[zz]Brief Intro to Structured Exception Handlers (SEH)

http://www.ethicalhacker.net/content/view/309/2/

 

An exception handler is a piece of code that is written inside an application with the purpose of dealing with cleanup activities when the application throws an exception error.  A typical exception handler looks like this:

try {

line = console.readLine();
} catch {

(Exception e) {
console.printLine("Error: " + e.message());
           }
}

When no exception handlers have been coded by a developer, there is a default Structured Exception Handler that is used to handle exceptions within Windows programs. Every process has an OS supplied SEH, and when a Windows program has an exception that it cannot handle itself, control is passed to a SEH address that has code that can be used to show a dialog box explaining that the program has crashed. As seen below:

http://msdn.microsoft.com/en-us/library/ms679270%28v=VS.85%29.aspx
http://www.microsoft.com/msj/0197/exception/exception.aspx

 

 

 

 

 

 

 

 

 

 

 

 

This default handler is seen at 0xFFFFFF and viewable in a debugger as such in the Stack window below. This is the end of the Stack Chain and should always be hit if the program cannot successfully handle crashes.

 

The SEH chain is essentially a linked list that is laid out in a structure similar to the chain below with the default OS handler at the end.

 

Each code block has its own stack frame, and the pointer to the exception handler is part of this stack frame.  Information about the exception handler is stored in an exception_registration structure on the stack. Each record then has the following info:

• A pointer to the next SEH record
• Pointer to address of the exception handler (SE Handler)