Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Workshop => Topic started by: AeroASM on May 05, 2005, 04:27:05 PM

Title: FS
Post by: AeroASM on May 05, 2005, 04:27:05 PM
What segment does the FS register point to and how can it be useful to me?

Many thanks
Title: Re: FS
Post by: roticv on May 05, 2005, 04:35:21 PM
Windows use flat memory model, where cs=ds=ss. But this is not the case for fs.

It is usually used for SEH (structured error handling) and misc data like the highly undocumentated PEB and other windows internal structures.
Title: Re: FS
Post by: AeroASM on May 05, 2005, 04:36:09 PM
WHere is the best place to find out about this stuff?
Title: Re: FS
Post by: pbrennick on May 05, 2005, 04:39:31 PM
Aero,
As roticv has said, it is undocumented.  Good luck finding or asking for any info from Microsoft or anyone else.  Also, this is a very dangerous (to the process) to mess around here.  fs:[4h] and fs:[8h] are easy to track so we know what they do.  Other addresses...

hth:
Paul
Title: Re: FS
Post by: pbrennick on May 05, 2005, 04:42:16 PM
Aero:
BTW:  Since I know you are working on an OS, remember that FS is pointing to an address in the Ring3 space, the OS is in Ring0 and has a totally different value for FS.  Look at http://silverstr.ufies.org/lotr0/ for kernel development info using Ring0.

hth:
Paul
Title: Re: FS
Post by: MazeGen on May 05, 2005, 05:38:38 PM
Check this (http://www.masmforum.com/simple/index.php?topic=1362.0) thread out too, or search for "FS".
Title: Re: FS
Post by: Petroizki on May 06, 2005, 03:50:30 AM
Here is some interesting stuff too:
http://board.win32asmcommunity.net/index.php?topic=18797.0
Title: Re: FS
Post by: thomasantony on May 07, 2005, 03:56:19 AM
Hi,
   Aeor, remember that WE make the OS. Nobody else decide what is in FS. We decide. Maybe, while in console mode, we can have GS point to the Video Selector so we can write directly to video memory using GS:[0], GS:[1] etc. FS we can point to somewhere else maybe in our own PCB(Process Control Block)

Thomas :U
Title: Re: FS
Post by: chep on May 15, 2005, 10:25:28 AM
Hello,

First I have to thank everyone here for your great job :clap:. I've been wandering here for some time now and find this board quite instructive.

At last here is my small contribution to the board :wink.

Quote from: pbrennick on May 05, 2005, 04:39:31 PM
As roticv has said, it is undocumented.  Good luck finding or asking for any info from Microsoft or anyone else.  Also, this is a very dangerous (to the process) to mess around here.  fs:[4h] and fs:[8h] are easy to track so we know what they do.  Other addresses...

Four-F's KmdKit (http://www.freewebs.com/four-f/) contains some useful STRUCT definitions along with (sparse) comments.
This article http://www.relsoft.net/part1.html somehow explains NT's TIB/TEB/PEB structures. Not 100% accurate though, but it's worth reading as it contains sentences :green.

Hope this helps.
Text only | Text with Images