Reputation: 1097
How can I decode this instruction "call *fs:0x334" to know the exact function address?
During the runtime, how can I get the value in register fs and calculate the target function's address in "call *fs:0x334"? What kind of x86 assembly I can use?
Upvotes: 1
Views: 549
Answers (1)
Reputation: 47038
The target function address in call *fs:0x334 is the value stored at fs:0x334.
So, if you want to know what that address is, you can just load it.
e.g. mov rax, [fs:0x334] (nasm) or mov %fs:0x334, %rax (gas).
You don't need to know what fs itself points to (which is just as well: it points to an entry in a descriptor table, which you may or may not have privilege to read, which points to a linear address, which may or may not be accessible via any other segment selector).
On x86-64 Linux, the kernel and glibc co-operate to ensure that fs always points to a thread-local storage area for the currently running thread. (On 32-bit x86 Linux, gs is used for this purpose instead.)
Upvotes: 5
Related Questions
- x86 E8 and FF calls, how to find the E8 shifting address 'on the fly'? basic x86 ASM calls
- Get linear address of FS:[0] in 32-bit protected mode / MSVC inline asm
- how to get the address of an asm function in c
- How do you find a functions virtual call address in assembly?
- How do you get the raw address of a function?
- Getting the address of a function
- Given return address, how to get the address of the function?
- assembly code of the c function
- Interpret Assembly Code
- Finding a function's address in C++