FS

AeroASM · May 05, 2005, 04:27:05 PM

What segment does the FS register point to and how can it be useful to me?

Many thanks

roticv · May 05, 2005, 04:35:21 PM

Windows use flat memory model, where cs=ds=ss. But this is not the case for fs.

It is usually used for SEH (structured error handling) and misc data like the highly undocumentated PEB and other windows internal structures.

AeroASM · May 05, 2005, 04:36:09 PM

WHere is the best place to find out about this stuff?

pbrennick · May 05, 2005, 04:39:31 PM

Aero,
As roticv has said, it is undocumented. Good luck finding or asking for any info from Microsoft or anyone else. Also, this is a very dangerous (to the process) to mess around here. fs:[4h] and fs:[8h] are easy to track so we know what they do. Other addresses...

hth:
Paul

pbrennick · May 05, 2005, 04:42:16 PM

Aero:
BTW: Since I know you are working on an OS, remember that FS is pointing to an address in the Ring3 space, the OS is in Ring0 and has a totally different value for FS. Look at http://silverstr.ufies.org/lotr0/ for kernel development info using Ring0.

hth:
Paul

MazeGen · May 05, 2005, 05:38:38 PM

Check this thread out too, or search for "FS".

Petroizki · May 06, 2005, 03:50:30 AM

Here is some interesting stuff too:
http://board.win32asmcommunity.net/index.php?topic=18797.0

thomasantony · May 07, 2005, 03:56:19 AM

Hi,
Aeor, remember that WE make the OS. Nobody else decide what is in FS. We decide. Maybe, while in console mode, we can have GS point to the Video Selector so we can write directly to video memory using GS:[0], GS:[1] etc. FS we can point to somewhere else maybe in our own PCB(Process Control Block)

Thomas :U

chep · May 15, 2005, 10:25:28 AM

Hello,

First I have to thank everyone here for your great job :clap:. I've been wandering here for some time now and find this board quite instructive.

At last here is my small contribution to the board :wink.

Quote from: pbrennick on May 05, 2005, 04:39:31 PM
As roticv has said, it is undocumented. Good luck finding or asking for any info from Microsoft or anyone else. Also, this is a very dangerous (to the process) to mess around here. fs:[4h] and fs:[8h] are easy to track so we know what they do. Other addresses...

Four-F's KmdKit (http://www.freewebs.com/four-f/) contains some useful STRUCT definitions along with (sparse) comments.
This article http://www.relsoft.net/part1.html somehow explains NT's TIB/TEB/PEB structures. Not 100% accurate though, but it's worth reading as it contains sentences :green.

Hope this helps.

News:

FS

AeroASM

roticv

AeroASM

pbrennick

pbrennick

MazeGen

Petroizki

thomasantony

chep