0

At the moment, I'm aware of two scenarios where windows takes control of a thread's execution due to "Error oriented reasons" (though sometimes used as a code flow mechanisms , such as with try/catch blocks):

  1. SEH (and it's c,c++ wrappers - __try/__except and try/catch respectively) for which there's also an API that one can use to generate his own Exceptions for instance.

  2. stack corruption.

As far as I know, upon occurrence of case (2) the OS shuts down the entire process , without any user notification.

My wonders as follow:

  1. Is there any other documented way for a user-mode application thread to "mess-up" in a manner of OS taking control?

  2. other than stack corruption , is there any scenarios where the entire process shuts down un-notified?

  3. Is there any case where a catch block, a __except block , or even more aggressively , a function in manually placed EXCEPTION_RECORD in FS:[0] (as shown in Pietrek's article) , will not be given control when an exception is being thrown?

friedrich kuhler
  • 101
  • 1
  • 8
  • Exceptions, especially the C++ `throw`/`try`/`catch` are *not* letting the operating system take over. It's all part of the runtime environment of the program. When a C++ exception is thrown, the OS is not involved any more than during normal program execution, from the OS point of view it *is* normal program execution. I don't know about the `__try`/`__except` variant, but I doubt there is any OS involvement in those either. – Some programmer dude Nov 28 '13 at 13:41
  • In language implementations with SEH, not sure if I've ever had such a 'stack corruption' issue. IME, I get an 'Access Violation' SE in the offending thread if I screw up its stack. Maybe I've just been lucky? – Martin James Nov 28 '13 at 13:45
  • @MartinJames try freeing a structure (that should have been only a pointer-to) allocated on the stack with `NetApiBufferFree()`. – friedrich kuhler Nov 28 '13 at 13:52
  • What do you mean by "Windows takes control"? What exactly happens when this occurs? – jalf Nov 28 '13 at 13:53
  • @jalf one of the two mentioned options - a process shut-down , or a call to an exception handler. – friedrich kuhler Nov 28 '13 at 13:56
  • @JoachimPileborg AFAIK, both are actually implemented via `SEH`. see [here](http://stackoverflow.com/questions/7049502/c-try-and-try-catch-finally) – friedrich kuhler Nov 28 '13 at 13:57
  • What exactly do you mean "stack corruption"? DEP for instance rise an exception. – MeNa Nov 28 '13 at 14:03
  • @MeNa see [this](http://stackoverflow.com/a/718513/2916714) – friedrich kuhler Nov 28 '13 at 14:19
  • @friedrichkuhler so your question is really "what can cause the process to crash"? Because that is what the "process shutdown" is, and it is what would have happened when an SEH exception handler kicks in – jalf Nov 28 '13 at 14:37

0 Answers0