flat assembler
Message board for the users of flat assembler.
Index
> Main > Temporary storage using wrfsbase/wrgsbase |
Author |
|
revolution 21 Jan 2021, 10:54
In user mode you will likely have trouble with those generating an illegal instruction exception.
So, no, I doubt anyone will do this. |
|||
21 Jan 2021, 10:54 |
|
MaoKo 21 Jan 2021, 10:58
Are you sure? It's generate #UD in protected mode and below but not in long mode. And you can use them in userland.
|
|||
21 Jan 2021, 10:58 |
|
revolution 21 Jan 2021, 11:00
Which OS do you use?
|
|||
21 Jan 2021, 11:00 |
|
MaoKo 21 Jan 2021, 11:02
Linux
|
|||
21 Jan 2021, 11:02 |
|
revolution 21 Jan 2021, 11:03
Does this work for you?
Code: format elf64 executable 3 at 1 shl 20 entry main SYS_EXIT = 60 segment executable main: lea rax,[rip] mov rcx,not 0xfffff and rax,rcx wrfsbase rax mov eax,SYS_EXIT xor edi,edi syscall |
|||
21 Jan 2021, 11:03 |
|
MaoKo 21 Jan 2021, 11:05
yes nothing to report. No crash.
Code: execve("./c", ["./c"], 0x7ffefe13f940 /* 42 vars */) = 0 exit(0) = ? +++ exited with 0 +++ |
|||
21 Jan 2021, 11:05 |
|
revolution 21 Jan 2021, 11:08
Then you are lucky.
See this: https://linuxreviews.org/The_Linux_kernel_will_not_get_support_for_the_fsgsbase_instructions_from_Intel_any_time_soon |
|||
21 Jan 2021, 11:08 |
|
revolution 21 Jan 2021, 11:13
Looking at the docs it says non-canonical addresses will fault.
Try this: Code: format elf64 executable 3 at 1 shl 20 entry main SYS_EXIT = 60 segment executable main: mov rax,0x5555555555555555 ; bad address wrfsbase rax mov eax,SYS_EXIT xor edi,edi syscall |
|||
21 Jan 2021, 11:13 |
|
MaoKo 21 Jan 2021, 11:14
Ha ok. I didn't known how intel took time to implement this.
|
|||
21 Jan 2021, 11:14 |
|
MaoKo 21 Jan 2021, 11:16
Yes it's segfault. It's not canonical.
Code: execve("./d", ["./d"], 0x7ffc6d7909d0 /* 42 vars */) = 0 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- +++ killed by SIGSEGV (core dumped) +++ Segmentation fault (core dumped) |
|||
21 Jan 2021, 11:16 |
|
MaoKo 21 Jan 2021, 11:22
You can only store only 48-bit. It's better than nothing
|
|||
21 Jan 2021, 11:22 |
|
revolution 21 Jan 2021, 11:23
So you can use it to store address values, on recent AMD CPUs, in Linux (not sure about Windows), only.
Too many restrictions IMO. |
|||
21 Jan 2021, 11:23 |
|
MaoKo 21 Jan 2021, 14:33
The problem is that on intel when you write a zero selector to fs the fsbase is clear and unchanged in ADM.
This lead to not very portable behavior . Code: format ELF64 executable 3H entry _start segment executable readable _start: mov rax, 0FEEDH wrfsbase rax xor ax, ax mov es, ax mov ds, ax mov fs, ax rdfsbase rax ; rax = 0H int3 mov rax, 03CH syscall |
|||
21 Jan 2021, 14:33 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.