flat assembler
Message board for the users of flat assembler.
Index
> Windows > [SOLVED] SEH Code to bypass Privileged instruction exception |
Author |
|
revolution 03 Mar 2012, 12:13
SEH handlers are executed in the context of an exception. You must properly return back through the exception mechanism to restart the app. If you want to skip an instruction then you must alter the CONTEXT record in your SEH handler and then return back to the OS exception handler to clean up and restart the app. If you try to cheat it like above then it won't work because any further exception will cause the app to quit without warning.
|
|||
03 Mar 2012, 12:13 |
|
typedef 03 Mar 2012, 19:01
I'm reading this article for now http://www.microsoft.com/msj/0197/exception/exception.aspx
I'll get back at you rev. |
|||
03 Mar 2012, 19:01 |
|
JohnFound 03 Mar 2012, 20:20
You can try the _exceptions.inc macros from FreshLib.
The code is following: Code: beginTry in al, dx onException Ignore ; or Retry, or Next endTry There is a good example about exceptions in the Fresh examples directory. |
|||
03 Mar 2012, 20:20 |
|
typedef 04 Mar 2012, 00:50
The app is in C I'm just using inline Assembly. It seems like there's no way of getting past it since even debuggers lose control of it and the app either closes or crashes.
It does crash when there's no user specified handler but when I provide one it terminates. Last edited by typedef on 04 Mar 2012, 02:01; edited 1 time in total |
|||
04 Mar 2012, 00:50 |
|
revolution 04 Mar 2012, 01:09
typedef wrote: It does crash when there's no user specified handler but when I provide one it terminates. |
|||
04 Mar 2012, 01:09 |
|
revolution 04 Mar 2012, 02:21
typedef wrote: So would Get/SetThreadContext work in the handler section ? Perhaps this will help: Code: generic_handler: virtual at esp+4 .pExcept dd ? .pFrame dd ? .pContext dd ? .pDispatch dd ? end virtual mov eax,[.pContext] mov edx,[eax+CONTEXT.Eip] ;do something mov [eax+CONTEXT.Eip],edx xor eax,eax ret 16 |
|||
04 Mar 2012, 02:21 |
|
typedef 04 Mar 2012, 02:21
Working with this API for now. It seems like I;m getting there.
SetUnhandledExceptionFilter |
|||
04 Mar 2012, 02:21 |
|
revolution 04 Mar 2012, 02:25
typedef wrote: Working with this API for now. It seems like I;m getting there. |
|||
04 Mar 2012, 02:25 |
|
typedef 04 Mar 2012, 02:52
@rev
Here's how I set it up. Can you show me what you mean. The following still produces the same effect. Code: static LONG WINAPI Handler(PEXCEPTION_POINTERS pExceptionInfo) { PCONTEXT ContextRecord = pExceptionInfo->ContextRecord; char buff[100]={0}; wsprintf(buff,"Exception busted\nEIP: 0x%X",ContextRecord->Eip); A: //ContextRecord->Eip++; // JMP over 0xEC [ IN AL, DX ] B: //SetThreadContext(GetCurrentThread(),ContextRecord); // //MessageBoxA(0,buff,"Ups, Error...",MB_OK); return -1; // -1 = EXECUTION_CONTINUE_EXECUTION } Un-comment line A and B and the app will terminate ungratefully. That code will hang the app the the exception keeps occuring and |
|||
04 Mar 2012, 02:52 |
|
revolution 04 Mar 2012, 02:56
That code is for the C wrapper handler. I have no idea what that wrapper does. See the code I posted above, it works for the Win API even with the simple:
Code: pushd generic_handler pushd dword[fs:0] mov [fs:0],esp |
|||
04 Mar 2012, 02:56 |
|
typedef 04 Mar 2012, 05:21
Yeah I'm sorry I just realized I posted before I read your posts. I was on the same page the whole day without refreshing it.
Thanks revolution. I was doing something terribly wrong in my code and it ended up getting into system DLL space. (Glitch ?) This is where the library contains IN AL, DX. But now it's fixed without the need for SEH. |
|||
04 Mar 2012, 05:21 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.