daisy
Reputation: 23511
How does this asm code setup SEH?
I grabbed some code from internet, that supposed to handle exceptions with SEH,
ASSUME FS:NOTHING
PUSH OFFSET Handler
PUSH FS:[0]
MOV FS:[0], ESP
...
But the FS:[0] should be holding the address of handler instead right?
So mov fs:[0], esp is wrong, because esp currently pointed to the original fs:[0]:
The stack is like this:
-----------
| fs:[0] | <-- ESP
-----------
| handler |
-----------
So, shouldn't that be esp + 4 like stuff? I'm obviously wrong, but I don't get why.
Upvotes: 4
Views: 1721
Answers (1)
Alexey Frunze
Reputation: 62068
[fs:0] points to the last element in the linked list of exception handlers.
Each element contains two things:
- the address of the next/previous element
- the address of a handler/function
The code that you presented creates another element, links it to the current/last element, and makes the new element the current/last one.
Look up Matt Pietrek's articles on SEH. This stuff is described there in greater detail.
Upvotes: 8
Related Questions
- Understanding an x86 ASM function in C
- How does this x86 assembly program work
- What does SEG directive do in 8086?
- How this simple code is working in x86 assembly
- Understanding this bit of ASM code
- Assembly code explanation
- Can you help me to explain this code [ASM]
- Need help understanding E8 asm call instruction x86
- Reverse-engineering SEH: Why doesn't my IDENTICAL assembler code work like the original?
- Can anyone help me understand this asm code (It's short)