Description of structured exceptions (SEH) and structured seh

Description of structured exceptions (SEH) and structured seh

/*************************************** ******************************
* Author: Samson
* Date: 08/04/2014
* Test platform:
* Linux ubuntu 3.2.0-58-generic-pae
* GNU bash, version 4.2.39
**************************************** ****************************/

Structured exception handling program?

SEH: structured Exception Handling, structured Exception Handling.

Structured Exception HandlingIs a syntax extension made by Microsoft to C/C ++ programming languages on Windows operating systems. It is a program control structure used to handle abnormal events.

An exception event is a hardware or software event that interrupts the normal execution of the program. Hardware exceptions are thrown by the CPU, such as "Division by 0" and numerical overflow. Software exceptions are thrown by the operating system and program through the RaiseException statement.

Microsoft extends the C language syntax and uses try-try t and try-finally statements to handle exceptions. The exception handling program can release the acquired resources, Display Error information and internal state of the Program for debugging, recover from the error, attempt to re-execute the error code, or close the program.

A _ try statement cannot have both _ partition T and _ finally. However, try-finally t and try-finally statements can be nested.

In the event of an emergency (for example, memory access error, Division by 0, or invalid operation), the application can gain control and handle it independently, without the need for operating system intervention. Unhandled exceptions usually lead to the termination of application exceptions, followed by messages about the program to close when an invalid operation is executed.

_ Try {// The protected code to be executed }__ blocks T (filter expression) {// Exception Handling Code}

First, the protected code in the __try compound statement is executed. If no exception occurs, continue executing the code after the _ t compound statement. If an exception occurs in the protected code in the _ try compound statement, or an internal exception occurs in the function called by the protected code and the caller is required to handle the exception, __the filter expression of the limit t statement is evaluated, and the exception is determined based on the result:

• Prediction_continue_execution (-1): the problem that caused the exception has been resolved. execute the operation again on the site where the exception occurred.
• Prediction_continue_search (0): The current _ except statement cannot handle this exception and notifies the operating system to continue searching for other exception handlers of this thread.
• Prediction_execute_handler (1): The current _ HANDLE t statement identifies this exception. It is handled by executing the _ handle t Compound statement. Then run the code after the _ except compound statement.

Internal Function GetExceptionCodeReturns a 32-bit integer value, indicating the type of the exception.

Traps and Attacks:

In most cases, pointers to structured exception handlers are stored in the SEH frame of the stack, and overflow buffer can rewrite them. There are two main purposes to rewrite the SEH frame: to obtain control by replacing the structured exception handler; to avoid program termination in case of exceptions.

The Built-in anti-buffer overflow and most similar protection mechanisms in windows 2003 are based on SEH. By capturing a structured exception handler and replacing it with a Custom Handler, hackers can invalidate this protection mechanism.

REF:

Http://zh.wikipedia.org/wiki/%E7%BB%93%E6%9E%84%E5%8C%96%E5%BC%82%E5%B8%B8%E5%A4%84%E7%90%86

What is the SEH system?

SEH: structured exception handling

Structured exception handling is a mechanism provided by the operating system to optimize the program structure and provide a more robust program execution environment. try to think that you do not need to consider where there is a memory access error, where there is a null pointer, and so on, and keep writing down according to the logic structure of the program, instead of checking whether the function is successful, this would be a pleasure (this is a promotional term for seh, which does not represent my point of view. It is totally irresponsible here ).
Structured exception handling --- seh is an operating system level concept. The operating system maintains an exception handling linked list for each thread (the windows platform thread is the basic unit of System Scheduling, when an exception occurs, the control is transferred to the operating system. The operating system traverses the linked list in a certain way to find suitable processing functions, perform processing, and unwind the stack.
When the usermode thread is running, the operating system directs the fs register to the Environment block (teb) of the thread. This teb is a data structure that can be accessed by the usermode, embed a tib (thread information block) named NT_TIB at the beginning, which stores the linked list used by seh.
Struct_TEB
{
NT_TIBNtTib;
......
};

StructNT_TIB
{
Prediction_registration_record * predictionlist;
.....
};

StructEXCEPTION_REGISTRATION_RECORD
{
Prediction_registration_record * Next;
Enum_EXCEPTION_DISPOSITION (* Handler) (_ EXCEPTION_RECORD * ExceptionRecord, void * EstablisherFrame, _ CONTEXT * ContextRecord, void * DispatcherContext );
};

When the thread is running, the fs segment points to the TEB structure. This can be seen in the following assembly code.
Let's talk about what the operating system has done when an exception occurs.
First of all, you must understand what exceptions are, and think about them. Exceptions are unusual places (-. -B) when the cpu encounters an exception, it will cause an interruption, and the operating system will obtain control (I cannot describe it in detail in specific circumstances ), after a series of operations such as necessary storage, the operating system indexes TEB through fs, that is, TIB, then accesses the ExceptionList, and calls the handler function pointer pointing to the function in it, if the function returns, it checks the return value of the function. If the return value indicates that the function cannot handle this exception, it indexes the Next record through the Next pointer, repeats, and ends at the end of the linked list, if no one can handle the issue, kill the thread automatically.

Where did the handler come from? It was installed by the application during execution. You may already know that the handler generally points to a function named _ effect_handler3. As shown above, this function is the key to the entire seh. We will introduce this function in detail below.

In the C language, the syntax of seh is _ try .... _ partition t .... _ finally, what kind of machine language will such a _ try structure be converted? What does the equivalent assembly language look like? Because seh involves too many underlying layers, especially the memory layout, it is very important to talk about the conversion process here.

When the compiler encounters a _ try structure, it will know that seh code generation is required, that is, the above prediction_registration_record link must be completed,
Push_effect_handler3; this r... the remaining full text>
 
C language Exception Handling

Bad_alloc: new allocation failed
Bad_cast: dynamic_cast failed
Bad_typeid: The typeif parameter is null.
Logic_error: logical error
Ios_base: failure: IO Error
Runtime_error: runtime error
Bad_exception: Unknown error

If the assignment fails, you can use runtime_error. You can also inherit an exception class to customize the exception information.