Exception Handling in Windows, types of Exception Handling, Structured Exception Handling and explanation of the ASSUME MASM directive.

Originally posted by Lahar

Can someone, please, explain Exception Handling in Windows and the ASSUME MASM directive?

Example Usage:

I know its something related with exception handling.
But some more information on it will help.
Such as how set it, and how to catch exceptions with a small application..

Thanx in advance
__Lahar__

Exception Handling


A. Types of Exception Handling

Under Windows, there are currently two types of exception handling:

○ Structured Exception Handling (SEH)
○ Vectored Exception Handling (VEH)

Structured Exception Handling, uses stack-based exception nodes. On the x86 architecture, Microsoft uses a pointer value stored at FS:[0] to point to the current exception handler frame. The frame information includes an address to call when an exception occurs.
We will have to dwelve within SEH in more detail for the purposes of your question...

Vectored Exception Handling, was introduced with Windows XP, and is an extension to structured exception handling. An application can register a function to watch or handle all exceptions. Vectored handlers are not frame-based, therefore, you can add a handler that will be called, regardless of where you are in a call frame. Vectored handlers are called in the order that they were added.

To add a vectored exception handler, use the Windows API AddVectoredExceptionHandler.
To remove this handler, use the Windows API RemoveVectoredExceptionHandler.
(Available under Windows XP and above...).

To add a vectored continue handler, use the Windows API AddVectoredContinueHandler.
To remove this handler, use the Windows API RemoveVectoredContinueHandler.
(Available under Windows Vista / Windows XP Professional x64 Edition and above...).

B. Structured Exception Handling in more detail

There are two types of structure exception handlers:

○ The "final" exception handler.
○ The "per-thread" exception handler.

The "final" exception handler supersedes the top-level exception handler that Win32 places at the top of each thread and process. It is called by windows if all other exception handlers fail to deal with an exception, or if the code that caused the exception is not guarded by any other exception handler.
It can be installed by use of the Windows API SetUnhandledExceptionFilter (typically at the entry point of your application or as soon as possible after the enty point) and there is no need to uninstall it, as windows automatically handle the issue.
This type of exception handler cannot be chained (but can be overrided by calling the SetUnhandledExceptionFilter API, defining a different Unhandled Exception Filter procedure), and guards all the code that is executed after the Exception Handler was installed.

The "per-thread" exception handler , is used to protect specific parts of your code. It is called if an exception occurs within the area it guards. This kind of exception handler, is subjectible to chaining.

Example of "per-thread" exception handling:

As you can see in the example (and the attached code), we use the assembler directive ASSUME FS:NOTHING prior to using the FS register.
The reason is that by default, the MASM compiler assumes the use of the FS register to ERROR.

According to the MSDN documentation of the ASSUME directive:

○ ASSUME reg:ERROR, generates an error if the register is used
○ ASSUME reg:NOTHING, removes register error checking.

So, because we must use the FS register to setup the per-thread exception handler, we must remove the error checking for the this register by use of the ASSUME directive with the parameter: NOTHING.
Because it's an instruction to the compiler, nothing in our compiled binary refllects the use of this directive (no extra code is generated by the compiler).
I hope this is clear.

Now, in the attachment you will find an example of both types of Structured Exception Handlers, and as a bonus, an ... unconventional way to handle exceptions in the Final Exception Handler. :)
I hope this is what you asked for...

Closing, with a little reference material...

The MASM directives reference at MSDN, can be found at this link:

● Microsoft Macro Assembler Reference - Directives Reference at MSDN.

References regarding the use of the ASSUME directive, can be found at these links:

● ASSUME - Directives Reference at MSDN.
● Controlling Segments with the ASSUME Directive - The Art of Assembly language programming.

Also, the MASM Reference (masm32.hlp), installed with the MASM32 package explains the use of the ASSUME directive, among others...

References regarding Exception Handling, can be found at these links:

● Win32 Exception handling for assembler programmers, by Jeremy Gordon - A MUST READ!
● Iczelion's PE Tutorial 2: Detecting a Valid PE File - Iczelion makes use of per-thread exception handling at this tutorial...
● Macros for per-thread exception handling, by Rohitab Batra.
● MSJ - A Crash Course on the Depths of Win32� Structured Exception Handling, by Matt Pietrek
● Under the Hood - New Vectored Exception Handling in Windows XP, by Matt Pietrek
● MSJ, Bugslayer, August 1998 - John Robbins (former NUMEGA employee), explains Structured Exception Handling

Attached File ( Number of downloads: 22 )
 Structured.Exception.Handling.zip

Very nice and concise explanation sir samael (or should I say professor :P )

Any additional info regarding TRY and CATCH? :unsure: Sorry, I'm still too much of a Win32 ASM newbie to have a go at this on my own :D

Thanks in advance,

Shell

EDIT: Oops, forgot about FINALLY, and EXCEPT. I know that most documentation regarding SEH include some sort of blurb regarding these but I would still like a samael version (especially if they're incorporated into the example app).

Thanks again

Due to the lack of response I've decided that samael is either very busy or hasn't noticed my request :P

So I did a little digging and stumbled upon the holy grail on the topic of SEH in win32ASM published by an unknown ASM coder named Jeremy Gordon :D

Link: http://www.jorgon.freeserve.co.uk/ExceptFrame.htm

Of most interest to me is that jorgon stuck very close to the construct of SEH as seen from C and implemented it in ASM - simply awesome ;)

Shell

Thanks for sharing, Shell.