Go4Expert (http://www.go4expert.com/)
-   Windows (http://www.go4expert.com/articles/windows/)
-   -   Basics of SEH and How it Works? (http://www.go4expert.com/articles/basics-seh-t25124/)

lionaneesh 3Mar2011 00:10

Basics of SEH and How it Works?
SEH stands for Structured Exception Handler as the name suggests it is used to handle exceptions and change the course program towards the code pointed by it...(You’ll get clear image of it.. In the following article..)Its a software method of exception handling... and can handle both software and hardware handling...One fact about Structured Exception Handle is that it is not used by Unix or Linux as its not open source and patented by Borland.. Its only used by windows systems...

How does SEH Works

Every process has some information with it..like the thread id’s etc etc..and TIB (Thread information Block) which contains all the information about the thread and Exception Record list..This list points to the Exception List record...

The exception list record have some data contained in it also.. The exception list contain some nodes[representing each exception] and each node have some data associated with it as well.. At the most basic level it contains ‘Pointer to next Record’ and ‘Pointer to handler’..

One more thing to note is that the SEH is based on a abstract data structure and changes on runtime as a except{} block is found and if no except{} blocks are specified by the developer then the windows uses its own default exceptional handler....

Lets first look at the following pseudo code

  Int *p = 0x41414141;
  *p = 1;
                  printf(“Memory Access denied”);

Here we are basically trying to access a non-existing memory location .. and this would definitely raise an exception in the flow of the program..

Which will cause it to move on to the __except{} block..(As a exception handler is been provided from the developer..)

The figure below will make it clear :-


Exception List at the start of the program :-

=====Record 1========================
|Pointer to next Record = 0xFFFFFFFF |
|Pointer to handler    = OS Handler  |

Exception List when exception{} block is found :-

======Record 2==========================            =====Record 1========================
++++++++++++++++++++++++++++++=+++++++++            ++++++++++++++++++++++++++++++++++++++
|Pointer to next record  = *(Record 1) |            |Pointer to next Record = 0xFFFFFFFF |
+++++++++++++++++++++++++++++++++++++++ ----->-----> ++++++++++++++++++++++++++++++++++++++
|Pointer to handler    = Our handler  |            |Pointer to handler    = OS Handler  |
+++++++++++++++++++++++++++++++=++++++++            ++++++++++++++++++++++++++++++++++++++

So basically the SEH handler is a linked list and as it finds a new except block to the head(top)..

After that as we run from the except{} block the record associated with the exception block is removed..

That’s some basics of SEH .. Stay tuned for more..

lionaneesh 3Mar2011 13:34

Re: Basics of SEH and How it Works?
Viewers Please comment..

alexsmth114 17Mar2011 10:39

Re: Basics of SEH and How it Works?
Some really nice tips!!..

lionaneesh 17Mar2011 11:09

Re: Basics of SEH and How it Works?

Originally Posted by alexsmth114 (Post 80769)
Some really nice tips!!..

Thanks Buddy!

All times are GMT +5.5. The time now is 21:10.