I just found out the hard way that in 32 bit programs under Win64, the value of CS changed. In Win32, the value of CS is 0×001B. In 32 bit programs under Win64, it’s 0×0023. This will probably break some programs, especially debuggers.
Why did Microsoft do this? It’s not like the value of CS is undocumented: it’s in the DDK as KGDT_R3_CODE, and I’ve seen it several times in other places on MSDN. I can’t see any reason that they changed it. The 64 bit CS didn’t replace it – the 64 bit CS is 0×0033.
Normally I wouldn’t post 2 things in 2 days but this just really annoys me.
myria
Excuse my ignorance, but why does this cause a problem?
Because Microsoft documented CS as being 0×1B in the past. There are likely programs out there that assume this, and break on Win64 because of it.
myria
Oh, nice!
So why would you inspect/need/use the value of CS anywho?
Well, anything that involved manipulation of the GDT/LDT (for example to change privilege levels to allow protected debugging instructions) could cause trouble if CS is assumed 0×1b. The wrong entry could be modified, so you might get a GPF blue screen when the debugging instructions are encountered.