I have the following x86 assembly command from gdb:
mov eax, gs:0x14
When I type (gdb) info registers
the value for gs turns out to be 0x63.
From what I read, to get to the address itself I have to multiply gs by 0x10 and add the offset (0x14).
As expected, the address cannot be read from memory, because this is a relative address. I tried to objdump
the file to try to find any meaningful start point to which I should add 0x644 to get to the real memory address, but nothing popped up.
When I run the file in gdb, the addresses are always 0x056555XXX, but adding 0x644 to 0x56555000 lands right in the middle of the code.
Where is this memory segment actually located?
edit: I'm running this on a 64-bit kali linux VM, but the file is from some CTF and is 32-bit i386 elf file. I don't know if it's protected or real mode...