SEH求解惑.如何实现容错,运行2个MessageBox
先帖c, 后面贴的是汇编,和对应exe,
DWORD ThreadProc(LPVOID lpParameter);
void test(void);
int __cdecl _tmain(int argc, _TCHAR* argv[])
{
DWORD tid;
HANDLE th = CreateThread(NULL,0,ThreadProc,NULL,0,&tid);
WaitForSingleObject(th,INFINITE);
MessageBox(NULL,"ThreadOver","test",0);//不执行
return 0;
}
DWORD ThreadProc(LPVOID lpParameter)
{
_asm{
push sehcode;
push dword ptr fs:[0];
mov dword ptr fs:[0],esp;
}
test();
goto endcode;
sehcode:
MessageBox(NULL,"SEH","test",0);//不执行
endcode:
__asm{
pop eax;
pop eax;
}
return 0;
}
void test(void)
{
int a=0;
int b=4;
int c=b/a;
}
//OD汇编
///////////////////////////////////////// main函数
010F1000 >/$ 55 push ebp
010F1001 |. 8BEC mov ebp, esp
010F1003 |. 83EC 08 sub esp, 0x8
010F1006 |. 8D45 F8 lea eax, dword ptr [ebp-0x8]
010F1009 |. 50 push eax ; /pThreadId
010F100A |. 6A 00 push 0x0 ; |CreationFlags = 0
010F100C |. 6A 00 push 0x0 ; |pThreadParm = NULL
010F100E |. 68 50100F01 push 0x10F1050 ; |ThreadFunction = ThreadProc
010F1013 |. 6A 00 push 0x0 ; |StackSize = 0
010F1015 |. 6A 00 push 0x0 ; |pSecurity = NULL
010F1017 |. FF15 00800F01 call dword ptr [0x10F8000] ; \CreateThread
010F101D |. 8945 FC mov dword ptr [ebp-0x4], eax
010F1020 |. 6A FF push -0x1 ; /Timeout = INFINITE
010F1022 |. 8B4D FC mov ecx, dword ptr [ebp-0x4] ; |
010F1025 |. 51 push ecx ; |hObject
010F1026 |. FF15 04800F01 call dword ptr [0x10F8004] ; \WaitForSingleObject
010F102C |. 6A 00 push 0x0 ; /Style = MB_OK|MB_APPLMODAL
010F102E |. 68 8C920F01 push 0x10F928C ; |Title = "test"
010F1033 |. 68 94920F01 push 0x10F9294 ; |Text = "ThreadOver"
010F1038 |. 6A 00 push 0x0 ; |hOwner = NULL
010F103A |. FF15 F0800F01 call dword ptr [0x10F80F0] ; \MessageBoxA
010F1040 > \58 pop eax
010F1041 . 58 pop eax
010F1042 >|. 33C0 xor eax, eax
010F1044 |. 8BE5 mov esp, ebp
010F1046 |. 5D pop ebp
010F1047 \. C3 retn
///////////////////////////////////////// ThreadProc 函数
010F1050 > 55 push ebp
010F1051 8BEC mov ebp, esp
010F1053 68 6F100F01 push 0x10F106F
010F1058 64:FF35 00000000 push dword ptr fs:[0]
010F105F 64:8925 00000000 mov dword ptr fs:[0], esp
010F1066 . E8 25000000 call 010F1090 ; test_debugger_hookdSpinCountrter
010F106B . EB 16 jmp short 010F1083 ; 010F1083
010F106D . EB 14 jmp short 010F1083 ; 010F1083
010F106F 6A 00 push 0x0
010F1071 68 A0920F01 push 0x10F92A0 ; ASCII "test"
010F1076 68 A8920F01 push 0x10F92A8 ; ASCII "SEH"
010F107B 6A 00 push 0x0
010F107D FF15 F0800F01 call dword ptr [0x10F80F0] ; user32.MessageBoxA
010F1083 > 33C0 xor eax, eax
010F1085 . 5D pop ebp
010F1086 . C2 0400 retn 0x4
///////////////////////////////////////// test 函数
010F1090 > $ 55 push ebp
010F1091 > 8BEC mov ebp, esp
010F1093 83EC 0C sub esp, 0xC
010F1096 C745 FC 00000000 mov dword ptr [ebp-0x4], 0x0
010F109D C745 F8 04000000 mov dword ptr [ebp-0x8], 0x4
010F10A4 8B45 F8 mov eax, dword ptr [ebp-0x8]
010F10A7 99 cdq
010F10A8 F77D FC idiv dword ptr [ebp-0x4]
010F10AB 8945 F4 mov dword ptr [ebp-0xC], eax
010F10AE 8BE5 mov esp, ebp
010F10B0 5D pop ebp
010F10B1 > C3 retn
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课