How is the implicit segment register of a near pointer determined?

In section 4.3 of Intel 64® and IA-32 Architectures Software Developer's Manual. Volume 1: Basic Architecture, it says:

A near pointer is a 32-bit offset ... within a segment. Near pointers are used for all memory references in a flat memory model or for references in a segmented model where the identity of the segment being accessed is implie开发者_运维百科d.

This leads me to wondering: how is the implied segment register determined?

I know that (%eip) and displaced (%eip) (e.g. -4(%eip)) addresses use %cs by default, and that (%esp) and displaced (%esp) addresses use %ss, but what about (%eax), (%edx), (%edi), (%ebp) etc., and can the implicit segment register depend also on the instruction that the memory address operand appears in?

Other than CS and SS register accesses that you mentioned, most other accesses will use the DS segment register. A couple exceptions that I can recall:

• the string-oriented instructions will use the ES for the 'destination' (implicitly addressed by the EDI register) segment register
• memory accesses using the EBP register as a 'base address' register will use the SS segment register. However, if the EBP register is used as a scaled index register, the segment used will be DS (unless the base address register is ESP)