Exception HandlingA. Types of Exception Handling
Under Windows, there are currently two types of exception handling:
○ Structured Exception Handling (SEH)
○ Vectored Exception Handling (VEH)Structured Exception Handling
, uses stack-based exception nodes. On the x86 architecture, Microsoft uses a pointer value stored at FS: to point to the current exception handler frame. The frame information includes an address to call when an exception occurs.
We will have to dwelve within SEH in more detail for the purposes of your question...Vectored Exception Handling
, was introduced with Windows XP, and is an extension to structured exception handling. An application can register a function to watch or handle all exceptions. Vectored handlers are not frame-based, therefore, you can add a handler that will be called, regardless of where you are in a call frame. Vectored handlers are called in the order that they were added.
To add a vectored exception handler, use the Windows API AddVectoredExceptionHandler
To remove this handler, use the Windows API RemoveVectoredExceptionHandler
. (Available under Windows XP and above...).
To add a vectored continue handler, use the Windows API AddVectoredContinueHandler
To remove this handler, use the Windows API RemoveVectoredContinueHandler
. (Available under Windows Vista / Windows XP Professional x64 Edition and above...).B. Structured Exception Handling in more detail
There are two types of structure exception handlers:
○ The "final" exception handler.
○ The "per-thread" exception handler.
The "final" exception handler
supersedes the top-level exception handler that Win32 places at the top of each thread and process. It is called by windows if all other exception handlers fail to deal with an exception, or if the code that caused the exception is not guarded by any other exception handler.
It can be installed by use of the Windows API SetUnhandledExceptionFilter
(typically at the entry point of your application or as soon as possible after the enty point) and there is no need to uninstall it, as windows automatically handle the issue.
This type of exception handler cannot be chained (but can be overrided by calling the SetUnhandledExceptionFilter API, defining a different Unhandled Exception Filter procedure), and guards all the code that is executed after the Exception Handler was installed.
The "per-thread" exception handler
, is used to protect specific parts of your code. It is called if an exception occurs within the area it guards. This kind of exception handler, is subjectible to chaining.Example of "per-thread" exception handling:
As you can see in the example (and the attached code), we use the assembler directive ASSUME FS:NOTHING
prior to using the FS register.
The reason is that by default, the MASM compiler assumes the use of the FS register to ERROR.
According to the MSDN documentation of the ASSUME directive:
○ ASSUME reg:ERROR, generates an error if the register is used
○ ASSUME reg:NOTHING, removes register error checking
So, because we must use the FS register to setup the per-thread exception handler, we must remove the error checking for this register by use of the ASSUME directive with the parameter: NOTHING.
Because it's an instruction to the compiler, nothing in our compiled binary refllects the use of this directive (no extra code is generated by the compiler).
I hope this is clear.
Now, in the attachment you will find an example of both types of Structured Exception Handlers, and as a bonus, an ... unconventional way to handle exceptions in the Final Exception Handler. :)
I hope this is what you asked for...
Closing, with a little reference material...The MASM directives reference at MSDN, can be found at this link:
● Microsoft Macro Assembler Reference - Directives Reference at MSDN.References regarding the use of the ASSUME directive, can be found at these links:
● ASSUME - Directives Reference at MSDN.
● Controlling Segments with the ASSUME Directive - The Art of Assembly language programming.Also, the MASM Reference (masm32.hlp), installed with the MASM32 package explains the use of the ASSUME directive, among others...References regarding Exception Handling, can be found at these links:
● Win32 Exception handling for assembler programmers, by Jeremy Gordon - A MUST READ!
● Iczelion's PE Tutorial 2: Detecting a Valid PE File - Iczelion makes use of per-thread exception handling at this tutorial...
● Macros for per-thread exception handling, by Rohitab Batra.
● MSJ - A Crash Course on the Depths of Win32™ Structured Exception Handling, by Matt Pietrek
● Under the Hood - New Vectored Exception Handling in Windows XP, by Matt Pietrek
● MSJ, Bugslayer, August 1998 - John Robbins (former NUMEGA employee), explains Structured Exception Handling
Attached File ( Number of downloads: 172 )