I need to debug an application written in C that reads and writes to the register of FS segments. To debug this application, I need to see the memory address pointed to by FS.
The application uses the following code:
mov rdx, fs:[rcx] mov fs:[rcx], rsi
How to get linear virtual read / write address from / to segment registers? I can compile this application for Linux or Winodws.
In linux you can use arch_prctl(ARCH_GET_FS, &fsbase). In windows, if it FSpoints to TEB, as usual, you can read fs:[0x18]to get the base address, or use the functions of your debugger, if available.
arch_prctl(ARCH_GET_FS, &fsbase)
FS
fs:[0x18]
Source: https://habr.com/ru/post/1615702/More articles:dataWithContentsOfMappedFile deprecated in iOS 8.0 - jsonGeneral extends and implements - javaElasticsearch-hadoop & Elasticsearch-spark sql - tracking scan and scroll instructions - elasticsearchThird-party get_contents_file behind the proxy server - phpПочему не работает предикат? - scalaHow printf processes its arguments when one is passed by reference to another argument - cDo not redirect subdomain to htaccess - redirectWriting an atom into two variables when the condition is met - javaWhat is the difference between a dependency router and a static router in ScalaRouting from the Play Framework? - scalaIs there a way to generate URLs using WebAPI? - c #All Articles