archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/base/crts/crtw32/misc/i386/exsup3.asm

343 lines
10 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ;***
  2. ;exsup3.asm
  3. ;
  4. ; Copyright (c) 1994-2001, Microsoft Corporation. All rights reserved.
  5. ;
  6. ;Purpose:
  7. ; Exception handling for i386. This is just the C9.0 version of
  8. ; the language-specific exception handler. The C8.0 version is
  9. ; found in exsup2.asm, and the routines common to both C8 and C9
  10. ; are found in exsup.asm.
  11. ;
  12. ;Notes:
  13. ;
  14. ;Revision History:
  15. ; 01-10-94 PML Create VC/C++ 2.0 (C9.0) version from C8.0 original
  16. ; 01-11-95 SKS Remove MASM 5.X support
  17. ; 04-18-95 JWM Added NLG support
  18. ; 06-07-95 JWM __SetNLGCode() used, for multithread safety.
  19. ; 06-20-95 JWM __SetNLGCode() removed, code passed on stack (11803).
  20. ; 03-09-01 PML Add FPO directives for proper callstacks (vs7#221754)
  21. ; 03-13-02 PML Add anti-hacker security measures
  22. ;
  23. ;*******************************************************************************
  25. ;hnt = -D_WIN32 -Dsmall32 -Dflat32 -Mx $this;
  27. ;Define small32 and flat32 since these are not defined in the NT build process
  28. small32 equ 1
  29. flat32 equ 1
  31. .xlist
  32. include pversion.inc
  33. ?DFDATA = 1
  34. ?NODATA = 1
  35. include cmacros.inc
  36. include exsup.inc
  37. .list
  39. ;REVIEW: can we get rid of _global_unwind2, and just use
  40. ; the C runtimes version, _global_unwind?
  42. extrn __global_unwind2:near
  43. extrn __local_unwind2:near
  44. extrn __NLG_Notify:near
  45. ifndef _NTSUBSET_
  46. extrn __ValidateEH3RN:near
  47. endif
  49. ;typedef struct _EXCEPTION_REGISTRATION PEXCEPTION_REGISTRATION;
  50. ;struct _EXCEPTION_REGISTRATION{
  51. ;/* _esp, xpointers at negative offset */
  52. ; int _esp;
  53. ; PEXCEPTION_POINTERS xpointers;
  54. ; struct _EXCEPTION_REGISTRATION *prev;
  55. ; void (*handler)(PEXCEPTION_RECORD, PEXCEPTION_REGISTRATION, PCONTEXT, PEXCEPTION_RECORD);
  56. ; struct scopetable_entry *scopetable;
  57. ; int trylevel;
  58. ;};
  59. ;private (at negative offsets from node ptr)
  60. _esp = -8
  61. xpointers = -4
  62. _C9_EXCEPTION_REGISTRATION struc ; C9.0 version
  63. ;public:
  64. er_prev dd ? ; prev (common)
  65. er_handler dd ? ; handler (common)
  66. ;private:
  67. scopetable dd ?
  68. trylevel dd ?
  69. _C9_EXCEPTION_REGISTRATION ends
  70. FRAME_EBP_OFFSET equ 16
  72. ;#define EXCEPTION_MAXIMUM_PARAMETERS 4
  73. ;typedef struct _EXCEPTION_RECORD EXCEPTION_RECORD;
  74. ;typedef EXCEPTION_RECORD *PEXCEPTION_RECORD;
  75. ;struct _EXCEPTION_RECORD{
  76. ; NTSTATUS ExceptionCode;
  77. ; ULONG ExceptionFlags;
  78. ; struct _EXCEPTION_RECORD *ExceptionRecord;
  79. ; PVOID ExceptionAddress;
  80. ; ULONG NumberParameters;
  81. ; ULONG ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
  82. ;};
  83. _EXCEPTION_RECORD struc
  84. exception_number dd ?
  85. exception_flags dd ?
  86. exception_record dd ?
  87. exception_address dd ?
  88. number_parameters dd ?
  89. exception_information dd 4 dup(?)
  90. _EXCEPTION_RECORD ends
  91. SIZEOF_EXCEPTION_RECORD equ 36
  93. ;/* following is the structure returned by the _exception_info() intrinsic. */
  94. ;typedef struct _EXCEPTION_POINTERS EXCEPTION_POINTERS;
  95. ;typedef struct EXCEPTION_POINTERS *PEXCEPTION_POINTERS;
  96. ;struct _EXCEPTION_POINTERS{
  97. ; PEXCEPTION_RECORD ExceptionRecord;
  98. ; PCONTEXT Context;
  99. ;};
  100. _EXCEPTION_POINTERS struc
  101. ep_xrecord dd ?
  102. ep_context dd ?
  103. _EXCEPTION_POINTERS ends
  104. SIZEOF_EXCEPTION_POINTERS equ 8
  106. extern __NLG_Destination:_NLG_INFO
  108. assumes DS,DATA
  109. assumes FS,DATA
  111. __except_list equ 0
  113. ;struct _SCOPETABLE_ENTRY{
  114. ; int enclosing_level; /* lexical level of enclosing scope */
  115. ; int (*filter)(PEXCEPTION_RECORD); /* NULL for a termination handler */
  116. ; void (*specific_handler)(void); /* xcpt or termination handler */
  117. ;};
  118. ;struct _SCOPETABLE_ENTRY Scopetable[NUMTRYS];
  119. _SCOPETABLE_ENTRY struc
  120. enclosing_level dd ?
  121. filter dd ?
  122. specific_handler dd ?
  123. _SCOPETABLE_ENTRY ends
  125. BeginCODE
  127. ;EXTERN C __SetNLGCode:near
  129. ;/* _EXCEPT_HANDLER3 - Try to find an exception handler listed in the scope
  130. ; * table associated with the given registration record, that wants to accept
  131. ; * the current exception. If we find one, run it (and never return).
  132. ; * RETURNS: (*if* it returns)
  133. ; * DISPOSITION_DISMISS - dismiss the exception.
  134. ; * DISPOSITION_CONTINUE_SEARCH - pass the exception up to enclosing handlers
  135. ; */
  136. ;int _except_handler3(
  137. ; PEXCEPTION_RECORD exception_record,
  138. ; PEXCEPTION_REGISTRATION registration,
  139. ; PCONTEXT context,
  140. ; PEXCEPTION_REGISTRATION dispatcher)
  141. ;{
  142. ; int ix, filter_result;
  143. ;
  144. ; for(ix=registration->trylevel; ix!=-1; ix=registration->xscope[ix].enclosing_level){
  145. ; /* if filter==NULL, then this is an entry for a termination handler */
  146. ; if(registration->xscope[ix].filter){
  147. ; /* NB: call to the filter may trash the callee save
  148. ; registers. (this is *not* a standard cdecl function) */
  149. ; filter_result=(*registration->xscope[ix].filter)(xinfo);
  150. ; if(filter_result==FILTER_DISMISS)
  151. ; return(-1); /* dismiss */
  152. ; if(filter_result==FILTER_ACCEPT){
  153. ; _global_unwind2(registration);
  154. ; _local_unwind2(registration, ix);
  155. ; (*registration->xscope[ix].specific_handler)(void);
  156. ; assert(UNREACHED); /*should never return from handler*/
  157. ; }
  158. ; assert(filter_result==FILTER_CONTINUE_SEARCH);
  159. ; }
  160. ; }
  161. ; return(0); /* didnt find one */
  162. ;}
  163. db 'VC20' ;; VC/C++ 2.0/32-bit (C9.0) version
  164. db 'XC00' ;; so debugger can recognize this proc (cuda:3936)
  166. xrecord equ [ebp+8]
  167. registration equ [ebp+12]
  168. context equ [ebp+16]
  169. dispatcher equ [ebp+20]
  171. xp equ [ebp-8]
  173. _except_handler3 proc C
  174. ; FPO = 0 dwords locals allocated in prolog
  175. ; 3 dword parameters
  176. ; 10 bytes in prolog
  177. ; 7 registers saved (includes locals to work around debugger bug)
  178. ; 1 EBP is used
  179. ; 0 frame type = FPO
  180. .FPO (0,3,10,7,1,0)
  181. push ebp
  182. mov ebp, esp
  183. sub esp, 8
  184. push ebx
  185. push esi
  186. push edi
  187. push ebp
  189. ;4*4b for callee saves + 4b return address + 4b param = 24
  191. ;DF in indeterminate state at time of exception, so clear it
  192. cld
  194. mov ebx, registration ;ebx= PEXCEPTION_REGISTRATION
  195. mov eax, xrecord
  197. test [eax.exception_flags], EXCEPTION_UNWIND_CONTEXT
  198. jnz _lh_unwinding
  200. ;build the EXCEPTION_POINTERS locally store its address in the
  201. ; registration record. this is the pointer that is returned by
  202. ; the _exception_info intrinsic.
  203. mov xp.ep_xrecord, eax
  204. mov eax, context
  205. mov xp.ep_context, eax
  206. lea eax, xp
  207. mov [ebx.xpointers], eax
  209. mov esi, [ebx.trylevel] ;esi= try level
  210. mov edi, [ebx.scopetable] ;edi= scope table base
  212. ifdef _NTSUBSET_
  213. mov eax, 1
  214. else
  215. push ebx ;validate scopetable against
  216. call __ValidateEH3RN ;* hacker attacks
  217. add esp, 4
  218. endif
  219. or eax, eax
  220. jz short _lh_abort
  222. _lh_top:
  223. cmp esi, -1
  224. je short _lh_bagit
  225. lea ecx, [esi+esi*2] ;ecx= trylevel*3
  226. mov eax, [(edi+ecx*4).filter]
  227. or eax, eax
  228. je short _lh_continue ;term handler, so keep looking
  230. ;clear *all* registers before call, so save ebp and scopetable offset
  231. push esi
  232. push ebp
  234. lea ebp, FRAME_EBP_OFFSET[ebx] ;target frame pointer
  235. xor ebx, ebx ;clear registers to prevent
  236. xor ecx, ecx ;* bleed-through of exploitable
  237. xor edx, edx ;* data
  238. xor esi, esi
  239. xor edi, edi
  241. call eax ;call the filter
  243. pop ebp
  244. pop esi
  245. mov ebx, registration
  247. ; Accept <0, 0, >0 instead of just -1, 0, +1
  248. or eax, eax
  249. jz short _lh_continue
  250. js short _lh_dismiss
  251. ;assert(eax==FILTER_ACCEPT)
  253. ;reload xscope base, cuz it was trashed by the filter call
  254. mov edi, [ebx.scopetable]
  255. ;load handler address before we loose components of address mode
  256. push ebx ;registration*
  257. call __global_unwind2 ;run term handlers
  258. add esp, 4
  260. ;setup ebp for the local unwinder and the specific handler
  261. lea ebp, FRAME_EBP_OFFSET[ebx]
  263. ;the stop try level == accepting except level
  264. push esi ;stop try level
  265. push ebx ;registration*
  266. call __local_unwind2
  267. add esp, 8
  268. lea ecx, [esi+esi*2] ;ecx=trylevel*3
  270. push 01h
  271. mov eax, [(edi+ecx*4).specific_handler]
  272. call __NLG_Notify
  274. ; set the current trylevel to our enclosing level immediately
  275. ; before giving control to the handler. it is the enclosing
  276. ; level, if any, that guards the handler.
  277. mov eax, [(edi+ecx*4).enclosing_level]
  278. mov [ebx.trylevel], eax
  279. mov eax, [(edi+ecx*4).specific_handler]
  280. xor ebx, ebx ;clear registers to prevent
  281. xor ecx, ecx ;* bleed-through of exploitable
  282. xor edx, edx ;* data
  283. xor esi, esi
  284. xor edi, edi
  285. call eax ;call the except handler
  286. ;assert(0) ;(NB! should not return)
  288. _lh_continue:
  289. ;reload the scope table base, possibly trashed by call to filter
  290. mov edi, [ebx.scopetable]
  291. lea ecx, [esi+esi*2]
  292. mov esi, [edi+ecx*4+0] ;load the enclosing trylevel
  293. jmp short _lh_top
  295. _lh_dismiss:
  296. mov eax, DISPOSITION_DISMISS ;dismiss the exception
  297. jmp short _lh_return
  299. _lh_abort:
  300. mov eax, xrecord ;invalid scopetable, return
  301. or [eax.exception_flags], EXCEPTION_STACK_INVALID
  302. _lh_bagit:
  303. mov eax, DISPOSITION_CONTINUE_SEARCH
  304. jmp short _lh_return
  306. _lh_unwinding:
  307. push ebp
  308. lea ebp, FRAME_EBP_OFFSET[ebx]
  309. push -1
  310. push ebx
  311. call __local_unwind2
  312. add esp, 8
  313. pop ebp
  314. ;the return value is not really relevent in an unwind context
  315. mov eax, DISPOSITION_CONTINUE_SEARCH
  317. _lh_return:
  318. pop ebp
  319. pop edi
  320. pop esi
  321. pop ebx
  322. mov esp,ebp
  323. pop ebp
  324. ret
  325. _except_handler3 endp
  327. public __seh_longjmp_unwind@4
  328. __seh_longjmp_unwind@4 proc near
  329. push ebp
  330. mov ecx, 8[esp]
  331. mov ebp, [ecx.saved_ebp]
  332. mov eax, [ecx.saved_trylevel]
  333. push eax
  334. mov eax, [ecx.saved_xregistration]
  335. push eax
  336. call __local_unwind2
  337. add esp, 8
  338. pop ebp
  339. ret 4
  340. __seh_longjmp_unwind@4 endp
  342. EndCODE
  343. END