首页
社区
课程
招聘
这些FS:[0xC8]FS:[0xC4]FS:[0xC0 怎么定位指向地址
发表于: 2016-1-25 13:09 4352

这些FS:[0xC8]FS:[0xC4]FS:[0xC0 怎么定位指向地址

2016-1-25 13:09
4352
FS:[0x1C] 4 NT Environment Pointer
FS:[0x20] 4 NT Process ID (in some windows distributions this field is used as 'DebugContext')
FS:[0x24] 4 NT Current thread ID
FS:[0x28] 4 NT Active RPC Handle
FS:[0x2C] 4 Win9x and NT Linear address of the thread-local storage array
FS:[0x30] 4 NT Linear address of Process Environment Block (PEB)
FS:[0x34] 4 NT Last error number
FS:[0x38] 4 NT Count of owned critical sections
FS:[0x3C] 4 NT Address of CSR Client Thread
FS:[0x40] 4 NT Win32 Thread Information
FS:[0x44] 124 NT, Wine Win32 client information (NT), user32 private data (Wine), 0x60 = LastError (Win95), 0x74 = LastError (WinME)
FS:[0xC0] 4 NT Reserved for Wow64. Contains a pointer to FastSysCall in Wow64.
FS:[0xC4] 4 NT Current Locale
FS:[0xC8] 4 NT FP Software Status Register

这些FS:[0xC8]FS:[0xC4]FS:[0xC0 怎么定位指向地址

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (2)
雪    币: 5
活跃值: (15)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
不知道你在说啥,FS段指向当前线程的TEB结构
2016-1-25 18:43
0
雪    币: 270
活跃值: (11)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
DWORD dwTEBC0, dwTEBC4, dwTEBC8;
	_asm mov eax, fs:[0xc0];
	_asm mov dwTEBC0, eax;
	_asm mov eax, fs:[0xc4];
	_asm mov dwTEBC4, eax;
	_asm mov eax, fs:[0xc8];
	_asm mov dwTEBC8, eax;
2016-1-28 16:14
0
游客
登录 | 注册 方可回帖
返回
//