如何解释 x86-64 上的段寄存器访问?
有了这个函数:
mov 1069833(%rip),%rax # 0x2b5c1bf9ef90 <_fini+3250648>
add %fs:0x0,%rax
retq
我如何解释第二条指令并找出RAX中添加了什么?
With this function:
mov 1069833(%rip),%rax # 0x2b5c1bf9ef90 <_fini+3250648>
add %fs:0x0,%rax
retq
How do I interpret the second instruction and find out what was added to RAX?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
此代码:
返回线程局部变量的地址。
%fs:0x0是 TCB(线程控制块)的地址,1069833(%rip)是从那里到变量的偏移量,这是已知的,因为变量驻留在程序中或驻留在程序加载时加载的某些动态库上(通过 dlopen() 在运行时加载的库需要一些不同的代码)。Ulrich Drepper 的 TLS 文档对此进行了详细解释,特别是 §4.3 和 §4.3。 6.
This code:
is returning the address of a thread-local variable.
%fs:0x0is the address of the TCB (Thread Control Block), and1069833(%rip)is the offset from there to the variable, which is known since the variable resides either in the program or on some dynamic library loaded at program's load time (libraries loaded at runtime viadlopen()need some different code).This is explained in great detail in Ulrich Drepper's TLS document, specially §4.3 and §4.3.6.
我不确定自从分段架构的糟糕时代以来它们是否被称为段寄存器。我相信正确的术语是选择器(但我可能是错的)。
但是,我认为您只需要 fs 区域中的第一个四字(64 位)。
%fs:0x0位表示fs:0处内存的内容。由于您使用了通用add(而不是addl例如),我认为它将从目标%rax获取数据宽度。就获取实际值而言,这取决于您处于传统模式还是长模式。
在传统模式下,您必须获取
fs值并在 GDT(或可能是 LDT)中查找它才能获取基地址。在长模式下,您需要查看相关模型特定的寄存器。如果您此时此刻,不幸的是您已经超出了我的专业水平。
I'm not sure they've been called segment register since the bad old days of segmented architecture. I believe the proper term is a selector (but I could be wrong).
However, I think you just need at the first quadword (64 bits) in the
fsarea.The
%fs:0x0bit means the contents of the memory atfs:0. Since you've used the genericadd(rather thanaddlfor example), I think it will take the data width from the target%rax.In terms of getting the actual value, it depends on whether you're in legacy or long mode.
In legacy mode, you'll have to get the
fsvalue and look it up in the GDT (or possibly LDT) in order to get the base address.In long mode, you'll need to look at the relevant model specific registers. If you're at this point, you've moved beyond my level of expertise unfortunately.