Menu
Immediately before this instruction is executed fs contains 0x0.
Also I'd like to know how I can read from this memory area in GDB, what would the command for that be?
502
So what you're seeing is a value loaded at an offset from the value held in the FS register, and not bit manipulation of the contents of the FS register. Specifically what's taking place, is that FS:0x28 on Linux is storing a special sentinel stack-guard value, and the code is performing a stack-guard check.
qword ptr is a hint for the assembler to create a move op-code (machine code) using a 64bit constant address. The value that is provided is a 32bit value (8 hex-digits => 8 times a hex-digit/letter => 8 * 4bits => 32bit).
The fs and gs registers in modern OSes like Linux and Windows point to thread-specific and other OS-defined structures. Modifying the segment register is a protected instruction, so only the OS can set these up for you.
This question should help explain what exactly the point to: amd64 fs/gs registers in linux.
The actual value of the fs register isn't an address. It is a selector - an offset into the GDT, that describes what that segment can/cannot be used for. You cannot see what the values of the hidden fs base and limit registers are - they are internal CPU registers that are only updated by writing a new "selector" to fs (at which point the base/limit registers are updated from the GDT).
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
