Everybody likes automation (!exchain) – Exception Handling (Part 5)

This is the last post related to the internals of structured exception handling (SEH). In this post, we look at the summary of the exception handling and dispatching, a WinDbg extension ‘exchain’ to view the chain of registered exception handlers.  We start by inspecting the disassembly of the exception handling code. We look at how the exception handler frames are created on the stack and unwinded as the programs execute. Next, we use the WinDbg extension to display the exception registration records and understand the nested structure in case of nested __try, __except block. It is expected that the reader has some knowledge of C and WinDbg or any other related debugging tool.

Revisiting Try-Except

Let’s take a look at the code and compiler-generated disassembled code again to understand how the registration record is created:

Continue reading “Everybody likes automation (!exchain) – Exception Handling (Part 5)”