flat assembler
Message board for the users of flat assembler.

Index > Heap > fault code that doesn't generate any error :S

Author
Thread Post new topic Reply to topic
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Code:
format PE GUI 4.0

mov [fs:0],eax
mov [0], eax
; Privileged instructions that are never reached because of the access violation above (which isn't prompted to user)
lidt [eax]
lgdt [eax]
lldt [eax]

int3 ; Never reached    


By some reason if "mov [fs:0],eax" is present no error message is displayed. Any ideas of why this happens?

PS: Notice that if I run it inside ollydbg I reach "mov [0], eax".
Post 08 Sep 2006, 14:37
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
i suggest you to find some information about windows SEH - read the board, there were some docs on this
Post 08 Sep 2006, 14:40
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I thought that [FS:0] was the first TLS slot Razz
http://www.woodmann.com/crackz/Tutorials/Seh.htm

Thanks!!
Post 08 Sep 2006, 14:57
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
but if EAX doesn't contain some predefined Thread Information Block pointer on entry, then it is clear why it fails - read that document Exception handling in practice -> The Windows sequence -> 2

Razz Razz
Post 08 Sep 2006, 15:11
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Yes, I see the problem now, I was confused about what is hold at address [FS:0]. http://board.flatassembler.net/topic.php?p=43728#43728 <- Here the correct location of the TLS array

Cheers
Post 08 Sep 2006, 15:33
View user's profile Send private message Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
locodelassembly wrote:
Yes, I see the problem now, I was confused about what is hold at address [FS:0]. http://board.flatassembler.net/topic.php?p=43728#43728 <- Here the correct location of the TLS array

Cheers


as vid said, you should look into structured exception handling - SEH

http://win32assembly.online.fr/tutorials.html
at the bottom of the page look for
'Structured Exception Handling in Win32asm'
and
'Structured Exception Handling in ASM'

_________________
When We Ride On Our Enemies
support reverse smileys |:
Post 08 Sep 2006, 16:39
View user's profile Send private message MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I don't know another way how to tell it. I understood the problem, I was surprised because I thought that TLS slots was stored from [FS:0] to [FS:$FF] but after vid points me that about SEH I checked it and I noticed my mistake. Since I'm storing garbage at [FS:0] (which is the pointer to the first SEH structure chain instead of first TLS slot) the process is simple killed when an exception occurs because of the lack of an exception handler.

Hope this time I was clear Razz

Regards
Post 08 Sep 2006, 17:33
View user's profile Send private message Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
I realized that, but provided links incase you're would be interested in SEH too Smile
Post 08 Sep 2006, 17:51
View user's profile Send private message MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I read it (not in deep detail) some years ago (that's the reason why I forgot that about [FS:0] Razz). I also read TLS implementation some years ago (this has contributed in the confusion too).

Possibly before December 25th I'll re-read both subjects because I'm planning to do a mini-project using both things (if the time let's me to do it before December 25th).

Cheers
Post 08 Sep 2006, 17:58
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.