Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

FS register in Win32

Tags:

filesystems

x86

winapi

memory-segmentation

seh

I'm reading how SEH is implemented in Win32 and I came across this thing called the FS register. I couldn't find anything good on Google (most probably I may be searching for the wrong thing). So can anyone explain what it is?

like image 535
akif Avatar asked Feb 01 '11 08:02

akif

People also ask

What does FS mean in register?

The registers FS and GS are segment registers. They have no processor-defined purpose, but instead are given purpose by the OS's running them. In Windows 64-bit the GS register is used to point to operating system defined structures. FS and GS are commonly used by OS kernels to access thread-specific memory.

What is the FS segment?

On the 80386, Windows uses the fs segment register to access a small block of memory that is associated with each thread, known as the Thread Environment Block, or TEB. To access memory relative to a specific segment register, you prefix the segment register and a colon to the memory reference.

What does FS 0x28 mean?

So what you're seeing is a value loaded at an offset from the value held in the FS register, and not bit manipulation of the contents of the FS register. Specifically what's taking place, is that FS:0x28 on Linux is storing a special sentinel stack-guard value, and the code is performing a stack-guard check.

What does GS mean in assembly?

GS is a segment register, its use in linux can be read up on here (its basically used for per thread data). mov %gs:0x14,%eax xor %gs:0x14,%eax. this code is used to validate that the stack hasn't exploded or been corrupted, using a canary value stored at GS+0x14, see this.

1 Answers

It's a segment register. The x86 has six of them: CS, DS, ES, SS, FS and GS (FS and GS were new in 80386). The mnemonics come from their roles: code segment, data segment, extended segment (in fact, an auxiliary register), stack segment. These roles are hard-coded in the semantics of x86 assembly instructions. FS and GS are auxiliary like ES so they just bear the next letters after E.

In 32-bit protected mode as it's typically used (e.g., in Windows, Linux, *BSD), CS, DS, ES and SS are all set with a base of 0 and a limit of 4Gig, and memory protection is done only with page permissions. FS points to a Thread Information Block (TIB) in user mode and to Processor Control Region (KPCR) in kernel mode. Matt Pietrek wrote a pretty good article about it years ago that's still available on MSDN.

like image 143
Jerry Coffin Avatar answered Jan 04 '23 04:01

Jerry Coffin
Sign in to Comment

Related questions

Environment Variables are in a char* how to get it to a std::string
How to detect Windows is locked?
C++ DLL Unload Destructor?
How can I read a child process's output?
Multiple full-screen windows with DirectX 9.0
cannot convert 'LPCWSTR {aka const wchar_t*}' to 'LPCSTR {aka const char*}
What is the normal colo(u)r of a selected stringgrid row?
Debugging a Managed Component from C++ Win32
win32 api edit control and keyboard accelerator
how to get volume serial number
Why is it necessary to RegisterClass in Windows API programming?
How to enumerate disk volume names?
How to restore a "missing" notification icon when explorer.exe is restarted?
Why is ExitProcess necessary under Win32 when you can use a RET?
Is it safe to call CloseHandle (handle) who handle is NULL
Custom control with non-client area - doesn't calculate at first
How to force a window to maintain a certain width/height ratio when resized
Is there a way to find out the current count of a win32 semaphore?
Ways to parse XML in C++ (Win32)
Application that can open program in full screen?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!