X dialog box
How to tab focus onto a dropdown field in Mac OSX
How-to articles for iPhone development, Objective-C
What are the preferred versions of Vim and Emacs on Mac OS X?
Best subversion client for Mac OS