Hi there, newly registered and new to win32asm as well, I have some lame stupid questions for you helping gurus there. But before I wish to express my gratitude and happiness to find a (seemingly) active forum that deals with Win32ASM
I read some about the Win32 memory model and found out it's a 4G flat of virtual memory for every process. I also read here and there that win32 progs don't modify or use the segment registers. As a start in ASM, these days I was looking with Softice at some of my VC++ progs (don't flame me pleeze, you should be glad that I'll come to the right ASM way soon :) ). And I was wondering what is the address I see in the Code window. It's like xxxx:xxxxxxxx. Whilst the second part seems to be the virtual address of the process softice is currently sticked to, I don't really know what's the use of the first part, how do these two parts fit together, the value of the CS register (which is probably related to physical memory addresses) and the virtual address? Where's some docu on how exactly does Windows use segment registers and how does this affect me as the (future) programmer ?
And one more thing, where can I find some complete reference information, not tutorials, about win32 assembly, how exactly are the dlls loaded, structure of exe file and physical memory management under windows. All I found on the web were info about 32 bit processor programming, not how does Windows program them. I hope you know what I mean, if you're not sure please don't hesitate to ask me. I know I'm not very clear.
Well that's it for now, but expect me to bother you with more questions soon :)

Thanx for any hint/suggestion
Posted on 2001-09-17 09:09:41 by Unregistered
It's me, Unregistered, just for you to know
Posted on 2001-09-17 09:14:39 by CalamityJake
I don't know much about Win32 asm myself (only been doing it for 18 months!), but there is quite a lot on PE executables on Iczelion's website http://win32asm.cjb.net under tutorials the PE tutorials.

I also think you may have trouble finding some of the info you seek, as some of it may be company confidential (to MS), or under NDA's.

Mirno
Posted on 2001-09-17 09:27:46 by Mirno
try to read this book, i'm sure u'll find all those little thingies...

=http://www.multimania.com/mpietreks2/PietrekBook.zip]pietrek's book

PS: i'm not sure about the link, i got it from a last post.
Posted on 2001-09-17 13:17:35 by Sabeel
Yes, Memory is flat 32 bit in Windows (for the 32 bit part)

but there is a lot of 16 bit code in GDI part of windows

In 32 bit CS,DS,SS,ES,GS,FS segment registers still exist but they are called "selectors" now, their value "selects" one record in a GDT (Global descriptor Table) or LDT (Local Descriptor Table) and that record tells the micro what physical base addres to use with the offset part...and a lot of other info

things get more complicated with pageing...

however if you are a beginner you should not think to all of those things... you can do programming in win32asm without knowing them and learn as you code... later you will have to understand them deeper .... esp if you want to make your own OS... Intel manuals can help here a lot
Posted on 2001-09-17 15:20:18 by BogdanOntanu
Hi -
Thank you all for concerning.
Yep, I think Iczelion's tuts are a good place to start with PE.
I've also downloaded Pietrek's book, the table of contents looks great :), probably this is what I'm lookin for. The right URL's I've taken from another post are http://www.multimania.com/mpietreks2/PietrekBook.zip
for the pdf book and
http://www.multimania.com/mpietreks1/pietrek_disk.zip
the sources disk anyway thanks for pointing me to this book.
About those segment registers I'm sure it's not easy to understand how Windows runs in protected mode, protected mode itself is a hard topic in my opinion. But I'd like to understand (roughly of course) what's going on when I see an instruction like mov EDX, FS:. Here's what I know about how the virtual address in BX is interpreted. The CR3 register points us to a 1024 byte page made of 4-byte entries, each process has its own page, so switching the process implies switching of CR3 contents. Then using the virtual address to "navigate" through a tree-like hierarchy of pages with the root in the CR3 page, we're finally taken to the physical address. Where's the segment register here? Is it that maybe all accesses to the pages and page entries are made through it? What are in principle the reasons a programmer would use the segment registers?
I'm sure there is a way to explain this for a newbie like me, not going into much details, just some guideline. All I'm interested in for now is the principle.

Thank you very much for your time
Posted on 2001-09-18 02:51:46 by CalamityJake