I am trying to make a simple handler and this is my code. If excution can be continued, after calling user defined cleanup procedure I try to resume execution by restoring ebp, esp and setting new offset but it doesn't seam to work.
What is wrong with this code:
What is wrong with this code:
SEHFinalHandler PROC ExceptionPointers :DWORD
call lpUserFinalHandler
test eax, eax
jz @F
mov eax, ExceptionPointers
mov eax, [eax].EXCEPTION_POINTERS.pExceptionRecord
mov eax, [eax].EXCEPTION_RECORD.ExceptionFlags
test eax, eax
jnz @F
mov eax, ExceptionPointers
mov eax, [eax].EXCEPTION_POINTERS.ContextRecord
mov ecx, SEHSavedData._ebp
mov [eax+0B4h], ecx
mov ecx, SEHSavedData._esp
mov [eax+0C4h], ecx
mov ecx, SEHSavedData._offset
mov [eax+0D8h], ecx
xor eax, eax
dec eax
ret
@@:
invoke MessageBox, NULL, offset szExceptionAutoGeneratedErrorMessage, NULL, MB_ICONEXCLAMATION or MB_SYSTEMMODAL
xor eax, eax
inc eax
ret
SEHFinalHandler ENDP
Hello guys, wake up :) I know some SEH discussions have been made here before but I can't find anything relevant to what I'm trying to achieve. Well actually I'm posting just to bring the question back on the top of the stack :alright:
mov ecx, SEHSavedData._offset
mov [eax+0D8h], ecx
CONTEXT.regEip is at B8h, not D8h.
Spasiba prijatelu :)
Works like a charm now!
Works like a charm now!