When I follow programs with softice, I sometimes see they use (read/write) the lowest part of the FS segment... Did anyone ever notice this? Some programs just use fs:00000000 to fs:00000100 or so (don't know anything about the range but most of the time I see it's using that) to temporarily store things in.
Is it allowed to use it?

Thomas
Posted on 2001-09-30 14:23:58 by Thomas
SEH handlers are installed in fs:0. (Structured Exception Handling).
This is where Windows gets the offset to the piece of code that will handle the exception if any.
Matt Pietrek describes all the 'functionality' of the FS segment in his milestone book.
I think it's chapter 3.

Bye

Latigo
Posted on 2001-09-30 16:09:37 by latigo
Ah, that explains... thanks! Pietrek's book is really interesting..

Thomas
Posted on 2001-09-30 17:10:42 by Thomas
If you want to learn more about SEH in asm, IMHO the best tutorial is from Jeremy Gordon.

Visit his HomePage at:

http://www.godevtool.com/

Bye, Saiwa :alright:
Posted on 2001-10-01 03:33:42 by Saiwa