PDA

View Full Version : Handling access violation exceptions


leakymingebox
March 6th, 2010, 13:22
Hi all,

I'm trying to make a small tool that allows me to 'freeze' a memory location and prevent all writes to that address from changing the contents. I have hardware breakpoints working fine, but I need more than 4. So I am looking at protecting the appropriate page[S] as read-only, then handling the access violation exceptions.

Once I've caught the exception I need to do 2 things:

1. If the violation was caused by writing a different address in that page, then I want to perform the write operation myself and continue running. Do you know how I can get the information on the *value* that was being written? I can get the address easy enough from ExceptionInformation[0] but I don't see where the value comes from.

2. In all cases I want to continue running the target from after the instruction that caused the exception. The CONTEXT->Eip holds the address of the exception-causing instruction. Is there an easy way to get the address of the next instruction, or do I need to manually part-disassemble the current one myself, and figure out how big it is (and therefore where the next one would start)?

Thanks.

aqrit
March 6th, 2010, 16:48
save the values of the frozen locations and step to the next instruction
then restore the frozen values?

leakymingebox
March 6th, 2010, 17:18
Quote:
[Originally Posted by aqrit;85588]save the values of the frozen locations and step to the next instruction
then restore the frozen values?


That's so simple it's brilliant. Worked like a charm.
Sometimes you can't see the wood for the trees, huh.
Big thanks.

Indy
March 7th, 2010, 02:35
leakymingebox
That is, you need to trace the call to a specific region of memory?
In this case, a pointer to this memory area is stored in what is the variables that are known. Use the technique of capturing the destruction of pointers. You do not have problems with multithreading, and security attributes of pages do not need to restore. Technique is to create a segment below the target area of memory and load it selector in the context when an exception occurs. Access will be made to the new segment. This task was implemented in the engine IDP (Intercept the Destruction of Pointers).