C++ Debugging (SetUnhandled Exception Filter based on SEH)

Posted by mbtaylor on Tue, 01 Oct 2019 07:06:12 +0200

At last! Finally, the static debugging is serialized. Although it does not include all of them, it also has a preliminary understanding of the outline of the debugging.
But it's only just beginning. It's over a mountain (pit), and there's another mountain (pit) waiting for you (pit).

I just found that csdn also has the function of expressing emotion. Is this the legendary egg?

Reference code:

// Test_Console.cpp: defines the entry point for console applications.
//

#include "stdafx.h"

#include <iostream>
#include <tchar.h>
#include <Windows.h>
#include <stdio.h>
#include <exception> 


#pragma region global variable 
#pragma endregion

#pragma region Dependent function 
#pragma endregion

#pragma region Function function 
   
/*
Abnormal record structure:
	typedef struct _EXCEPTION_POINTERS {
	  PEXCEPTION_RECORD ExceptionRecord;	// Pointer to EXCEPTION_RECORD structure (exception description structure)
	  PCONTEXT          ContextRecord;		// Pointer to CONTEXT structure (register structure)
	} EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
*/
// Top-level exception filter function, you can't put function code in this function (dead loop)
LONG WINAPI ExceptionFilter(PEXCEPTION_POINTERS pExcept)  
{  
	// Skip the following two lines of code:
    // 8900    MOV DWORD PTR DS:[EAX], EAX  
    // FFE0    JMP EAX  
    pExcept->ContextRecord->Eip += 4;  
    
	// Ignore exceptions, otherwise the program will exit
    return EXCEPTION_CONTINUE_EXECUTION;  
}  
   
#pragma endregion

int _tmain(int argc, _TCHAR* argv[])
{
	// Take over top-level exception handlers
    SetUnhandledExceptionFilter(ExceptionFilter);  
   
	// Prevent direct termination after clicking in OD, leaving a reaction time
	MessageBoxW(NULL,L"If the program is debugging, a breakpoint will be triggered...",L"MessageBoxW",NULL);

	// Actively create "illegal address" exception to prevent the program from being debugged
    __asm {  
        xor eax, eax				
        mov dword ptr [eax], eax	
        jmp eax                     
    }  
    
	// Verify that the program is executed properly
    MessageBoxW(NULL,L"See me only when I'm not debugged",L"MessageBoxW",NULL);

	getchar();
	return 0;
}

The main functions are as follows:

Normally run the program, pop-up "only when not debugged can you see me" dialog box (that means the program has been executed here)

Using VS debugging program to report exceptions and debug interruptions

Open the program using the original OD (this is OllyICE original, just Chinese) and click on it to terminate the program directly after it runs.

Topics: Windows

Hot Topics

©2024 Programmer Think