I wrote the following code to learn Exception,
DWORD ExceptionHandler(void)
{
printf("Exception handler!\n";
ExitProcess(1);
}

void CreateException(char * input)
{

int zero=0;
__asm int 3
__try
{

zero=1/zero;
}
__except(Exceptionhandler()){}
}

When the code runs at the statement "zero=1/zero;", Ollydbg shows the message: "use shift+F7/F8/F9 to pass exception to program".

However, when I press these shortcuts, Ollydbg doesn't pass the exception to the ExceptionHandler function, but to run instructions in ntdll.dll.

Why does the situation happen?
How can the code directly run into the ExceptionHandler function at the statement "zero=1/zero;" when I press these hot keys(e.g. shift+/F8)?

PS. "Debugging options"-> "Exceptions": only "Ignore memory access violations in KERNEL32" enabled

are u putting a breakpoint at the exception handler? Go to the SEH chain and locate the exception handler and put a breakpoint there

I consider when the exception happens, the first instruction of the exception handler will automatically be set as the current instruction in EIP register by CPU (for x86, modify CONTEXT structure's Eip field) .

Why unexpectedly runs instructions in ntdll.dll? Thanks!

the first problem is __asm int 3 this lies outside the try/catch block and hence will not be handled by the handler u have defined, it will be handled by the previous handler that u have defined, and if not, as in my case when i checked the code will be handled by the default windows handler where u will see a windows exception dialog box.

i am using olly 1.10 and i have to specifically place the breakpoint at the handler for it to stop there, i checked it again when u rasied the doubt abt it.

Let me know, if there are any corrections needed in what i mentioned above.