Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Tuesday, March 31 2020 @ 08:38 PM CEST
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

exception handling

 
Post new topic   Reply to topic    www.reversing.be Forum Index -> Code Reversing
View previous topic :: View next topic  
Author Message
dila
Occasional Poster
Occasional Poster


Joined: 13 Jul 2005
Posts: 44
Location: England

PostPosted: Mon May 15, 2006 1:39 pm    Post subject: exception handling Reply with quote

hello,

i'm trying to debug a program using exception handling.

i break inside the exception handling routine, but since it unwinds the stack i have no way of knowing which function raised the exception.

any suggestions?

thanks in advance,
-dila
Back to top
View user's profile Send private message
dila
Occasional Poster
Occasional Poster


Joined: 13 Jul 2005
Posts: 44
Location: England

PostPosted: Mon May 15, 2006 2:02 pm    Post subject: Reply with quote

i actually solved the problem by breaking on sprintf which was used to format the error message.

i'd still like to know any tricks you guys use for dealing with exceptions Smile

-dila
Back to top
View user's profile Send private message
Knight
Regular
Regular


Joined: 21 Aug 2005
Posts: 122

PostPosted: Mon May 15, 2006 4:17 pm    Post subject: Reply with quote

U can make olly to break on exceptions. Or if u're in seh u can check program context, if i correctly remember 3'rd argument to seh handler is pointer to CONTEXT structure, then just check eip value, it should be address of exception.

Regards,
Knight
Back to top
View user's profile Send private message
stingduk
Regular
Regular


Joined: 19 Feb 2005
Posts: 148

PostPosted: Mon May 15, 2006 5:37 pm    Post subject: Reply with quote

you mean its using RtlUnwind() inside the seh ?

then RtlUnwind has a return Address Embedded as a parameter to the function

after unwinding it will return there

im on 9x atm cant confirm or post snippets

but i have successfully broken back on unwinds on w2k

any way
here is the definition of Rtlunwind

void RtlUnwind(
PVOID TargetFrame,
PVOID TargetIp,
PEXCEPTION_RECORD ExceptionRecord,
PVOID ReturnValue
);


target Ip Is where it would return
rightclick on stack --> follow in disassembler -> f2 -> f9
Back to top
View user's profile Send private message
dila
Occasional Poster
Occasional Poster


Joined: 13 Jul 2005
Posts: 44
Location: England

PostPosted: Mon May 29, 2006 1:10 pm    Post subject: Reply with quote

Ah, thanks btw Smile

I'll remember this for next time.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.reversing.be Forum Index -> Code Reversing All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2020 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.71 seconds