Assembly Language for Beginners

(Jeff_L) #1

6.5. WINDOWS NT


The filter code is an expression, telling whether this handler code corresponds to the exception raised.


If your code is too big and cannot fit into one expression, a separate filter function can be defined.


There are a lot of such constructs in the Windows kernel. Here are a couple of examples from there
(WRK):


Listing 6.24: WRK-v1.2/base/ntos/ob/obwait.c

try {


KeReleaseMutant( (PKMUTANT)SignalObject,
MUTANT_INCREMENT,
FALSE,
TRUE );

} except((GetExceptionCode () == STATUS_ABANDONED ||
GetExceptionCode () == STATUS_MUTANT_NOT_OWNED)?
EXCEPTION_EXECUTE_HANDLER :
EXCEPTION_CONTINUE_SEARCH) {
Status = GetExceptionCode();


goto WaitExit;
}


Listing 6.25: WRK-v1.2/base/ntos/cache/cachesub.c

try {


RtlCopyBytes( (PVOID)((PCHAR)CacheBuffer + PageOffset),
UserBuffer,
MorePages?
(PAGE_SIZE - PageOffset) :
(ReceivedLength - PageOffset) );

} except( CcCopyReadExceptionFilter( GetExceptionInformation(),
&Status ) ) {


Here is also a filter code example:


Listing 6.26: WRK-v1.2/base/ntos/cache/copysup.c

LONG
CcCopyReadExceptionFilter(
IN PEXCEPTION_POINTERS ExceptionPointer,
IN PNTSTATUS ExceptionCode
)


/*++


Routine Description:


This routine serves as an exception filter and has the special job of
extracting the "real" I/O error when Mm raises STATUS_IN_PAGE_ERROR
beneath us.

Arguments:


ExceptionPointer - A pointer to the exception record that contains
the real Io Status.

ExceptionCode - A pointer to an NTSTATUS that is to receive the real
status.

Return Value:


EXCEPTION_EXECUTE_HANDLER

--*/


{

Free download pdf