All geek questions in one place

Assembler: calculating a memory address with a register base

I have this simple assembler command:

mov eax, fs:[30h];

My problem is that I need to know which address is actually read by this command. I found a lot of documentation on assembler addressing modes, but said nothing about the register: record.

Can someone please explain me the math behind calculating the address?

+4
source share
3 answers

FS is an index into the table of segment descriptors , which, in turn, contain the base address that is added to the address. In win32, FS used to access the stream information block (or, more precisely, the segment descriptor indexed by FS has a base address such that FS:[0] is the beginning of the TIB), and FS:[30h] is the location of the pointer to block of the working environment of the process. In win64, GS used to access the TIB.

+3
source

To get the base address of the FS segment in Win32, you can use the GetThreadSelectorEntry function (x86 only).

If you are writing a debugger, you can use the lpThreadLocalBase value from the CREATE_THREAD_DEBUG_INFO / CREATE_PROCESS_DEBUG_INFO that are sent to the debugger for each new thread or process. This points to TEB threads and works for both x86 and x64 processes (on x64, the GS register is used for TEB).

+1
source

Here you can find a better explanation (and even with pictures):

http://flint.cs.yale.edu/cs422/doc/art-of-asm/pdf/

Chapter 4 is what you should read.

-1
source

Source: https://habr.com/ru/post/1487259/

More articles:


All Articles