Summary of structured exceptions (SEH)

Source: Internet
Author: User

Summary of structured exceptions (SEH)

/*************************************** ******************************
* Author: Samson
* Date: 08/04/2014
* Test platform:
* Linux ubuntu 3.2.0-58-generic-pae
* GNU bash, version 4.2.39
**************************************** ****************************/

Structured exception handling program?


SEH: structured Exception Handling, structured Exception Handling.

Structured Exception HandlingIs a syntax extension made by Microsoft to C/C ++ programming languages on Windows operating systems. It is a program control structure used to handle abnormal events.

An exception event is a hardware or software event that interrupts the normal execution of the program. Hardware exceptions are thrown by the CPU, such as "Division by 0" and numerical overflow. Software exceptions are thrown by the operating system and program through the RaiseException statement.

Microsoft extends the C language syntax and uses try-try t and try-finally statements to handle exceptions. The exception handling program can release the acquired resources, Display Error information and internal state of the Program for debugging, recover from the error, attempt to re-execute the error code, or close the program.

A _ try statement cannot have both _ partition T and _ finally. However, try-finally t and try-finally statements can be nested.

 

In the event of an emergency (for example, memory access error, Division by 0, or invalid operation), the application can gain control and handle it independently, without the need for operating system intervention. Unhandled exceptions usually lead to the termination of application exceptions, followed by messages about the program to close when an invalid operation is executed.

 

_ Try {// The protected code to be executed }__ blocks T (filter expression) {// Exception Handling Code}

 

 

First, the protected code in the __try compound statement is executed. If no exception occurs, continue executing the code after the _ t compound statement. If an exception occurs in the protected code in the _ try compound statement, or an internal exception occurs in the function called by the protected code and the caller is required to handle the exception, __the filter expression of the limit t statement is evaluated, and the exception is determined based on the result:

Prediction_continue_execution (-1): the problem that caused the exception has been resolved. execute the operation again on the site where the exception occurred. Prediction_continue_search (0): The current _ except statement cannot handle this exception and notifies the operating system to continue searching for other exception handlers of this thread. Prediction_execute_handler (1): The current _ HANDLE t statement identifies this exception. It is handled by executing the _ handle t Compound statement. Then run the code after the _ except compound statement. Internal Function GetExceptionCodeReturns a 32-bit integer value, indicating the type of the exception.

 

Traps and Attacks:

In most cases, pointers to structured exception handlers are stored in the SEH frame of the stack, and overflow buffer can rewrite them. There are two main purposes to rewrite the SEH frame: to obtain control by replacing the structured exception handler; to avoid program termination in case of exceptions.


The Built-in anti-buffer overflow and most similar protection mechanisms in windows 2003 are based on SEH. By capturing a structured exception handler and replacing it with a Custom Handler, hackers can invalidate this protection mechanism.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.