Peterbjornx wrote:
Your structure is wrong, the segment registers are 16 bits long, hence they will only be pushed as uint16_t, not 32_t ( x86 does not require stack alignment on 32 bit words so no upcasting is done ), you are thus reading the wrong parts of the stack.
An important indicator of this failure is getting a value > 0xFFFF for a 16 bit register, which is simply not possible ( your other post where you said "I had no idea a 16 bit int could hold a 24 bit number" is simply nonsensical as a native 16 bit register generally only consists of 16 memory elements )
This is wrong, in 32 bit protected mode all stack pushes are aligned to 32 bit...
Changing it to 16bit and still having the keyword packed will **** up hard time
Incase you change the registers to uint16_t you need to pad the rest 16 bits with an empty/unused variable!
Actually the first 2 digits of your selectors are pretty much right, so simply and them with 0xFFFF or change uint32_t to 2 uint16_t's
This is mine:
Code:
typedef struct
{
// pushed by stub
uint32_t eax;
uint32_t ebx;
uint32_t ecx;
uint32_t edx;
uint32_t esi;
uint32_t edi;
uint32_t ebp;
uint16_t ds, ds_pad;
uint16_t es, es_pad;
uint16_t fs, fs_pad;
uint16_t gs, gs_pad;
uint32_t intr;
uint32_t error;
// pushed by cpu
uint32_t eip;
uint16_t cs, cs_pad;
uint32_t eflags;
uint32_t esp;
uint16_t ss, ss_pad;
} __attribute__((packed)) CPU_STATE;