I have this simple assembler command:
mov eax, fs:[30h];
My problem is that I need to know what specific address is really read by this command. I found a lot of documentation about the assembler addressing modes but nothing about the register: notation.
Could somebody please explain me the math behind the address calculation?
FS is an index into a table of Segment Descriptors, which in turn contain a Base Address, which is added to the address. On win32, FS is used to access the Thread Information Block (or more accurately, the Segment Descriptor indexed by FS has a base address such that FS:[0] is the start of the TIB) and FS:[30h] is the location of a pointer to the Process Environment Block. On win64, GS is used to access the TIB.