Category:Architecture/Windows/SEH-Structured-Exception-Handling

From aldeid

Jump to navigation Jump to search

You are here:

Structured Exception Handling (SEH)

Description

Windows error handling mechanism
When an error occurs, the exception handler information is stored on the stack
Use of __try and __except keywords in C++
Some packers use SEH: When an exception is triggered, execution continues in the exception handler

SEH Chain

The _EXCEPTION_REGISTRATION structure has two components:

A pointer to an exception handler function
A pointer to the previous _EXCEPTION_REGISTRATION record

The SEH chain:

The address of the first record is always stored at the address pointed to by the FS register (FS:[O])
The chain ends when the OS encounters OxFFFFFFFF

Misusing Structured Exception Handlers

SEH provides a flow control that is difficult to be understood by disassemblers and that fools debuggers.

Comments

Keywords: SEH Structured Exception Handling fs:0h fs:[0h] fs:[0] FS:[0x0] structure TIB EXCEPTION_REGISTRATION

This category currently contains no pages or media.

Retrieved from "https://www.aldeid.com/w/index.php?title=Category:Architecture/Windows/SEH-Structured-Exception-Handling&oldid=28695"

Share your opinion