Logo
RSS Feed

👈🏞 Back to
📚 Basics

Exceptions

   

Created: 18.10.2020

teb-peb-seh

⚠ïļ Note that x64 does not use this mechanism for exception handling.

Consider the following code:

int main()
{
    __try
    {
        TestExceptions();
    }
    __except(EXCEPTION_EXECUTE_HANDLER)
    {
        printf("Executing SEH __except block\r\n");
    }

    return 0;
}

How is that code handled in memory?

This is usually how the SEH is registered (Assembly view):

PUSH 0040184B
XOR EAX, EAX
PUSH DWORD PTR FS:[EAX]
MOV DWORD PTR FS:[EAX], ESP

NtGlobalFlag FLG_HEAP_ENABLE_TAIL_CHECK (0x10), FLG_HEAP_ENABLE_FREE_CHECK (0x20), and FLG_HEAP_VALIDATE_PARAMETERS (0x40)

References

https://rvsec0n.wordpress.com/2019/09/13/routines-utilizing-tebs-and-pebs/