问题
I used this instruction in Visual C++ inline assembly
lea eax, FS:[0]
Why did eax get a zero?
And how do I get the linear address of FS:[0]?
回答1:
Assuming FS points to the Windows Thread Information Block (TIB), also known as the Thread Environment Block (TEB), you get the linear address of the TIB by reading the 32-bit value at fs:[0x18]. The best way to do this in Visual C++ is to use the __readfsdword intrinsic:
TEB *teb = (TEB *) __readfsdword(0x18);
回答2:
The LEA instruction ("Load Effective Address") is badly named (e.g. should probably be called LEO/"Load Effective Offset") because it only calculates the offset within a segment.
来源:https://stackoverflow.com/questions/47589280/get-linear-address-of-fs0-in-32-bit-protected-mode-msvc-inline-asm