TIB access in Win32
https://stackoverflow.com/questions/9964236
-
28-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Digging into the implementation of Win32 API functions that work with TIB, such as:
- TLS access functions:
TlsAlloc,TlsFree,TlsSetValue,TlsGetValue GetLastError,SetLastError- messaging subsystem:
GetMessage,PeekMessageand etc.
one finds out that all of they access the TIB (sometimes called TEB) by reading the contents of the fs:[0x18] selector.
OTOH this is unnecessary, since fs register directly points to it. According to this article and what I see in practice, fs register holds the address to the beginning of the TIB structure, whereas at an offset 0x18 it has the pointer to itself.
What could be the reason to access the TIB indirectly nevertheless?
Solution
Any instruction using FS requires an override, which adds a byte to the instruction (and generally requires assembly language to use it at all). The pointer at FS:18 is (at least if memory serves correctly) based off of DS instead, so it can be used without an override, saving a byte when it's used and (most importantly for many people) can be used directly from a higher level language such as C or C++ instead of requiring assembly language.
