hey

iv being reading about the FS
and i saw some instructions like this :

mov eax,FS:[30]


and so on...

its used some times for the SEH and stuff
BUT
i never know when to use it...
whats FS ? is a register ? is a mem addr ?
whats the definition of FS ?
is there another one like it ?
what are the uses of FS?

i couldnt find much info about this ... so i came here

hopefully u guys can help me just a bit...

thanks!


Posted on 2006-06-21 09:27:54 by GR33d
FS is one of 6 segment registers: CS (code segment) DS, ES, FS, GS (data segments or other uses), SS (stack)

The exact meaning of the values in these register is explained in the Intel Documentation (roughly it provides and index into one of the descriptor tables Local or Global). The use of FS for SEH is explained somewhere in the MS documentation I think.

Ossa
Posted on 2006-06-21 09:37:36 by Ossa
DS/ES/FS/GS. All 16-bit "Segment Selectors", much like SS... even CS is one by design.

In 32-bit Protected Mode, Segment Selectors simply point to a GDT Entry, that specifies what/how memory is accessed. For a simple example, 32-bit Operating Systems that rely on a flat 4GB+ memory space, just leave a Code Segment (for CS) and Data Segment (for SS/DS) entry in the GDT. CS is loaded upon switching to PM or privilege levels. DS *can* be set at any given time, but I would never do it, and would never do it with interrupts enabled.

In short, in Protected Mode, ES/FS/GS must be set to the same *type* of selector DS and SS are... to avoid inconsistency and crashes. Unless the 32-bit OS you are targeting has a specific purpose for FS, or allows you to insert a GDT entry and load FS accordingly (wtf, over?), I wouldn't rely on it.

As for 16-bit Real Mode, go all out, ES/FS/GS can be set, in order to point to any part of memory, as a continuous 64KB segment.

ES/FS/GS had more purpose in Real Mode, or if you are into OS Development.

That all being said, take Ossa's advice on SEH, but keep my advice in mind for future reference.
Posted on 2006-06-21 09:40:12 by SpooK
"On the Intel Win32 platform, the FS register always points to the current TIB" straight out of matt pietrek's article on seh..
you can find the article here http://www.microsoft.com/msj/0197/exception/exception.aspx
Posted on 2006-06-21 09:44:01 by lone_samurai5
Windows sets FS to a per-thread structure (the TEB/TIB) when context switching.

points to the current SEH frame.

and contain the stack constraints - if one of your threads has a ESP outside of this range, it will be automatically terminated. I think some windows versions perhaps use signed numbers for this range, at least the source I got this info from recommended a max of 07FFFFFFFh.

Have a look at http://en.wikipedia.org/wiki/Win32_Thread_Information_Block - it's not complete, but it's a start. To find more accurate description of the TEB/TIB and PDB, you'll probably need to visit some reverse engineering sites - or perhaps look at the WINE mailing list.
Posted on 2006-06-21 10:05:21 by f0dder
Additionally, the TIB (pointed by FS) is compatible with the one from OS/2 iirc.

In 64-bit mode, all selectors except fs and gs are forced to flat mode (base:0, size: 0FFFFFFFFFF....), so 64-bit 'windowses' [?] most probably use the FS in the same way.
Posted on 2006-06-21 13:57:09 by ti_mo_n
FS and GS are not defined by Intel to have any specific significance to the processor.

The Windows OS, however, does use it for the above mentioned purposes.
Posted on 2006-06-23 23:56:29 by tenkey
Here is a list that I've posted on the board before but couldn't find where, someone sent it to me sometime last year (not sure who; either SpooK, Homer or f0dder) but it is a list of descriptions for the FS values between 0000h and 0F90h. I haven't found a use for it, but it might come in handy for you.

Regards,
Bryant Keller

http://www.codegurus.org/~bkeller/FS_README.txt
Posted on 2006-06-24 13:24:02 by Synfire
Who stole the cookie from the cookie jar?

Who me? Oh no, not me... couldn't be!
Posted on 2006-06-24 20:43:42 by SpooK
Yep, that file came from me.

Posted on 2006-07-05 01:15:03 by Homer