During the runtime, how can I get the value in register fs and calculate the target function’s address in “call *fs:0x334”? What kind of x86 assembly I can use?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
During the runtime, how can I get the value in register fs and calculate the target function’s address in “call *fs:0x334”? What kind of x86 assembly I can use?
The target function address in
call *fs:0x334is the value stored atfs:0x334.So, if you want to know what that address is, you can just load it.
e.g.
mov rax, [fs:0x334](nasm) ormov %fs:0x334, %rax(gas).You don’t need to know what
fsitself points to (which is just as well: it points to an entry in a descriptor table, which you may or may not have privilege to read, which points to a linear address, which may or may not be accessible via any other segment selector).On x86-64 Linux, the kernel and glibc co-operate to ensure that
fsalways points to a thread-local storage area for the currently running thread. (On 32-bit x86 Linux,gsis used for this purpose instead.)