Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!sdd.hp.com!wuarchive!uunet!odi!ed
From: ed@odi.com (Ed Schwalenberg)
Newsgroups: comp.windows.ms.programmer
Subject: Re: UAE's - how are they detected
Message-ID: <1991May28.154656.1780@odi.com>
Date: 28 May 91 15:46:56 GMT
References: <1991May25.054957.1151@mnemosyne.cs.du.edu>
Organization: Object Design, Inc.
Lines: 40
In-Reply-To: ebergman@isis.cs.du.edu's message of Sat, 25 May 91 05:49:57 GMT

In article <1991May25.054957.1151@mnemosyne.cs.du.edu> ebergman@isis.cs.du.edu (Eric Bergman-Terrell) writes:
  I understand that an UAE is raised when (among other conditions), a program
  has written to an address outside of its address space.
  How is this detected?  Furthermore, is every "wild write" caught in this
  manner?  If no, what sort of mayhem goes undetected?

In protected mode (standard or enhanced mode) addresses consist of a
selector number and an offset.  A selector number is an index into a
hardware table (called the Local Descriptor Table or LDT, if you want
to Read The Intel Manual) of 8192 "segment descriptors".  For the
purposes of this explanation, the segment descriptors contain 3 items
of information: whether the segment is currently valid, the length of
the segment in bytes, and whether it's a code segment or a data segment.

Now for The Rules:
1. Whenever you use a selector, it must be valid.  In other words, it
   must be something Windows gave you and has not taken away, not a
   random 16-bit number.  Further, you may not put a random 16-bit
   number into a segment register like ES, even if you never use it to
   reference memory.  (Zero is special in this regard: you can put 0 in
   a segment register but you can't reference memory with it.)
2. You may not access data beyond the length of the segment, code or data.
3. You may not execute code in a data segment.
4. You may not write to a code segment.

All of these things (and many others) cause the processor to generate
interrupt #13, General Protection Violation, which (along with other
similar errors) Windows translates into UAE.  For the gory details, read
the 386 processor manual.

All of your Windows programs use the same LDT, which means that if you
get "lucky", a wild write can clobber some data belonging to another
program, including Windows or DOS itself.  A wild write will do one of three
things: clobber your own data, clobber someone else's, or generate a UAE.
It's extremely difficult (but not impossible) to trash a code segment.
One of the selectors maps the LDT itself; if you manage to write over
it you can really lose big!

Each DOS box has its own LDT, so a DOS app generally can't bash the Windows
world and vice versa.