I just found out the hard way that in 32 bit programs under Win64, the value of CS changed. In Win32, the value of CS is 0x001B. In 32 bit programs under Win64, it’s 0x0023. This will probably break some programs, especially debuggers.
Why did Microsoft do this? It’s not like the value of CS is undocumented: it’s in the DDK as KGDT_R3_CODE, and I’ve seen it several times in other places on MSDN. I can’t see any reason that they changed it. The 64 bit CS didn’t replace it – the 64 bit CS is 0x0033.
Normally I wouldn’t post 2 things in 2 days but this just really annoys me.
myria
Excuse my ignorance, but why does this cause a problem?
Because Microsoft documented CS as being 0x1B in the past. There are likely programs out there that assume this, and break on Win64 because of it.
myria
Oh, nice!
So why would you inspect/need/use the value of CS anywho?
Well, anything that involved manipulation of the GDT/LDT (for example to change privilege levels to allow protected debugging instructions) could cause trouble if CS is assumed 0x1b. The wrong entry could be modified, so you might get a GPF blue screen when the debugging instructions are encountered.