Assembly Language for Beginners

(Jeff_L) #1

6.5. WINDOWS NT


Figure 6.5:Windows 8.1

Earlier, this handler was called Dr. Watson^42.


By the way, some developers make their own handler that sends information about the program crash
to themselves. It is registered with the help ofSetUnhandledExceptionFilter()and to be called if the
OSdoes not have any other way to handle the exception. An example is Oracle RDBMS—it saves huge
dumps reporting all possible information about theCPUand memory state.


Let’s write our own primitive exception handler. This example is based on the example from [Matt Pietrek,
A Crash Course on the Depths of Win32™ Structured Exception Handling, (1997)]^43. It must be compiled
with the SAFESEH option:cl seh1.cpp /link /safeseh:no. More about SAFESEH here:MSDN.


#include <windows.h>
#include <stdio.h>


DWORD new_value=1234;


EXCEPTION_DISPOSITION __cdecl except_handler(
struct _EXCEPTION_RECORD ExceptionRecord,
void
EstablisherFrame,
struct _CONTEXT ContextRecord,
void
DispatcherContext )
{
unsigned i;


printf ("%s\n", __FUNCTION__);
printf ("ExceptionRecord->ExceptionCode=0x%p\n", ExceptionRecord->ExceptionCode);
printf ("ExceptionRecord->ExceptionFlags=0x%p\n", ExceptionRecord->ExceptionFlags);
printf ("ExceptionRecord->ExceptionAddress=0x%p\n", ExceptionRecord->ExceptionAddress);

if (ExceptionRecord->ExceptionCode==0xE1223344)
{
printf ("That's for us\n");
// yes, we "handled" the exception
return ExceptionContinueExecution;
}
else if (ExceptionRecord->ExceptionCode==EXCEPTION_ACCESS_VIOLATION)
{
printf ("ContextRecord->Eax=0x%08X\n", ContextRecord->Eax);
// will it be possible to 'fix' it?
printf ("Trying to fix wrong pointer address\n");
ContextRecord->Eax=(DWORD)&new_value;
// yes, we "handled" the exception
return ExceptionContinueExecution;
}
else
{
printf ("We do not handle this\n");
// someone else's problem
return ExceptionContinueSearch;
};

(^42) wikipedia
(^43) Also available ashttp://go.yurichev.com/17293

Free download pdf