News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

mov eax, fs:[...

Started by demius2q, April 04, 2006, 12:22:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

demius2q

April 04, 2006, 12:22:08 AM
Hi all !
I am more then fresh in masm and now faced a problem with the code below:

   xor   eax, eax
   mov   eax, fs:[eax+30h]

MASM32 reply as fls:( :( :(-----------------------------------------------------------------------------

Microsoft (R) Macro Assembler Version 6.14.8444
Copyright (C) Microsoft Corp 1981-1997.  All rights reserved.

Assembling: O:\masm32res\temp2.asm
O:\masm32res\temp2.asm(90) : error A2108: use of register assumed to ERROR
_
Assembly Error
Press any key to continue . . .
-------------------------------------------------
-------------------------------------------------


Will appreciate any ideas

Synfire

#1
April 04, 2006, 01:36:44 AM
Code Select

xor eax, eax
ASSUME fs:nothing
mov eax, fs:[eax+30h]


You have to let MASM know it's okay to access FS by using ASSUME. It's a feature/annoyance of MASM, but luckily since there aren't many times in which you will need access to FS it's not that big of an issue.

Regards,
Bryant Keller

asmfan

#2
April 04, 2006, 12:17:01 PM
by the way what contains this address?
Russia is a weird place

P1

#3
April 04, 2006, 01:18:00 PM
Quote from: asmfan on April 04, 2006, 12:17:01 PMby the way what contains this address?
Pointer to the PEB (Process Environment Block) from offset 30h in the TEB(Thread Environment Block).

Regards,  P1  :8)

asmfan

#4
April 04, 2006, 01:35:31 PM
P1 (sorry dont know your name),
could you give me a link to full information on these Blocks (PEB, TEB)? and what are they for? i only knew that in fs:[xxxx] addresses can be found a SEH chain... but on more...
Russia is a weird place

demius2q

#5
April 04, 2006, 03:38:58 PM
Synfire many thanks, hope it will work :clap: :clap:
For those who are interested will revert with the links

Synfire

#6
April 04, 2006, 04:13:07 PM
The Thread Environment Block:
Code Select

typedef struct _TEB {
  NT_TIB                  Tib;
  PVOID                   EnvironmentPointer;
  CLIENT_ID               Cid;
  PVOID                   ActiveRpcInfo;
  PVOID                   ThreadLocalStoragePointer;
  PPEB                    Peb;
  ULONG                   LastErrorValue;
  ULONG                   CountOfOwnedCriticalSections;
  PVOID                   CsrClientThread;
  PVOID                   Win32ThreadInfo;
  ULONG                   Win32ClientInfo[0x1F];
  PVOID                   WOW32Reserved;
  ULONG                   CurrentLocale;
  ULONG                   FpSoftwareStatusRegister;
  PVOID                   SystemReserved1[0x36];
  PVOID                   Spare1;
  ULONG                   ExceptionCode;
  ULONG                   SpareBytes1[0x28];
  PVOID                   SystemReserved2[0xA];
  ULONG                   GdiRgn;
  ULONG                   GdiPen;
  ULONG                   GdiBrush;
  CLIENT_ID               RealClientId;
  PVOID                   GdiCachedProcessHandle;
  ULONG                   GdiClientPID;
  ULONG                   GdiClientTID;
  PVOID                   GdiThreadLocaleInfo;
  PVOID                   UserReserved[5];
  PVOID                   GlDispatchTable[0x118];
  ULONG                   GlReserved1[0x1A];
  PVOID                   GlReserved2;
  PVOID                   GlSectionInfo;
  PVOID                   GlSection;
  PVOID                   GlTable;
  PVOID                   GlCurrentRC;
  PVOID                   GlContext;
  NTSTATUS                LastStatusValue;
  UNICODE_STRING          StaticUnicodeString;
  WCHAR                   StaticUnicodeBuffer[0x105];
  PVOID                   DeallocationStack;
  PVOID                   TlsSlots[0x40];
  LIST_ENTRY              TlsLinks;
  PVOID                   Vdm;
  PVOID                   ReservedForNtRpc;
  PVOID                   DbgSsReserved[0x2];
  ULONG                   HardErrorDisabled;
  PVOID                   Instrumentation[0x10];
  PVOID                   WinSockData;
  ULONG                   GdiBatchCount;
  ULONG                   Spare2;
  ULONG                   Spare3;
  ULONG                   Spare4;
  PVOID                   ReservedForOle;
  ULONG                   WaitingOnLoaderLock;
  PVOID                   StackCommit;
  PVOID                   StackCommitMax;
  PVOID                   StackReserved;
} TEB, *PTEB;


The Process Environment Block:
Code Select

typedef struct _PEB {
  BOOLEAN                 InheritedAddressSpace;
  BOOLEAN                 ReadImageFileExecOptions;
  BOOLEAN                 BeingDebugged;
  BOOLEAN                 Spare;
  HANDLE                  Mutant;
  PVOID                   ImageBaseAddress;
  PPEB_LDR_DATA           LoaderData;
  PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
  PVOID                   SubSystemData;
  PVOID                   ProcessHeap;
  PVOID                   FastPebLock;
  PPEBLOCKROUTINE         FastPebLockRoutine;
  PPEBLOCKROUTINE         FastPebUnlockRoutine;
  ULONG                   EnvironmentUpdateCount;
  PPVOID                  KernelCallbackTable;
  PVOID                   EventLogSection;
  PVOID                   EventLog;
  PPEB_FREE_BLOCK         FreeList;
  ULONG                   TlsExpansionCounter;
  PVOID                   TlsBitmap;
  ULONG                   TlsBitmapBits[0x2];
  PVOID                   ReadOnlySharedMemoryBase;
  PVOID                   ReadOnlySharedMemoryHeap;
  PPVOID                  ReadOnlyStaticServerData;
  PVOID                   AnsiCodePageData;
  PVOID                   OemCodePageData;
  PVOID                   UnicodeCaseTableData;
  ULONG                   NumberOfProcessors;
  ULONG                   NtGlobalFlag;
  BYTE                    Spare2[0x4];
  LARGE_INTEGER           CriticalSectionTimeout;
  ULONG                   HeapSegmentReserve;
  ULONG                   HeapSegmentCommit;
  ULONG                   HeapDeCommitTotalFreeThreshold;
  ULONG                   HeapDeCommitFreeBlockThreshold;
  ULONG                   NumberOfHeaps;
  ULONG                   MaximumNumberOfHeaps;
  PPVOID                  *ProcessHeaps;
  PVOID                   GdiSharedHandleTable;
  PVOID                   ProcessStarterHelper;
  PVOID                   GdiDCAttributeList;
  PVOID                   LoaderLock;
  ULONG                   OSMajorVersion;
  ULONG                   OSMinorVersion;
  ULONG                   OSBuildNumber;
  ULONG                   OSPlatformId;
  ULONG                   ImageSubSystem;
  ULONG                   ImageSubSystemMajorVersion;
  ULONG                   ImageSubSystemMinorVersion;
  ULONG                   GdiHandleBuffer[0x22];
  ULONG                   PostProcessInitRoutine;
  ULONG                   TlsExpansionBitmap;
  BYTE                    TlsExpansionBitmapBits[0x80];
  ULONG                   SessionId;
} PEB, *PPEB;

BogdanOntanu

#7
April 04, 2006, 04:38:50 PM
You can also find info about PEB and TEB here:
http://www.openrce.org/reference_library/
Ambition is a lame excuse for the ones not brave enough to be lazy.
http://www.oby.ro

asmfan

#8
April 04, 2006, 05:22:46 PM
thanks fellows. but can you answer - if those Blocks are useful for programmer? any examples of using them? what are they for?
Russia is a weird place

asmfan

#10
April 05, 2006, 06:09:32 PM
thanks a lot again!
Russia is a weird place
Print
Go Up Pages1
User actions