在 32 位保护模式/MSVC 内联 asm 中获取 FS:[0] 的线性地址
Get linear address of FS:[0] in 32-bit protected mode / MSVC inline asm
我在 Visual C++ 内联汇编中使用了这条指令
lea eax, FS:[0]
为什么 eax 得到零?
如何获取FS:[0]的线性地址?
LEA 指令 ("Load Effective Address") 命名不当(例如,可能应称为 LEO/"Load Effective Offset"),因为它只计算段内的偏移量。
假设 FS 指向 Windows Thread Information Block (TIB), also known as the Thread Environment Block (TEB), you get the linear address of the TIB by reading the 32-bit value at fs:[0x18]. The best way to do this in Visual C++ is to use the __readfsdword 内在函数:
TEB *teb = (TEB *) __readfsdword(0x18);
我在 Visual C++ 内联汇编中使用了这条指令
lea eax, FS:[0]
为什么 eax 得到零?
如何获取FS:[0]的线性地址?
LEA 指令 ("Load Effective Address") 命名不当(例如,可能应称为 LEO/"Load Effective Offset"),因为它只计算段内的偏移量。
假设 FS 指向 Windows Thread Information Block (TIB), also known as the Thread Environment Block (TEB), you get the linear address of the TIB by reading the 32-bit value at fs:[0x18]. The best way to do this in Visual C++ is to use the __readfsdword 内在函数:
TEB *teb = (TEB *) __readfsdword(0x18);