Re: lea with fs override
- From: "Rod Pemberton" <spamtrap@xxxxxxxxxx>
- Date: Thu, 27 Apr 2006 20:36:15 -0400
"JC" <spamtrap@xxxxxxxxxx> wrote in message
news:e2plll$lul$2@xxxxxxxxxxxxxxxxxxxx
I'd like to know, from userland, what base linear address my OS
(Windows XP) has set the FS segment (or GS, for that matter) to point
to.
I thought I could be clever, and do something like this (intel
syntax):
lea eax, fs:[0]
To figure this out. Unfortunately, LEA ignores segment overrides, and
I get back 0. Not helpful.
Is there another way to figure this out?
There is an instruction to get access rights, lar, and one to get the
segment limit, lsl. But, there isn't one to get the base address. You need
to locate the GDT (This is environment specific, i.e., I don't know how
to...). Once you've located the GDT, index into the GDT array by the
selector. Each selector should be a multiple of 8 which corresponds to it's
offset from the start of the GDT. (if FS is 0x18, descriptor is at address
of GDT plus 0x18). Copy your descriptor (8 bytes that your selector point
to). Extract the base address from the copied descriptor (you'll need the
Intel manuals for the layout, or it might be on www.sandpile.org). It's
possible that you'll need to locate a descriptor which points to the GDT to
give you access to the GDT which could be in it's own segment. The number
of selectors in the GDT can be determined from the segment limit of this
'GDT access' selector divided by eight.
That's all I've got...
Rod Pemberton
.
- References:
- lea with fs override
- From: JC
- lea with fs override
- Prev by Date: Re: clobbered registers
- Next by Date: Re: lea with fs override
- Previous by thread: Re: lea with fs override
- Next by thread: Re: lea with fs override
- Index(es):
Relevant Pages
|
