SEH not working with new stack (stack swapping)
in [Win32 Kernel]
|
Prev: Setting Service ACL in Win7 Not Working All the Time?
Next: IIS + ISAPI + EXE + Kernel Namespace + User Accounts + Security Model
From: olk on 28 Apr 2010 00:35 I've some code which creates a new stack (on heap/freestore) and assigns it to ESP (some kind of stack swapping _ WIN32 Fiber replacement). The code works but only structured exception handling doesn't work. I've added at the highest address of the new stack the address of an exception handler function and 0xffffffff for the pointer to the 'next' exception handler. The function which gets executed has an try/catch (C++) block. Unfortunately the catch block is never entered - std::terminate is called instead. Does the stack have some special marked pages? Do I've to use a special function to allocate the memory for the stack (I used malloc, VirtualAlloc)? What does RtlDispatchException check ? thx, Oliver
From: rogero on 28 Apr 2010 09:17 On Apr 28, 5:35 am, olk <oliver.kowa...(a)gmx.de> wrote: > I've some code which creates a new stack (on heap/freestore) and assigns > it to ESP (some kind of stack swapping _ WIN32 Fiber replacement). > The code works but only structured exception handling doesn't work. I suspect you'll have to do some work to get this to function. Assuming you are only targetting 32 bit windows... - You need to ensure the the ExceptionList in the current NT_TIB is correct (at FS:0) - the OS validates functions called during exception processing are in the exception table generated when the executable image was linked - is your exception handler function so marked?. - The OS may be validating that the elements on the exception chain are between StackBase and StackLimit. HTH, Roger.
From: olk on 28 Apr 2010 14:38 > I suspect you'll have to do some work to get this to function. > Assuming you are only targetting 32 bit windows... > > - You need to ensure the the ExceptionList in the current NT_TIB is > correct (at FS:0) The lib does stores the old ExceptionList (from the old stack/context) and installs the new ExceptionList for the new stack (context) in fs:[0]. The new ExceptionList contains only one entry. The exception handler of this final SEH calls exit(0) and the pointer to the next SEH contains -1 (0xffffffff). The function which gets called by the new context has a try/catch(...) block - so all C++ exceptions should be catched here and the 'final' exception handler should never be called. edx points to end of new created stack mov ecx, no_context ; no_context calls exit(0) mov [edx-04h], ecx ; save exception handler mov ecx, 0ffffffffh ; set ECX to -1 mov [edx-08h], ecx ; save -1 as pointer to next SEH lea ecx, [edx-08h] ; ecx points to 'final' SEH mov [eax+018h], ecx ; store address of 'final' SEH the address inside [eax+018h] will be assigned to fs:[0] if the context/stack is swapped. Would this form a correct ExceptionList? > - the OS validates functions called during exception processing are in > the exception table generated when the executable image was linked - > is your exception handler function so marked?. I'm not sure how it should be marked nor did I read something about marking exception handlers. How can I inspect this exception table (debugger)? The debugger doesn't show me the correct address contained int segment registers. In my code the SEH corresponding to try/catch blocks should be put in the exception table (you mean chained list of SEHs?) because it is done by the compiler. > - The OS may be validating that the elements on the exception chain > are between StackBase and StackLimit. Hmm - in which struct do I have to set StackBase and StackLimit? May both part of the TIB (pointer someweher of fs:[018h])? The new stack is created by _aligned_malloc() and the end of this memory chunk is copied into esp (if context/stack is swapped). It seams I'm missing a lot of addition information - does the MSDN contain an related article (I didn't found something)? Thx for your info and help. best regards, Oliver
From: Pavel A. on 28 Apr 2010 19:38 Yes, SEH places special markers in the stack. You've asked for a trouble and got it. -- pa "olk" <oliver.kowalke(a)gmx.de> wrote in message news:hr8dul$8s8$02$1(a)news.t-online.com... > I've some code which creates a new stack (on heap/freestore) and assigns > it to ESP (some kind of stack swapping _ WIN32 Fiber replacement). > The code works but only structured exception handling doesn't work. > I've added at the highest address of the new stack the address of an > exception handler function and 0xffffffff for the pointer to the 'next' > exception handler. The function which gets executed has an try/catch (C++) > block. Unfortunately the catch block is never entered - std::terminate is > called instead. > > Does the stack have some special marked pages? Do I've to use a special > function to allocate the memory for the stack (I used malloc, > VirtualAlloc)? > > What does RtlDispatchException check ? > > thx, > Oliver
From: m on 28 Apr 2010 21:28
I am curious why you think that it is a good idea to build this? It will be 1) hard; 2) fragile and is probably, like fibers, mostly useless. That being said, AFAIK the best references on exception processing in Win32 are some very old MSJ articles - search the net / the archives of this group and you are sure to find them "olk" <oliver.kowalke(a)gmx.de> wrote in message news:hr8dul$8s8$02$1(a)news.t-online.com... > I've some code which creates a new stack (on heap/freestore) and assigns > it to ESP (some kind of stack swapping _ WIN32 Fiber replacement). > The code works but only structured exception handling doesn't work. > I've added at the highest address of the new stack the address of an > exception handler function and 0xffffffff for the pointer to the 'next' > exception handler. The function which gets executed has an try/catch (C++) > block. Unfortunately the catch block is never entered - std::terminate is > called instead. > > Does the stack have some special marked pages? Do I've to use a special > function to allocate the memory for the stack (I used malloc, > VirtualAlloc)? > > What does RtlDispatchException check ? > > thx, > Oliver |