Re: lea with fs override
- From: Tim Roberts <spamtrap@xxxxxxxxxx>
- Date: Sat, 29 Apr 2006 06:06:45 GMT
JC <spamtrap@xxxxxxxxxx> wrote:
?
jongware wrote:
why not use
push fs
pop eax?
Okay, that'd be great if my OS (Windows XP) ran in real mode.
Thankfully, though, it doesn't. In protected mode, this just gives me
a segment selector. I am interested in the base linear address that
the descriptor points to. AFAIK, there's nothing useful (from
userland) I can do to figure out the base address just from the
selector.
On XP, FS points to somewhere in the range of 7FFD0000 to 7FFE0000. I'm
not sure how that helps you.
GS is set to 0. I don't mean it's a selector with a base at 0 (like DS), I
mean it is the null selector. Trying to do
mov ax, gs:[0]
will result in a GPF.
--
- Tim Roberts, timr@xxxxxxxxx
Providenza & Boekelheide, Inc.
.
- References:
- Re: lea with fs override
- From: JC
- Re: lea with fs override
- Prev by Date: Re: clobbered registers
- Next by Date: [Ann] A few scripts you might find useful
- Previous by thread: Re: lea with fs override
- Next by thread: Re: lea with fs override
- Index(es):
Relevant Pages
|
