The above content is just some basic knowledge, although it is simple, but it is necessary to understand. Now, I will officially start my first topic: knot
Configuration abnormal treatment (SEH). SEH is the function provided by the Windows system and has nothing to do with the development tool. It is worth mentioning that VC will be carried out
The package, that is, we usually use __Try {} __ except () {} and __try {} __ finally {}, I didn't study its implementation method, here also
Not discussing, and I will tell SEH's manual implementation, that is, the original appearance of SEH.
1. SEH works.
The most important idea in the Windows program design is the message delivery, event driver. When the GUI application triggers a message, the system will put
This message is placed in a message queue, then finds and calls the form's message processing function (Callback), the parameter passed is of course this message.
We can also use an exception as a message. When the application has an exception, it triggers the message and informs the system. The same will be the same after the system is received.
Looking for its "callback function", it is our exception handling routine. Of course, if we don't do an abnormality in the program, the system is not
The placement is ignored, it will pop up our common application error box and then end the program. So, when we change your way of thinking,
Callback's thoughts come to see SEH, SEH will no longer mysterious.
2. Processatic exception handling.
SEH can be divided into process related and thread related, let's first understand the process-related SEH, the so-called process, that is, in the application
An exception that occurs anywhere can be processed with this processing routine. According to the previous ideas, do an abnormal handling is to set a callback
How can the function? Windows provides an API for setting the form callback function: setWindowlong (), which is also an abnormal place
A similar API: setunhandledExceptionFilter () is provided to the parameter passed to the function is our exception handling routine. and so,
We only need to write a function, then call setunhandledExceptionFilter () when the program starts, set it to an exception handle
The number is OK! The next step is how to write an exception handler. First, let's take a look at the definition of the exception handler: long __stdcall exceptionFilterProc (Exception_Pointers *); return value is long; calling rules are __stdcall; function name does not matter, what is willing to make a pointer. all
It's very simple, only the parameters look unfamiliar, then let's take a look at the parameters, this structure is defined in Winnt.h as follows:
TypeDef struct _exception_pointers {pexception_record exception; pcontext context; EXCEPTION_RECORD structure definition: typedef struct _EXCEPTION_RECORD {DWORD ExceptionCode; DWORD ExceptionFlags; struct _EXCEPTION_RECORD * ExceptionRecord; PVOID ExceptionAddress; DWORD NumberParameters; DWORD ExceptionInformation [EXCEPTION_MAXIMUM_PARAMETERS];} EXCEPTION_RECORD, * PEXCEPTION_RECORD; This structure is necessary to explain more content, is not necessary Remember, I will go out of the document with the document. DWORD exceptioncode; exception code, pointing out the reason. Common abnormal code is: EXCEPTION_ACCESS_VIOLATION = C0000005h read and write memory conflicts EXCEPTION_INT_DIVIDE_BY_ZERO = C0000094h illegal except 0 EXCEPTION_STACK_OVERFLOW = C00000FDh stack overflow or cross-border EXCEPTION_GUARD_PAGE = 80000001h established by the Virtual Alloc property page conflict EXCEPTION_NONCONTINUABLE_EXCEPTION = C0000025h unsustainable anomaly, the program can not resume execution, exception Processing routines should not process this exception EXCEPTION_INVALID_DISPOSITION = C0000026H In the exception processing, the system uses the code eXception_breakpoint = 8000000003h debugging time due to code INT 3 interrupt eXception_single_step = 80000004h is in a single step debugging state (INT 1)
DWORD ExceptionFlags; abnormal abnormality flag = 0 fixes EXCEPTION_NONCONTINUABLE = 1 uncorrectable abnormality EXCEPTION_NONCONTINUABLE_EXCEPTION = C0000025H uncorrectable continued abnormal abnormality caused struct _EXCEPTION_RECORD * ExceptionRecord; when an abnormality occurs in the exception handler, this field is filled with NULL otherwise
PVOID EXCEPTIONADDRESS; an abnormal address (EIP)
DWORD NUMBERPARETERS; specifies the number of parameters related to exception (0-15), the current version of Windows is always 0
DWORD exceptioninformation [eXception_maximum_parameters]; Exception_Access_viocation Exception_Access_viocation Exception Information ExceptionInformation [0] Description Leading Operation Types = 0 Read Abnormal = 1 Write ExceptionInformation [1] A memory address of reading and writing
Context structure definition: typedef struct _context {...} context, * pContext; this structure is very large, here is not one, you can see Winnt.h, but we must clearly: Context structure is an abnormality The status of each register in the CPU occurs. Let's take a look at the meaning of the return value, and the return value can be three, respectively: Exception_execute_handler = 1 has been processed, end the program, so the program will not die. Exception_Continue_Search = 0 Does not deal with exception, transfer system processing, pop up a common error message box. Exception_continue_execution = -1 Fixed error, continues to perform, the ideal practice from abnormal occurs, but it is very difficult.
After you understand these, let's take a look at an easy process for an exception handler: 1.c / c Write long WinAPI ExceptionFilter (Exception_Pointers * LParam) {... Return 1; // (0, -1)} 2.asm Write ExceptionFilter Proc; acquire parameter MOV ESI, DWORD PTR [ESP 4]; processing exception ...; set the return value, the advanced language convention return value is stored in Eax. Mov Eax, _return_Value Ret 4 ExceptionFilter Endp
Said so much, and you can't live an example. Below, I will give an ASM write routine, and after the program starts, two
Threads, the main thread will generate an except for 0 abnormality, and a sub-thread will generate an illegal memory access, and the exception handler handles them. careful
Study!
*********************************************************** ***************; Process related exception handling instance; ************************** ********************************************************. 386 .Model flat; contains header files for common structure, and C / C is similar .H include ../INCLUDE/PERELATION.INC; API stated EXTRN MessageBoxA: PROC EXTRN CreateThread: PROC EXTRN VirtualProtect: PROC EXTRN WaitForSingleObject: PROC EXTRN CloseHandle: PROC EXTRN SetUnhandledExceptionFilter: PROC EXTRN ExitProcess: PROC; data Definition .DATA DDTEMP DD 0 DDHANDLE DD 0 DDTHREADID DD 0 SZTITLE DB "Tips", 0 SZEXCDIVZERO DB "Application In addition to 0 Errors", 0 SZEXCACCESS DB "application illegal memory access error, is it fixed?", 0; (Main thread) .code _header: push eBp; Set an exception handler Push Offset ExceptionFilter Call setunhandExceptionFilter; trigger 0 abnormal xor EBX, EBX DIV BL; ***************** **********************; this execution order will be disrupted, enter the exception handling routine; ****** ******************************** * Create a sub-thread Push Offset DDTHREADID PUSH 0 Push Null Push Offset ThreadProc Push 0 Push Null Call Createthread; Create Thread Failed Test Eax, EAX JE _ Error_Exit; save the thread handle MOV ddHandle, EAX; waiting for child thread to finish PUSH 0FFFFFFFFH PUSH EAX CALL WaitForSingleObject; close the thread handle PUSH ddHandle CALL CloseHandle _Error_Exit: POP EBP; exit the program PUSH 0 CALL ExitProcess; ********** *********************************************************** ********; the string defined within the code section. The code segment of the Windows program is not writable by default; the following thread function will try to fly the string, resulting in illegal memory; access exception. *********************************************************** ****************** SZMESSAGE DB "Falling flowers independent, Deli Shuangfei. At the time, Mingyue was returned.
", 0; subordinates" ThreadProc Proc Pushad; **************************************************** ************; this instruction will complete the function of scanning the NULL-T string length, and it is estimated that the original code of the function strlen () is very exciting! (Repne ScaSB):; EDI register points to the character serial head, then press the sub-section and the register Al; compare, equal, each compares one character ED will set itself 1, and the number of scans in the ECX register, that is Cycle counter, because the string length is not, so set ECX to 0FFFFFFF; ******************************************** ************************* CLD XOR EAX, EAX XOR ECX, ECX DEC ECX LEA EDI, SZMESSAGE RepNE SCASB; ECX Refueling Get strings Length (including 0) NOT ECX; Reply EDI to the character serial Sub EDI, ECX; Press the word rolled string, 0 Reserved at the end of XOR EBX, EBX DEC ECX _REVER_LOOP: DEC ECX DEC ECX CMP EBX, ECX JGE _REVER_OVER; Take the first, the two words MOV AX, Word PTR [EDI EBX] MOV DX, Word PTR [EDI ECX]; flip writing, this article will cause illegal memory access to exception MOV Word PTR [EDI ECX], AX MOV WORD PTR [EDI EBX], DX INC EBX INC EBX JMP _Rever_Loop _Rever_Over:; reverse completion, the display character string after inversion PUSH MB_OK PUSH OFFSET szTitle PUSH OFFSET szMessage PUSH NULL CALL MessageBoxA POPAD RET 4 ThreadProc ENDP; abnormal Processing function ExceptionFilter Proc; acquire parameters from the stack Exceptio N_pointers *; At this point, the state of the stack is:; [ESP 4] exception_pointers *; [ESP] Return Address Mov Eax, DWORD PTR [ESP 4] Pushad; PEXCEPTION_RECORD => ESI MOV ESI, [EAX] .ExceptionRecord; PCONText => EDI MOV EDI, [ED] .contexTrecord; Take an exception code MOV EAX, [ESI] .Exceptioncode; illegal except 0 abnormal CMP EAX, 0C0000094H JE _ISDIVZERO; illegal memory access exception CMP EAX, 0C0000005H JE _isaccessviolation; other abnormalities JMP _EXCEPTOTHER; except 0 exception handling _ISDIVZERO:; Messagebox prompts Push MB_ok Push Offset Sztitle Push Offset Szexcdivzero Push Null Call MessageBoxa; *********************************************** ******************************;
