View Full Version : Address of FS?
psyCK0
May 4th, 2004, 12:26
Hey...
Maybe someone can help me here...
In the main Olly window, just below the registers, you can see segment register values. For example in my case it says:
FS 0038 32bit 7FFDE000(FFF)
What I was wondering is how to get this value (7FFDE000) from a plugin?`Also whats the (FFF) used for?
Cheers!
focht
May 4th, 2004, 12:44
Greetings,
What I was wondering is how to get this value (7FFDE000) from a plugin?
May like this (not tested):
t_thread* thread = ::Findthread( ::Getcputhreadid());
if( thread != 0)
{
ulong fs_value = thread->reg.s[ SEG_FS];
// do something ...
}
Also whats the (FFF) used for?
See my answer here: http://ollydbg.win32asmcommunity.net/?action=vthread&forum=1& topic=524
("http://ollydbg.win32asmcommunity.net/?action=vthread&forum=1&topic=524
")
Regards,
A. Focht
psyCK0
May 5th, 2004, 02:25
I actually wrote exactly the same code and it gives me 0038 in fs_value ... But how do I find 7FFDE000 from there?
Thanks for replying!
focht
May 5th, 2004, 03:20
Greetings,
ah well ... i overlooked this (thought you only wanted the selector value).
The base addresses and limits are stored in same structure and accessed in same way.
// get FS base
ulong fs_baseaddr = thread->reg.segbase[ SEG_FS];
// get FS limit
ulong fs_limit = thread->reg.seglimit[ SEG_FS];
Regards,
A. Focht
psyCK0
May 6th, 2004, 06:45
this is buggy in the latest odbg... gonna report to olly...
Powered by vBulletin® Version 4.2.2 Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.