1

Could someone please explain what the following assembly instruction means ?

mov rax,qword ptr gs:[20h]

I found the following article here which is really helpful in explaining some things with respect to the segment override but I still do not understand what exactly is gs:[20h] is pointing at. Would the gs prefix segment override be pointing at a TEB or the PEB structure in 64 bit mode ?

JkT
  • 103
  • 7
  • What operating system are you programming for? – fuz Jan 04 '23 at 21:13
  • @fuz thanks. I'm working on Windows 8.1 64 bit at the moment. But could you address this same question if I'm using Windows 10 64 bit. – JkT Jan 04 '23 at 21:17
  • Is that where GCC keeps the per-thread random cookie for `-fstack-protector-strong` on Windows? If the 2 next instructions store RAX to the stack and then zero it out (to avoid leaking the cookie), that's what those instructions are doing. – Peter Cordes Jan 05 '23 at 01:57

0 Answers0