flat assembler
Message board for the users of flat assembler.

Index > Windows > Exception

Author
Thread Post new topic Reply to topic
Galkov



Joined: 23 Jul 2005
Posts: 10
Location: Novosibirsk
Galkov
How may I catch this in Fasm Question
FPU, for example.....

_________________
sorry for my bad english Sad
Post 28 Aug 2005, 19:54
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
same as in other assemblers Smile
Some specific interrupts are called on exceptions. So it depends on which exception you want catch and under which os. under windoze you can use structure in [fs:0], but i don't remember how exactly...
Post 28 Aug 2005, 20:58
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Reverend



Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend
Under windows:
Code:
set_exception_handler:
        push    handler
        push    dword [fs:0]
        mov     [fs:0], esp
;       some code goes here
;       ...
remove_exception_handler:
        pop     dword [fs:0]
        add     esp, 4
;       ...
handler:
;       what happens when an excepiton occured
;       ...    
Post 28 Aug 2005, 22:24
View user's profile Send private message Visit poster's website Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
you can check SEH example on mywebsite
http://comrade.win32asm.com/

its all the way down in the Sources page
Post 29 Aug 2005, 02:28
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Galkov



Joined: 23 Jul 2005
Posts: 10
Location: Novosibirsk
Galkov
Reverend, and is it enough for catch Question
((sorry - that is question of beginer))

comrade, what project on yourweb you are advised for checking Smile
Post 29 Aug 2005, 06:04
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17284
Location: In your JS exploiting you and your system
revolution
Quote:
and is it enough for catch?
You can also use the API SetUnhandledExceptionFilter. But both the FS:[0] and SetUnhandledExceptionFilter methods can fail in certain circumstances. The circumstances are quite rare so for most tasks using either method will probably do the job you need.

In the "handler" code you would normally check the exception code and depending on what happened then set a new EIP in the CONTEXT record before RETurning.
Post 29 Aug 2005, 07:04
View user's profile Send private message Visit poster's website Reply with quote
Galkov



Joined: 23 Jul 2005
Posts: 10
Location: Novosibirsk
Galkov
Tanks for ALL Smile
Begining of understanding are coming for me Laughing

I'll try to translate SEH-example of comrade to Fasm
((Oh, I find it - it was latest of webpage))

Nevertheless, there are no definition of structures EXCEPTION_RECORD and CONTEXT in Fasm....

==========================
One question more: comrade, in your example esp is saving in a global variable seh. Is [FS:0] already failed in ErrorHandler Question

_________________
sorry for my bad english Sad
Post 29 Aug 2005, 19:13
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17284
Location: In your JS exploiting you and your system
revolution
Quote:
there are no definition of structures EXCEPTION_RECORD and CONTEXT in Fasm
Here it is
Code:
SIZE_OF_80387_REGISTERS                 =       80
EXCEPTION_ACCESS_VIOLATION              =       0C0000005h
EXCEPTION_DATATYPE_MISALIGNMENT         =       080000002h
EXCEPTION_BREAKPOINT                    =       080000003h
EXCEPTION_SINGLE_STEP                   =       080000004h
EXCEPTION_ARRAY_BOUNDS_EXCEEDED         =       0C000008Ch
EXCEPTION_FLT_DENORMAL_OPERAND          =       0C000008Dh
EXCEPTION_FLT_DIVIDE_BY_ZERO            =       0C000008Eh
EXCEPTION_FLT_INEXACT_RESULT            =       0C000008Fh
EXCEPTION_FLT_INVALID_OPERATION         =       0C0000090h
EXCEPTION_FLT_OVERFLOW                  =       0C0000091h
EXCEPTION_FLT_STACK_CHECK               =       0C0000092h
EXCEPTION_FLT_UNDERFLOW                 =       0C0000093h
EXCEPTION_INT_DIVIDE_BY_ZERO            =       0C0000094h
EXCEPTION_INT_OVERFLOW                  =       0C0000095h
EXCEPTION_PRIV_INSTRUCTION              =       0C0000096h
EXCEPTION_IN_PAGE_ERROR                 =       0C0000006h
EXCEPTION_ILLEGAL_INSTRUCTION           =       0C000001Dh
EXCEPTION_NONCONTINUABLE_EXCEPTION      =       0C0000025h
EXCEPTION_STACK_OVERFLOW                =       0C00000FDh
EXCEPTION_INVALID_DISPOSITION           =       0C0000026h
EXCEPTION_GUARD_PAGE                    =       0C0000001h
CONTROL_C_EXIT                          =       0C000013Ah
EXCEPTION_MAXIMUM_PARAMETERS            =       15
EXCEPTION_EXECUTE_HANDLER               =       1
EXCEPTION_CONTINUE_SEARCH               =       0
EXCEPTION_CONTINUE_EXECUTION            =       -1

struc   EXCEPTION_POINTERS
{
.ExceptionRecord                dd      ?
.ContextRecord                  dd      ?
}
struct  EXCEPTION_POINTERS

struc   EXCEPTION_RECORD
{
.ExceptionCode                  dd      ?
.ExceptionFlags                 dd      ?
.ExceptionRecord                dd      ?
.ExceptionAddress               dd      ?
.NumberParameters               dd      ?
.ExceptionInformation           rd      EXCEPTION_MAXIMUM_PARAMETERS
}
struct  EXCEPTION_RECORD

struc   CONTEXT
{
.ContextFlags   dd      ?       ;context flags
.Dr0            dd      ?       ;debug register #0
.Dr1            dd      ?       ;debug register #1
.Dr2            dd      ?       ;debug register #2
.Dr3            dd      ?       ;debug register #3
.Dr6            dd      ?       ;debug register #6
.Dr7            dd      ?       ;debug register #7
.ControlWord    dd      ?       ;fpu context
.StatusWord     dd      ?
.TagWord        dd      ?
.ErrorOffset    dd      ?
.ErrorSelector  dd      ?
.DataOffset     dd      ?
.DataSelector   dd      ?
.RegisterArea   rb      SIZE_OF_80387_REGISTERS
.Cr0NpxState    dd      ?
.SegGs          dd      ?       ;gs register
.SegFs          dd      ?       ;fs register
.SegEs          dd      ?       ;es register
.SegDs          dd      ?       ;ds register
.Edi            dd      ?       ;edi register
.Esi            dd      ?       ;esi register
.Ebx            dd      ?       ;ebx register
.Edx            dd      ?       ;edx register
.Ecx            dd      ?       ;ecx register
.Eax            dd      ?       ;eax register
.Ebp            dd      ?       ;ebp register
.Eip            dd      ?       ;eip register
.SegCs          dd      ?       ;cs register
.EFlags         dd      ?       ;eflags register
.Esp            dd      ?       ;esp register
.SegSs          dd      ?       ;ss register
}
struct  CONTEXT    
Post 30 Aug 2005, 01:23
View user's profile Send private message Visit poster's website Reply with quote
Galkov



Joined: 23 Jul 2005
Posts: 10
Location: Novosibirsk
Galkov
excellent Exclamation
Post 30 Aug 2005, 04:18
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
this also might be useful:
Code:
XCPTLU xcptExceptionCodes[] = { {EXCEPTION_ACCESS_VIOLATION, "EXCEPTION_ACCESS_VIOLATION"},
                                                                {EXCEPTION_ARRAY_BOUNDS_EXCEEDED, "EXCEPTION_ARRAY_BOUNDS_EXCEEDED"},
                                                                {EXCEPTION_BREAKPOINT, "EXCEPTION_BREAKPOINT"},
                                                                {EXCEPTION_DATATYPE_MISALIGNMENT, "EXCEPTION_DATATYPE_MISALIGNMENT"},
                                                                {EXCEPTION_FLT_DENORMAL_OPERAND, "EXCEPTION_FLT_DENORMAL_OPERAND"},
                                                                {EXCEPTION_FLT_DIVIDE_BY_ZERO, "EXCEPTION_FLT_DIVIDE_BY_ZERO"},
                                                                {EXCEPTION_FLT_INEXACT_RESULT, "EXCEPTION_FLT_INEXACT_RESULT"},
                                                                {EXCEPTION_FLT_INVALID_OPERATION, "EXCEPTION_FLT_INVALID_OPERATION"},
                                                                {EXCEPTION_FLT_OVERFLOW, "EXCEPTION_FLT_OVERFLOW"},
                                                                {EXCEPTION_FLT_STACK_CHECK, "EXCEPTION_FLT_STACK_CHECK"},
                                                                {EXCEPTION_FLT_UNDERFLOW, "EXCEPTION_FLT_UNDERFLOW"},
                                                                {EXCEPTION_ILLEGAL_INSTRUCTION, "EXCEPTION_ILLEGAL_INSTRUCTION"},
                                                                {EXCEPTION_IN_PAGE_ERROR, "EXCEPTION_IN_PAGE_ERROR"},
                                                                {EXCEPTION_INT_DIVIDE_BY_ZERO, "EXCEPTION_INT_DIVIDE_BY_ZERO"},
                                                                {EXCEPTION_INT_OVERFLOW, "EXCEPTION_INT_OVERFLOW"},
                                                                {EXCEPTION_INVALID_DISPOSITION, "EXCEPTION_INVALID_DISPOSITION"},
                                                                {EXCEPTION_NONCONTINUABLE_EXCEPTION, "EXCEPTION_NONCONTINUABLE_EXCEPTION"},
                                                                {EXCEPTION_PRIV_INSTRUCTION, "EXCEPTION_PRIV_INSTRUCTION"},
                                                                {EXCEPTION_SINGLE_STEP, "EXCEPTION_SINGLE_STEP"},
                                                                {EXCEPTION_STACK_OVERFLOW, "EXCEPTION_STACK_OVERFLOW"}, { 0, 0 } };
//###########################################################################
XCPTLU xcptExceptionDescriptions[] = {  {EXCEPTION_ACCESS_VIOLATION, "The thread tried to read from or write to a virtual address for which it does not have the appropriate access."},
                                                                                {EXCEPTION_ARRAY_BOUNDS_EXCEEDED, "The thread tried to access an array element that is out of bounds and the underlying hardware supports bounds checking."},
                                                                                {EXCEPTION_BREAKPOINT, "A breakpoint was encountered."},
                                                                                {EXCEPTION_DATATYPE_MISALIGNMENT, "The thread tried to read or write data that is misaligned on hardware that does not provide alignment. For example, 16-bit values must be aligned on 2-byte boundaries; 32-bit values on 4-byte boundaries, and so on."},
                                                                                {EXCEPTION_FLT_DENORMAL_OPERAND, "One of the operands in a floating-point operation is denormal. A denormal value is one that is too small to represent as a standard floating-point value."},
                                                                                {EXCEPTION_FLT_DIVIDE_BY_ZERO, "The thread tried to divide a floating-point value by a floating-point divisor of zero."},
                                                                                {EXCEPTION_FLT_INEXACT_RESULT, "The result of a floating-point operation cannot be represented exactly as a decimal fraction."},
                                                                                {EXCEPTION_FLT_INVALID_OPERATION, "This exception represents any floating-point exception not included in this list."},
                                                                                {EXCEPTION_FLT_OVERFLOW, "The exponent of a floating-point operation is greater than the magnitude allowed by the corresponding type."},
                                                                                {EXCEPTION_FLT_STACK_CHECK, "The stack overflowed or underflowed as the result of a floating-point operation."},
                                                                                {EXCEPTION_FLT_UNDERFLOW, "The exponent of a floating-point operation is less than the magnitude allowed by the corresponding type."},
                                                                                {EXCEPTION_ILLEGAL_INSTRUCTION, "The thread tried to execute an invalid instruction."},
                                                                                {EXCEPTION_IN_PAGE_ERROR, "The thread tried to access a page that was not present, and the system was unable to load the page. For example, this exception might occur if a network connection is lost while running a program over the network."},
                                                                                {EXCEPTION_INT_DIVIDE_BY_ZERO, "The thread tried to divide an integer value by an integer divisor of zero."},
                                                                                {EXCEPTION_INT_OVERFLOW, "The result of an integer operation caused a carry out of the most significant bit of the result."},
                                                                                {EXCEPTION_INVALID_DISPOSITION, "An exception handler returned an invalid disposition to the exception dispatcher. Programmers using a high-level language such as C should never encounter this exception."},
                                                                                {EXCEPTION_NONCONTINUABLE_EXCEPTION, "The thread tried to continue execution after a noncontinuable exception occurred."},
                                                                                {EXCEPTION_PRIV_INSTRUCTION, "The thread tried to execute an instruction whose operation is not allowed in the current machine mode."},
                                                                                {EXCEPTION_SINGLE_STEP, "A trace trap or other single-instruction mechanism signaled that one instruction has been executed."},
                                                                                {EXCEPTION_STACK_OVERFLOW, "The thread used up its stack."}, { 0, 0 } };    
Post 30 Aug 2005, 16:17
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Galkov



Joined: 23 Jul 2005
Posts: 10
Location: Novosibirsk
Galkov
undoubtedly Very Happy
Post 30 Aug 2005, 19:01
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.