VirtualBox

Opened 12 years ago

Closed 10 years ago

#10947 closed defect (fixed)

Wrong instruction after single-step exception with 'rdtsc' and 'cpuid' => fixed in SVN

Reported by: Kissy Owned by:
Component: VMM Version: VirtualBox 4.2.0
Keywords: rdtsc cpuid Cc:
Guest type: Windows Host type: Windows

Description

This 'Rdtsc' problem only appears without VT-X/AMD-V. 

      .586
      .model flat, stdcall
      option casemap :none   ; case sensitive
      
      include windows.inc
      include kernel32.inc
      include user32.inc 
      includelib kernel32.lib
      includelib user32.lib
     
.data
Flag	dd 0
szRight	db 'Flag Value is right!',0
szWrong	db 'Flag Value is wrong!',0
szInfo	db 'Info:'

.code
start:
	assume fs: nothing
	call @MyCode
	mov     ecx, dword ptr [esp+0Ch]
	mov 	ecx, dword ptr [ecx+0B8h]	;;Ecx = Seh.eip
	.if ecx == offset @WrongExceptionEip
		mov Flag,0
	.else
		mov Flag,1
	.endif
	xor     eax, eax
	retn
	@MyCode:
	push    dword ptr fs:[0]
	mov     dword ptr fs:[0], esp
	push 397h             ;;Set Eflags
	popfd
	rdtsc
	@RightExceptionEip:		;;Normally,Seh.eip should be pointed here
	nop
	@WrongExceptionEip:		;;In Guest system,('Without' VT-X/AMD-V),Seh.eip is pointed here.But 'With' VT-X/AMD-V,Seh.eip is right.
	.if Flag == 1 
		invoke MessageBoxA,0,offset szRight,offset szInfo,MB_OK
	.else 
		invoke MessageBoxA,0,offset szWrong,offset szInfo,MB_OK
	.endif
	invoke ExitProcess,0
end start

This 'Cpuid' problem only appears with VT-X/AMD-V. 

      .586
      .model flat, stdcall
      option casemap :none   ; case sensitive
      
      include windows.inc
      include kernel32.inc
      include user32.inc   
      includelib kernel32.lib
      includelib user32.lib
     
.data
Flag	dd 0
szRight	db 'Flag Value is right!',0
szWrong	db 'Flag Value is wrong!',0
szInfo	db 'Info:'

.code
start:
	assume fs: nothing
	call @MyCode
	mov     ecx, dword ptr [esp+0Ch]
	mov 	ecx, dword ptr [ecx+0B8h]	;;Ecx = Seh.eip
	.if ecx == offset @WrongExceptionEip
		mov Flag,0
	.else
		mov Flag,1
	.endif
	xor     eax, eax
	retn
	@MyCode:
	push    dword ptr fs:[0]
	mov     dword ptr fs:[0], esp
	push 397h			;;Set Eflags.
	popfd
	cpuid
	@RightExceptionEip:		;;Normally,Seh.eip should be pointed here
	nop
	@WrongExceptionEip:		;;In Guest system,('With' VT-X/AMD-V),Seh.eip is pointed here.But 'Without' VT-X/AMD-V,Seh.eip is right.
					;;It's different than 'Rdtsc',This problem only appear in the VT-X/AMD-V
	.if Flag == 1 
		invoke MessageBoxA,0,offset szRight,offset szInfo,MB_OK
	.else 
		invoke MessageBoxA,0,offset szWrong,offset szInfo,MB_OK
	.endif
	invoke ExitProcess,0
end start

Attachments (1)

Test Examples.rar (2.3 KB ) - added by Kissy 12 years ago.
Test Examples

Download all attachments as: .zip

Change History (5)

by Kissy, 12 years ago

Attachment: Test Examples.rar added

Test Examples

comment:1 by Frank Mehnert, 12 years ago

priority: majorminor
Summary: On some condition,something is wrong with 'Rdtsc' and 'Cpuid' command.Wrong instruction after single-step exception with 'rdtsc' and 'cpuid'

Your summary as well as your description is very unclear. What your examples actually do is to set the trap flag which will trigger a single-step exception for the following instruction.

comment:2 by Ramshankar Venkataraman, 10 years ago

The code in 4.2.x is drastically different. This bug should be fixed in the upcoming 4.3.4 maintenance release.

comment:3 by Ramshankar Venkataraman, 10 years ago

Summary: Wrong instruction after single-step exception with 'rdtsc' and 'cpuid'Wrong instruction after single-step exception with 'rdtsc' and 'cpuid' => fixed in SVN

comment:4 by Frank Mehnert, 10 years ago

Resolution: fixed
Status: newclosed

Fixed in 4.3.4.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use