十二 发表于 2010-12-18 11:39:22

SEH结构化异常

本帖最后由 十二 于 2011-2-20 14:48 编辑

EXCEPTION_POINTERS结构
typedef strut_EXCEPTION_POINTERS{ 
DWORD pEXCEPTION_RECORD ExceptionRecord
DWORD pCONTEXT ContextRecord            }_EXCEPTION_POINTERS ends

EXCEPTION_RECORD结构
typedef struct _EXCEPTION_RECORD{
    DWORD    ExceptionCode;
    DWORD ExceptionFlags;
    struct _EXCEPTION_RECORD *ExceptionRecord;
    PVOID ExceptionAddress;
    DWORD NumberParameters;
    UINT_PTR ExceptionInformation;
    } EXCEPTION_RECORD;

typedef EXCEPTION_RECORD *PEXCEPTION_RECORD;


CONTEXT结构

typedef struct _CONTEXT {

    //
    // The flags values within this flag control the contents of
    // a CONTEXT record.
    //
    // If the context record is used as an input parameter, then
    // for each portion of the context record controlled by a flag
    // whose value is set, it is assumed that that portion of the
    // context record contains valid context. If the context record
    // is being used to modify a threads context, then only that
    // portion of the threads context will be modified.
    //
    // If the context record is used as an IN OUT parameter to capture
    // the context of a thread, then only those portions of the thread's
    // context corresponding to set flags will be returned.
    //
    // The context record is never used as an OUT only parameter.
    //

    DWORD ContextFlags;

    //
    // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
    // set in ContextFlags.  Note that CONTEXT_DEBUG_REGISTERS is NOT
    // included in CONTEXT_FULL.
    //

    DWORD   Dr0;
    DWORD   Dr1;
    DWORD   Dr2;
    DWORD   Dr3;
    DWORD   Dr6;
    DWORD   Dr7;

    //
    // This section is specified/returned if the
    // ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
    //

    FLOATING_SAVE_AREA FloatSave;

    //
    // This section is specified/returned if the
    // ContextFlags word contians the flag CONTEXT_SEGMENTS.
    //

    DWORD   SegGs;     +8C
    DWORD   SegFs;      +90
    DWORD   SegEs;      +94
    DWORD   SegDs;     +98

    //
    // This section is specified/returned if the
    // ContextFlags word contians the flag CONTEXT_INTEGER.
    //

    DWORD   Edi;      +9C
    DWORD   Esi;      +A0
    DWORD   Ebx;      +A4     
    DWORD   Edx;      +A8
    DWORD   Ecx;      +AC
    DWORD   Eax;      +B0

    //
    // This section is specified/returned if the
    // ContextFlags word contians the flag CONTEXT_CONTROL.
    //

    DWORD   Ebp;      +B4
    DWORD   Eip;      +B8
    DWORD   SegCs;      +BC              // MUST BE SANITIZED      
    DWORD   EFlags;      +C0             // MUST BE SANITIZED
    DWORD   Esp;      +C4
    DWORD   SegSs;      +C8

    //
    // This section is specified/returned if the ContextFlags word
    // contains the flag CONTEXT_EXTENDED_REGISTERS.
    // The format and contexts are processor specific
    //

    BYTE    ExtendedRegisters;

} CONTEXT;
转自WINNT.H


例子下载
页: [1]
查看完整版本: SEH结构化异常