Properly handle the variety of exception handlers that MSVC 2010 generates

develop
Quietust 2012-03-03 14:14:31 -06:00
parent 3ae622b0ff
commit 5cdea79a6f
1 changed files with 52 additions and 38 deletions

@ -71,17 +71,26 @@ static ParseCxxHandler(func, handler, fixFunc)
y = x; y = x;
z = x; z = x;
EHCookieOffset=0; GSCookieOffset=0; EHCookieOffset=0; GSCookieOffset=0;
if (matchBytes(x,"8B5424088D420C"))
// 8B 54 24 08 mov edx, [esp+8] // 8B 54 24 08 mov edx, [esp+8]
// 8D 42 0C lea eax, [edx+0Ch] if (matchBytes(x,"8B5424088D02"))
{ x = x+6;
// 8D 02 lea eax, [edx]
else if (matchBytes(x,"8B5424088D42"))
x = x+7;
// 8D 42 xx lea eax, [edx+XXh]
else if (matchBytes(x,"8B5424088D82"))
x = x+10;
// 8D 82 xx xx xx xx lea eax, [edx+XXh]
else {
Message("Function at %08X not recognized as exception handler!\n",x);
return;
}
//EH cookie check: //EH cookie check:
// 8B 4A xx mov ecx, [edx-XXh] // 8B 4A xx mov ecx, [edx-XXh]
// OR // OR
// 8B 8A xx xx xx xx mov ecx, [edx-XXh] // 8B 8A xx xx xx xx mov ecx, [edx-XXh]
// 33 C8 xor ecx, eax // 33 C8 xor ecx, eax
// E8 xx xx xx xx call __security_check_cookie // E8 xx xx xx xx call __security_check_cookie
x = x+7;
if (matchBytes(x,"8B4A??33C8E8")) if (matchBytes(x,"8B4A??33C8E8"))
{ {
//byte argument //byte argument
@ -96,6 +105,9 @@ static ParseCxxHandler(func, handler, fixFunc)
EHCookieOffset = 12 + EHCookieOffset; EHCookieOffset = 12 + EHCookieOffset;
x = x+13; x = x+13;
} }
if (matchBytes(x,"83C0"))
x = x + 3;
// 8B 4A xx add eax, XXh
if (matchBytes(x,"8B4A??33C8E8")) if (matchBytes(x,"8B4A??33C8E8"))
{ {
// 8B 4A xx mov ecx, [edx-XXh] // 8B 4A xx mov ecx, [edx-XXh]
@ -112,9 +124,11 @@ static ParseCxxHandler(func, handler, fixFunc)
GSCookieOffset = 12 + GSCookieOffset; GSCookieOffset = 12 + GSCookieOffset;
x = x+13; x = x+13;
} }
//Message("EH3: EH Cookie=%02X, GSCookie=%02X\n",EHCookieOffset, GSCookieOffset); //Message("EH3: EH Cookie=%02X, GSCookie=%02X\n",EHCookieOffset, GSCookieOffset);
}
if (Byte(x)==0xB8) { if (Byte(x)==0xB8) {
// 8B 4A xx xx xx mov eax, offset FuncInfo
x = Dword(x+1); x = Dword(x+1);
} }
else { else {