Structured Error Handling

[Laocoon]

I'm guessing when an error handler is called, CONTEXT (32bit) is being passed along and Microsoft hasn't added a CONTEXT (64bit) structure. Do we just lose the rest of the registers? Am I wrong or is this a little lacking?



This switching from 32 -> 64 bit programming is quite confusing when trying to figure out when and where you have/get to use 64bits... Looks like window's 64bit is a hack job...

[Bryant Keller]

I'm guessing when an error handler is called, CONTEXT (32bit) is being passed along and Microsoft hasn't added a CONTEXT (64bit) structure. Do we just lose the rest of the registers? Am I wrong or is this a little lacking?

CONTEXT is architecture dependent. This means the contents are different from each processor. Under win64 the structure (as defined by MSDN) has changed quite a bit.

Code: [Select]

typedef struct DECLSPEC_ALIGN(16) _CONTEXT {
    DWORD64 P1Home;
    DWORD64 P2Home;
    DWORD64 P3Home;
    DWORD64 P4Home;
    DWORD64 P5Home;
    DWORD64 P6Home;
    DWORD ContextFlags;
    DWORD MxCsr;
    WORD   SegCs;
    WORD   SegDs;
    WORD   SegEs;
    WORD   SegFs;
    WORD   SegGs;
    WORD   SegSs;
    DWORD EFlags;
    DWORD64 Dr0;
    DWORD64 Dr1;
    DWORD64 Dr2;
    DWORD64 Dr3;
    DWORD64 Dr6;
    DWORD64 Dr7;
    DWORD64 Rax;
    DWORD64 Rcx;
    DWORD64 Rdx;
    DWORD64 Rbx;
    DWORD64 Rsp;
    DWORD64 Rbp;
    DWORD64 Rsi;
    DWORD64 Rdi;
    DWORD64 R8;
    DWORD64 R9;
    DWORD64 R10;
    DWORD64 R11;
    DWORD64 R12;
    DWORD64 R13;
    DWORD64 R14;
    DWORD64 R15;
    DWORD64 Rip;
    union {
        XMM_SAVE_AREA32 FltSave;
        struct {
            M128A Header[2];
            M128A Legacy[8];
            M128A Xmm0;
            M128A Xmm1;
            M128A Xmm2;
            M128A Xmm3;
            M128A Xmm4;
            M128A Xmm5;
            M128A Xmm6;
            M128A Xmm7;
            M128A Xmm8;
            M128A Xmm9;
            M128A Xmm10;
            M128A Xmm11;
            M128A Xmm12;
            M128A Xmm13;
            M128A Xmm14;
            M128A Xmm15;
        };
    };
    M128A VectorRegister[26];
    DWORD64 VectorControl;
    DWORD64 DebugControl;
    DWORD64 LastBranchToRip;
    DWORD64 LastBranchFromRip;
    DWORD64 LastExceptionToRip;
    DWORD64 LastExceptionFromRip;
} CONTEXT, *PCONTEXT;

This switching from 32 -> 64 bit programming is quite confusing when trying to figure out when and where you have/get to use 64bits... Looks like window's 64bit is a hack job...

I completely understand. I'm still using 32-bit systems and I don't really see myself updating to 64-bit anytime soon (unless someone wants to buy me new hardware, lol). To be honest, rather than going to x64 I went a different route and started coding on embedded systems more often.

[Laocoon]

So under 64 bit windows, If the program is running in 32bit mode, CONTEXT is passed to your SEH handler; but in 64bit mode _CONTEXT is passed to your SEH handler? Is there a call you can use inside the SEH handler to determine if the program is using 32/64 bit?

I may just go back to 32bit. *most* of my programming is from reverse engineering games. And most games are 32bit for compatibility....

To be honest, rather than going to x64 I went a different route and started coding on embedded systems more often.

If I wasn't doing so much reverse engineering/modifying of other code, I would consider it.

[Bryant Keller]

Since I don't use Win64 I can only assume that is accurate.