In a 64 bit program the selector:offset used to get the stack protector is fs:0x28, where fs=0. This poses no problem because in 64 bit we have the MSR fs_base (which is set to point to the TLS) and the GDT is completely ignored. But with 32 bit program the stack protector is read from gs:0x14. Running over a 64
Tag: memory-segmentation
What is %gs in Assembly
void return_input (void) { char array[30]; gets (array); printf(“%sn”, array); } After compiling it in gcc, this function is converted to the following Assembly code: push %ebp mov %esp,%ebp sub $0x28,%esp mov %gs:0x14,%eax mov %eax,-0x4(%ebp) xor %eax,%eax lea -0x22(%ebp),%eax mov %eax,(%esp) call 0x8048374 lea -0x22(%ebp),%eax mov %eax,(%esp) call 0x80483a4 mov -0x4(%ebp),%eax xor %gs:0x14,%eax je 0x80484ac call 0x8048394 leave ret I