|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
GH*master Expert Cheater Reputation: 8
Joined: 10 Jan 2008 Posts: 159
|
Posted: Tue Feb 02, 2016 8:04 am Post subject: AA with SEH — Structured Exception Handling (for advanced) |
|
|
This Auto Assembler tutorials about
Structured Exception Handling (for advanced)
Ooh yeah...
If you wish, you can will bypass the application crashes when doing something wrong
Code: |
label(Handler)
label(NoException)
label(ExceptionHandled)
label(lpCaption)
label(lpText)
00270000: // you need create thread on 00270000
pushad
mov esi, Handler
push esi
push fs:[0]
mov fs:[0], esp
mov ecx, [0] // Oh my God, what is it? EXEPTION! Do not worry about it! We have SEH
Jmp NoException
Handler:
mov esp,[esp+0x08]
pop fs:[0]
add esp, 4
popad
// This point if we have exception runnig
Jmp ExceptionHandled
Jmp NoException
NoException:
pop fs:[0] // restore the old EXEPTION
add esp, 0x24 //32+4
ret
ExceptionHandled:
// the exception was eaten
push 0 //uType (0=mb_ok)
push lpCaption
push lpText
push 0 //hWnd
call MessageBoxA
ret
lpCaption:
db 'Exception!' 0
lpText:
db 'You have exception' 0 |
|
|
Back to top |
|
|
Redouane Master Cheater Reputation: 3
Joined: 05 Sep 2013 Posts: 363 Location: Algeria
|
Posted: Tue Feb 02, 2016 8:56 am Post subject: Re: AA with SEH — Structured Exception Handling (for advanc |
|
|
Can you please explain the following lines?
GH*master wrote: |
Code: |
Handler:
mov esp,[esp+0x08]
pop fs:[0]
add esp, 4
popad |
|
before executing the first Handler Instruction,the stack should look like this :
Code: |
----------------------------------------------------------<ESP
|address of the instruction that comes after mov ecx, [0]|
----------------------------------------------------------<ESP+4
|Address to previous handler (previous FS:[0]) |
----------------------------------------------------------<ESP+8
|address of Handler (new handler) |
----------------------------------------------------------<ESP+0xC
|All the saved registers | |
So [esp+8] should be the address of the new handler,why are you moving it to esp?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|