Log in

View Full Version : SetUnhandledExceptionFilter

BeatriX
February 13th, 2005, 09:31
Hi,

I looked for some information on this forum about the problematic api SetUnhandledExceptionFilter but I didn't find anything. I have this problem since a while and I can't resolve it. Example :

If a prog uses SetUnhandledExceptionFilter and just after put a Int 3. OllyDbg can't handle this exception and even if I put a BP on the handler, OllyDbg stop ! Why ? What can I do to pass this exception ?

That is not the same thing if the prog install a SEH by filling FS:[0] with the right handler. There is no problem in that case

Thanks for your answer

Regards,
blabberer
February 13th, 2005, 10:17
SetUnhandledException is used to set the top most handler

get jeremy gordons seh tut and execute the except.exe in it
under olly and out of olly you will see the results are different

with both of them

here is an excerpt from his asm comments

if you run the exe from within olly youwould notice how ever you try you cannot make it put out one of the message box
now find why that happens and you have answer to your question
also i think there is a plugin SetUnhandled Exception filter
some where around

which lets you patch it


;This program only uses Windows message boxes, which is why there is no
;message loop.
;The program has two exception handlers. The final exception handler
;is created first, then a procedure is called which has its own
;per-thread exception handler, capable of swallowing an exception.
;This it does at the option of the user.
;If the user decides to swallow the exception, the program would be able
;to continue to run, but actually in this case it terminates normally.
;If the user decides that the exception should not be swallowed by the
;handler, then the final exception handler is called (on the way to
;program closure). In real life, this handler would be responsible for
;completing logs and records, closing file handles, releasing memory etc.
;But before the program finally finishes, the system calls the per-thread
;exception handler in case there is more clearing up to do in that
;particular stack frame using local data. This is the system unwind.
;
;Written for GoAsm (Jeremy Gordon). Assemble using:-
BeatriX
February 13th, 2005, 10:55
Wonderful Thanks a lot !!! This Plugin is really Great ! Here it is :

hxxp://community.reverse-engineering.net/viewtopic.php?t=3440

Thanks again. I just have to know now what this plugin is doing exactly

Regards,