Microsoft KB Archive/102331

From BetaArchive Wiki
< Microsoft KB Archive
Revision as of 16:02, 18 July 2020 by 3155ffGd (talk | contribs) (importing KB archive)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Base

Article ID: 102331

Article Last Modified on 9/30/2003


  • Microsoft CodeView 4.0
  • Microsoft CodeView 4.01
  • Microsoft CodeView 4.1

This article was previously published under Q102331


In CodeView for Windows, an attempt to use the Memory window to view the Ring 0 or Ring 1 code segments of an application developed for protected-mode Microsoft Windows fails.


CodeView is a source level debugger. It displays only Ring 3 code.

The Memory window title bar displays the address the user entered even though CodeView displays the contents of another, corresponding, selector. For example, the title bar displays 0x1111 even though CodeView displays selector 0x1117.


Microsoft has confirmed this to be a problem in CodeView versions 4.0, 4.01, and 4.1 for Windows. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.


In protected-mode Windows, a segment address is a selector. When it attempts to change a selector value (segment address) to a value in the Ring 0 or Ring 1 range, CodeView creates the corresponding Ring 3 address above the specified value.

For example, an attempt to change the selector value in the memory window to 0x1111 fails and CodeView displays selector value 0x1117. Likewise, an attempt to display selector value 0x111A fails and CodeView displays selector value 0x111F.

In CodeView versions 4.0 and 4.01 for Windows, it may appear possible to view Ring 0 or Ring 1 addresses. CodeView displays the memory window through selector value 0x1114:0. However, if you compare the contents of this Memory Window 1 with Memory Window 2 that displays 0x1117:0, the displayed values are identical. An attempt to view memory locations 0x1110 through 0x1113 or 0x1118 through 0x111B fails and CodeView displays question marks (?).

The three low-order bits of a selector determine its privilege level: the lowest two bits indicate the ring number and the third bit contains a write permission flag used to separate code segments from data segments. The privilege level does not affect the displayed base address; it only determines if the requestor has permission to view the memory.

CodeView sets the write permission flag for each selector to allow modifying the source code through the memory window. CodeView can do this because it runs in a higher ring level and forces all selectors to be data selectors.

Therefore, selectors 0x1110 through 0x1117 are identical except for the differences in their protection level: selector 0x1110 is a Ring 0 code selector while 0x1117 is a Ring 3 data selector.

When the user enters an address such as 0x1111:0, the CodeView execution model changes the selector to 0x1117.

Additional query words: 4.00 4.10

Keywords: kb16bitonly KB102331