IA-32 architecture system management mode   Intel/AMD processor SMM state save map   offset Intel P5 Intel P6 AMD K5 AMD K6 7E00..7EF7h reserved reserved reserved reserved 7EF8h SMBASE SMBASE SMBASE SMBASE 7EFCh rev ID rev ID rev ID rev ID 7F00h I/O restart I/O restart I/O restart I/O restart 7F02h HLT restart HLT restart HLT restart HLT restart 7F04h I/O restart EDI I/O restart EDI I/O restart EDI I/O restart EDI 7F08h I/O restart ECX I/O restart ECX I/O restart ECX I/O restart ECX 7F0Ch I/O restart ESI I/O restart ESI I/O restart ESI I/O restart ESI 7F10h I/O restart EIP I/O restart EIP CR4 CR4 7F14h reserved CR4 CR2 CR2 7F18 reserved A20M# reserved reserved 7F1Ah reserved 7F1Bh ??? 7F1Ch reserved 7F1Eh SMM_status 7F20h CPL 7F21h reserved 7F23h shutdown 7F24h alternative DR6 alternative DR6 ES limit ES limit 7F26h RSM control RSM control 7F28h CR4 sreg_status0 ES base ES base 7F2Ch reserved DS selector ES access rights ES access rights 7F2Eh DS access rights 7F30h ES limit DS limit CS limit CS limit 7F34h ES base DS base CS base CS base 7F38h ES access rights FS selector CS access rights CS access rights 7F3Ah FS access rights 7F3Ch CS limit FS limit SS limit SS limit 7F40h CS base FS base SS base SS base 7F44h CS access rights GS selector SS access rights SS access rights 7F46h GS access rights 7F48h SS limit GS limit DS limit DS limit 7F4Ch SS base GS base DS base DS base 7F50h SS access rights IDTR selector DS access rights DS access rights 7F52h IDTR access rights 7F54h DS limit IDTR limit FS limit FS limit 7F58h DS base IDTR base FS base FS base 7F5Ch DS access rights TR selector FS access rights FS access rights 7F5Eh TR access rights 7F60h FS limit TR limit GS limit GS limit 7F64h FS base TR base GS base GS base 7F68h FS access rights sreg_status1 GS access rights GS access rights 7F6Ch GS limit GDTR selector LDTR limit LDTR high 7F6Eh GDTR access rights 7F70h GS base GDTR limit LDTR base LDTR low 7F74h GS access rights GDTR base LDTR access rights reserved 7F78h LDTR limit LDTR selector TR limit TR limit 7F7Ah LDTR access rights 7F7Ch LDTR base LDTR limit TR base TR base 7F80h LDTR access rights LDTR base TR access rights TR access rights 7F84h GDTR limit ES selector GDTR limit GDTR limit 7F86h ES access rights 7F88h GDTR base ES limit GDTR base GDTR base 7F8Ch GDTR access rights ES base IDTR limit IDTR limit 7F90h IDTR limit CS selector IDTR base IDTR base 7F92h CS access rights 7F94h IDTR base CS limit reserved reserved 7F98h IDTR access rights CS base reserved reserved 7F9Ch TR limit SS selector I/O restart EIP I/O restart EIP 7F9Eh SS access rights 7FA0h TR base SS limit reserved reserved 7FA4h TR access rights SS base I/O restart DWORD I/O restart DWORD 7FA8h ES ES ES ES 7FACh CS CS CS CS 7FB0h SS SS SS SS 7FB4h DS DS DS DS 7FB8h FS FS FS FS 7FBCh GS GS GS GS 7FC0h LDTR LDTR LDTR LDTR 7FC4h TR TR TR TR 7FC8h DR7 DR7 DR7 DR7 7FCCh DR6 DR6 DR6 DR6 7FD0h EAX EAX EAX EAX 7FD4h ECX ECX ECX ECX 7FD8h EDX EDX EDX EDX 7FDCh EBX EBX EBX EBX 7FE0h ESP ESP ESP ESP 7FE4h EBP EBP EBP EBP 7FE8h ESI ESI ESI ESI 7FECh EDI EDI EDI EDI 7FF0h EIP EIP EIP EIP 7FF4h EFLAGS EFLAGS EFLAGS EFLAGS 7FF8h CR3 CR3 CR3 CR3 7FFCh CR0 CR0 CR0 CR0   Intel P4 processor SMM state save map   offset contents size notes 7E00h reserved 196 bytes 7EC4h CR3 dword copy dumped for unknown purposes 7EC8h PDPTR0 qword 7ED0h PDPTR1 qword 7ED8h PDPTR2 qword 7EE0h PDPTR3 qword 7EE8h ??? dword 0000_0001h 7EECh ??? byte 12h reserved byte byte byte 7EF0h CR4 dword 7EF4h ??? dword 0000_0000h 7EF8h SMBASE dword 7EFCh REVISION dword 0003_0003h or 0003_0004h 7F00h IO_RESTART word 7F02h HLT_RESTART word 7F04h ES bas dword 7F08h ar dword shifted left by one, bit0=1 indicates NULL 7F0Ch lim dword 000x_xxxxh or xxxx_xFFFh, with bits 19...16 also in ar 7F10h CS bas dword 7F14h ar dword shifted left by one, bit0=1 indicates NULL 7F18h lim dword 000x_xxxxh or xxxx_xFFFh, with bits 19...16 also in ar 7F1Ch SS bas dword 7F20h ar dword shifted left by one, bit0=1 indicates NULL 7F24h lim dword 000x_xxxxh or xxxx_xFFFh, with bits 19...16 also in ar 7F28h DS bas dword 7F2Ch ar dword shifted left by one, bit0=1 indicates NULL 7F30h lim dword 000x_xxxxh or xxxx_xFFFh, with bits 19...16 also in ar 7F34h FS bas dword 7F38h ar dword shifted left by one, bit0=1 indicates NULL 7F3Ch lim dword 000x_xxxxh or xxxx_xFFFh, with bits 19...16 also in ar 7F40h GS bas dword 7F44h ar dword shifted left by one, bit0=1 indicates NULL 7F48h lim dword 000x_xxxxh or xxxx_xFFFh, with bits 19...16 also in ar 7F4Ch GDTR bas dword 7F50h lim dword 7F54h IDTR bas dword 7F58h lim dword 7F5Ch LDTR bas dword 7F60h lim dword 000x_xxxxh only, with bits 19...16 also in ar 7F64h ar word has no G bit 7F66h ??? word 0002h 7F68h EFLAGS dword copy dumped for unknown purposes 7F6Ch TR bas dword 7F70h ar dword shifted left by one, bit0=1 indicates NULL 7F74h lim dword 000x_xxxxh or xxxx_xFFFh, with bits 19...16 also in ar 7F78h IO_RESTART_EDI dword 7F7Ch IO_RESTART_EIP dword 7F80h IO_RESTART_ECX dword 7F84h IO_RESTART_ESI dword 7F88h ??? dword 00130000h 7F8Ch ??? byte 00h A20M byte 00h if A20M=flat, 30h if A20M=wrap ??? byte FEh ??? byte 01h 7F90h ??? dword 0000_0C00h 7F94h ??? dword 03A4_FFB0h 7F98h ??? dword 0000_0000h 7F9Ch ??? dword 0008_4000h 7FA0h IO_MEM_ADDR dword if rev=0004h 7FA4h IO_MISC_INFO dword if rev=0004h 7FA8h ES.sel dword 7FACh CS.sel dword 7FB0h SS.sel dword 7FB4h DS.sel dword 7FB8h FS.sel dword 7FBCh GS.sel dword 7FC0h LDTR.sel dword 7FC4h TR.sel dword 7FC8h DR7 dword 7FCCh DR6 dword 7FD0h EAX dword 7FD4h ECX dword 7FD8h EDX dword 7FDCh EBX dword 7FE0h ESP dword 7FE4h EBP dword 7FE8h ESI dword 7FECh EDI dword 7FF0h EIP dword 7FF4h EFLAGS dword 7FF8h CR3 dword 7FFCh CR0 dword   Intel/AMD processor state after SMM entry   register contents selector base limit access rights CS 3000h #1 SMBASE (FFF)F_FFFFh 8093h #2 SS 0000h 0000_0000h (FFF)F_FFFFh 8093h DS 0000h 0000_0000h (FFF)F_FFFFh 8093h ES 0000h 0000_0000h (FFF)F_FFFFh 8093h FS 0000h 0000_0000h (FFF)F_FFFFh 8093h GS 0000h 0000_0000h (FFF)F_FFFFh 8093h EFLAGS 0000_0002h EIP 0000_8000h CR0 bits 0 (PE), 2 (EM), 3 (TS), and 31 (PG) cleared, rest unmodified CR4 0000_0000h DR7 0000_0400h TEMP_DR6 0000_0000h IN_REP false IN_SMM true IN_HLT false IN_SHUTDOWN false IN_FP_FREEZE false SUPPRESS_INTERRUPTS false (both bits) BLOCK_INIT true BLOCK_SMI true BLOCK_NMI true LATCH_INIT true if INIT recognized together with SMI, else false LATCH_SMI false LATCH_NMI true if NMI recognized together with SMI, else false FERR# unmodified A20M# processor-specific notes description #1 On Intel P6-core processors the CS selector is loaded with SMBASE SHR 4. #2 Like the data segments, CS is writeable too.   Cyrix pre-M2 processor SMM state save map   offset 3 1 3 0 2 9 2 8 2 7 2 6 2 5 2 4 2 3 2 2 2 1 2 0 1 9 1 8 1 7 1 6 1 5 1 4 1 3 1 2 1 1 1 0 9 8 7 6 5 4 3 2 1 0 -30h ESI or EDI -2Ch I/O write data -28h I/O write data size I/O write port address -24h reserved H S P I r. -20h CS descriptor (bit31..0) -1Ch CS descriptor (bit63..31) -18h reserved CPL reserved CS selector -14h next EIP -10h current EIP -0Ch CR0 -08h EFLAGS -04h DR7   Cyrix M2 processor SMM state save map   offset 3 1 3 0 2 9 2 8 2 7 2 6 2 5 2 4 2 3 2 2 2 1 2 0 1 9 1 8 1 7 1 6 1 5 1 4 1 3 1 2 1 1 1 0 9 8 7 6 5 4 3 2 1 0 -30h ESI or EDI -2Ch I/O write data -28h I/O write data size I/O write port address -24h reserved CPL reserved N r. IS reserved H S P I C -20h CS descriptor (bit31..0) -1Ch CS descriptor (bit63..31) -18h reserved CS selector -14h next EIP -10h current EIP -0Ch CR0 -08h EFLAGS -04h DR7