-
-
[求助]一个关于结构化异常链方面的问题,求高手指教
-
发表于:
2014-4-23 08:18
2525
-
[求助]一个关于结构化异常链方面的问题,求高手指教
问题:这个程序如何正常退出 void PrintHello()函数 ?????
//==================================================
// MYSEH - Matt Pietrek 1997
// Microsoft Systems Journal, January 1997
// FILE: MYSEH.CPP
// To compile: CL MYSEH.CPP
//==================================================
#include "stdafx.h"
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>
void PrintHello()
{
printf("hello\n");
//return 1;
}
DWORD scratch;
EXCEPTION_DISPOSITION
__cdecl
_except_handler(
struct _EXCEPTION_RECORD *ExceptionRecord,
void * EstablisherFrame,
struct _CONTEXT *ContextRecord,
void * DispatcherContext )
{
unsigned i;
// Indicate that we made it to our exception handler
printf( "Hello from an exception handler\n" );
// Change EAX in the context record so that it points to someplace
// where we can successfully write
ContextRecord->Eax = (DWORD)&scratch;
ContextRecord->Eip = (DWORD)PrintHello;
// Tell the OS to restart the faulting instruction
return ExceptionContinueExecution;
}
/* //return ExceptionContinueExecution 反汇编后 执行ret指令后就跳到下面这边了
76FAB499 mov esp,dword ptr fs:[00000000h]
76FAB4A0 pop dword ptr fs:[00000000h]
76FAB4A7 mov esp,ebp
76FAB4A9 pop ebp
76FAB4AA ret 14h
*/
int _tmain()
{
DWORD handler = (DWORD)_except_handler;
void (*pPrint)(void);
pPrint = PrintHello;
pPrint();
__asm
{ // Build EXCEPTION_REGISTRATION record:
push handler // Address of handler function
push FS:[0] // Address of previous handler
mov FS:[0],ESP // Install new EXECEPTION_REGISTRATION -- 保存esp, 在76FAB499 mov esp, dword ptr fs:[00000000h]处恢复
}
__asm
{
mov eax,0 // Zero out EAX
mov [eax], 1 // Write to EAX to deliberately cause a fault
}
printf( "After writing!/n" );
__asm
{ // Remove our EXECEPTION_REGISTRATION record
mov eax,[ESP] // Get pointer to previous record
mov FS:[0], EAX // Install previous record
add esp, 8 // Clean our EXECEPTION_REGISTRATION off stack
}
return 0;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
