kcynice
06-02-2008, 11:33 PM
I encouter a strange SEH trick. the code is alike this:
push -1
push 05A2C8D8 ;//I think this should be the exception handler
mov eax,dword ptr fs:[0]
push eax
mov dword ptr fs:[0],esp
sub esp 84h
push ebx
push esi
push edi
mov ebx,27h
mov eax,dword ptr[ebx] ;//here will get an exception
when the exception raised, the control should goto 05A2C8D8, the first exception handler, right? But it's strange that it goes to another address instead! why?What a strange one.
push -1
push 05A2C8D8 ;//I think this should be the exception handler
mov eax,dword ptr fs:[0]
push eax
mov dword ptr fs:[0],esp
sub esp 84h
push ebx
push esi
push edi
mov ebx,27h
mov eax,dword ptr[ebx] ;//here will get an exception
when the exception raised, the control should goto 05A2C8D8, the first exception handler, right? But it's strange that it goes to another address instead! why?What a strange one.