| ▲ | jcranmer a day ago | |||||||
> It is even messier in protected mode, since now every selector is an entry in a table, so its value itself is meaningless. Actually, my experience is that things are much easier in protected mode. Since selector values are chosen by the OS, that means you rely a lot more on internal relocations. And the use of segment selectors is a strong indicator that you have a pointer in the first place. Unfortunately, ghidra itself struggles to apply these techniques, especially in the decompiler, which seems completely unable to cope with the concept of far pointers. | ||||||||
| ▲ | dmitrygr a day ago | parent [-] | |||||||
In DOS, plenty of applications/games load selectors and do nasty things with them so indeed you'd know it is a far pointer, but may not know what to :D | ||||||||
| ||||||||