View Full Version : what fuction of this code be done
Limee AKA Lamer
August 30th, 2004, 07:31
004020AF is the Exception Handle entrance
004020AF CALL 402103 --->
00402103 > XOR EAX,EAX
00402105 POP ESI
00402106 MOV EBX,DWORD PTR FS:[EAX]
~~~~~~~~~~~~~~~~~~~~~~~~~~
which point is the EBX Point to??
00402109 MOV EBX,DWORD PTR DS:[EBX]
0040210B LEA ESP,DWORD PTR DS:[EBX-2A]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
especially this instruction,i cant't understand what
fuction does it achieve
When the instruction be stepped,the point of the
context has be changed.
please tell me,why???
0040210E POP EBP
nikolatesla20
August 30th, 2004, 08:59
The FS register is used in Windows systems for exception handling. As you can see, the first MOV EBX, DWORD PTR FS:[EAX] moves in FS:[0] (since EAX is XORED). This moves in the pointer to the first exception handler structure into EBX.
A good reference to check out to understand this better is found here.
hxxp://www.jorgon.freeserve.co.uk/ExceptFrame.htm
-nt20
naides
August 30th, 2004, 09:00
Quote:
[Originally Posted by limee]004020AF is the Exception Handle entrance
004020AF CALL 402103 --->
00402103 > XOR EAX,EAX EAX is now 0
00402105 POP ESI
00402106 MOV EBX,DWORD PTR FS:[EAX]
~~~~~~~~~~~~~~~~~~~~~~~~~~
which point is the EBX Point to??
It points to The address at FS:[0] Which is the top of the Exeption Handler sturctures chained list
00402109 MOV EBX,DWORD PTR DS:[EBX] But that value is discarded in the next move and replaced to the pointer to the SEH structure, Now EBX points to the structure, before was a pointer to a pointer
0040210B LEA ESP,DWORD PTR DS:[EBX-2A]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now the Stack Pointer is replaced with data contained in the SEH structure pointed by EBX
especially this instruction,i cant't understand what
fuction does it achieve
When the instruction be stepped,the point of the
context has be changed.
please tell me,why??? I don't Know, need more info
0040210E POP EBP |
In red
naides
August 30th, 2004, 13:45
Sorry, I did not see Nikola's Answer before I posted
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.