Sign in to follow this  
Cypherjb

Restrictions on Naked Functions

Recommended Posts

Hey all. I'm currently working on a project that requires the use of naked functions. The problem I'm hitting is that naked functions don't have support for exception handling (for obvious reasons). Is there any way to work around this restriction? I know its impossible to remove the restriction (again obviously, due to the nature of naked functions), but as I've found I can work around some of the restrictions by "proxying" some calls to functions that throw exceptions (this only works sometimes though). (eg Wrapping the function that throws an exception in a second function then calling that second function). So I'm not bombarded with "why do you need naked functions" I shall explain my project. It is a DLL that is injected into another process and hooks certain code chunks to modify functionaility. Because some hooks need to be placed mid-function I need to use naked functions so I can directly manipulate state (change registers, data, etc) or code flow (perform my own calculations, change behaviour, etc) without having to worry about compiler-generated code modifying anything I may rely on. Thanks. EDIT: Should be clear from my question but just in case anyone is unsure I'm working in C++. ;)

Share this post


Link to post
Share on other sites
The workaround is to set up an exception handling frame yourself. That means using "structured exception handling" (SEH) rather than C++ exception handling.

Here are a few links to get you started.

A Crash Course on the Depths of Win32™ Structured Exception Handling

Win32 Exception handling for assembler programmers

google: structured exception handling pietrek Every article or tutorial on the subject that's worth it's salt will reference the Pietrek article linked to above. Pour over several pages of the results of this query as it will turn up many interesting things.

// edit - An important thing to note. Exception handling (SEH or C++) happens on a per thread basis. In the context of dll injection, that means hooking onto the exception handling chain in the thread in the target process. This can invite confusion. All the exception handling code must be located in the dll so that it's loaded into the target process. References to memory in the process that launched the injection can't be counted on to be valid in the target process. On a positive note, kernel32.dll and ntdll.dll are always loaded at the same address in every process, so you might find some leeway regarding references to __except_handler3.



[Edited by - LessBread on October 13, 2008 3:47:56 AM]

Share this post


Link to post
Share on other sites
Quote:
Original post by LessBread
The workaround is to set up an exception handling frame yourself. That means using "structured exception handling" (SEH) rather than C++ exception handling.

Here are a few links to get you started.

A Crash Course on the Depths of Win32™ Structured Exception Handling

Win32 Exception handling for assembler programmers

google: structured exception handling pietrek Every article or tutorial on the subject that's worth it's salt will reference the Pietrek article linked to above. Pour over several pages of the results of this query as it will turn up many interesting things.

// edit - An important thing to note. Exception handling (SEH or C++) happens on a per thread basis. In the context of dll injection, that means hooking onto the exception handling chain in the thread in the target process. This can invite confusion. All the exception handling code must be located in the dll so that it's loaded into the target process. References to memory in the process that launched the injection can't be counted on to be valid in the target process. On a positive note, kernel32.dll and ntdll.dll are always loaded at the same address in every process, so you might find some leeway regarding references to __except_handler3.


Ah of course. I can't believe I didn't think of doing that. So accustomed to C++ exception handling.

I can take it from here now. Thanks for your help. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this