Structured Exception Handling
   HOME

TheInfoList



OR:

The
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
family of
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
s employ some specific
exception handling In computing and computer programming, exception handling is the process of responding to the occurrence of ''exceptions'' – anomalous or exceptional conditions requiring special processing – during the execution of a program. In general, an ...
mechanisms.


Structured Exception Handling

Microsoft Structured Exception Handling is the native exception handling mechanism for Windows and a forerunner technology to
Vectored Exception Handling The Microsoft Windows family of operating systems employ some specific exception handling mechanisms. Structured Exception Handling Microsoft Structured Exception Handling is the native exception handling mechanism for Windows and a forerunner te ...
(VEH). It features the finally mechanism not present in standard C++ exceptions (but present in most imperative languages introduced later). SEH is set up and handled separately for each thread of execution.


Usage

Microsoft supports SEH as a programming technique at the compiler level only. MS Visual C++ compiler features three non-standard keywords: __try, __except and __finally — for this purpose. Other exception handling aspects are backed by a number of
Win32 API The Windows API, informally WinAPI, is the foundational application programming interface (API) that allows a computer program to access the features of the Microsoft Windows operating system in which the program is running. Programs can acces ...
functions, for example, RaiseException to raise SEH exceptions manually.


Implementation


IA-32

Each thread of execution in Windows
IA-32 IA-32 (short for "Intel Architecture, 32-bit", commonly called ''i386'') is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the i386, 80386 microprocessor in 1985. IA-32 is the first incarn ...
edition or the
WoW64 In computing on Microsoft platforms, WoW64 (Windows 32-bit on Windows 64-bit) is a subsystem of the Windows operating system capable of running 32-bit applications on 64-bit Windows. It is included in all 64-bit versions of Windows, except in Wi ...
emulation layer for the
x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set architecture, instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new ope ...
version has a link to an undocumented
list A list is a Set (mathematics), set of discrete items of information collected and set forth in some format for utility, entertainment, or other purposes. A list may be memorialized in any number of ways, including existing only in the mind of t ...
at the start of its Thread Information Block. The __try statement essentially calls a compiler-defined EH_prolog function. That function allocates an on the stack pointing to the __except_handler3 function in msvcrt.dll, then adds the record to the list's head. At the end of the __try
block Block or blocked may refer to: Arts, entertainment and media Broadcasting * Block programming, the result of a programming strategy in broadcasting * W242BX, a radio station licensed to Greenville, South Carolina, United States known as ''96.3 ...
a compiler-defined EH_epilog function is called that does the reverse operation. Either of these compiler-defined routines can be inline. All the programmer-defined __except and __finally blocks are called from within __except_handler3. If the programmer-defined blocks are present, the created by EH_prolog is extended with a few additional fields used by __except_handler3. In the case of an exception in
user mode A modern computer operating system usually uses virtual memory to provide separate address spaces or regions of a single address space, called user space and kernel space. This separation primarily provides memory protection and hardware prote ...
code, the operating system parses the thread's list and calls each exception handler in sequence until a handler signals it has handled the exception (by
return value In computer programming, a return statement causes execution to leave the current subroutine and resume at the point in the code immediately after the instruction which called the subroutine, known as its return address. The return address is sav ...
) or the list is exhausted. The last one in the list is always the kernel32!UnhandledExceptionFilter which displays the
General protection fault A general protection fault (GPF) in the x86 instruction set architectures (ISAs) is a fault (a type of interrupt) initiated by ISA-defined protection mechanisms in response to an access violation caused by some running code, either in the kern ...
error message. Then the list is traversed once more giving handlers a chance to clean up any resources used. Finally, the execution returns to
kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
where the process is either resumed or terminated. The patent on this mode of SEH, US5628016, expired in 2014.


x86-64

SEH on 64-bit Windows does not involve a runtime exception handler list; instead, it uses a
stack unwinding In computer science, a call stack is a stack data structure that stores information about the active subroutines and inline blocks of a computer program. This type of stack is also known as an execution stack, program stack, control stack, run- ...
table (UNWIND_INFO) interpreted by the system when an exception occurs. This means that the compiler does not have to generate extra code to manually perform stack unwinding and to call exception handlers appropriately. It merely has to emit information in the form of unwinding tables about the stack frame layout and specified exception handlers.


Support

GCC 4.8+ from
Mingw-w64 Mingw-w64 is a free and open-source suite of development tools that generate Portable Executable (PE) binaries for Microsoft Windows. It was forked in 2005–2010 from MinGW (''Minimalist GNU for Windows''). Mingw-w64 includes a port of the GNU ...
supports using 64-bit SEH for C++ exceptions.
LLVM LLVM, also called LLVM Core, is a target-independent optimizer and code generator. It can be used to develop a Compiler#Front end, frontend for any programming language and a Compiler#Back end, backend for any instruction set architecture. LLVM i ...
clang supports __try on both x86 and x64.


Vectored Exception Handling

Vectored Exception Handling was introduced in
Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...
. Vectored Exception Handling is made available to Windows programmers using languages such as C++ and
Visual Basic Visual Basic is a name for a family of programming languages from Microsoft. It may refer to: * Visual Basic (.NET), the current version of Visual Basic launched in 2002 which runs on .NET * Visual Basic (classic), the original Visual Basic suppo ...
. VEH does not replace Structured Exception Handling (SEH); rather, VEH and SEH coexist, with VEH handlers having priority over SEH handlers. Compared with SEH, VEH works more like kernel-delivered Unix signals.


Notes


References


External links

* * Note that the examples given there do not work as-is on modern Windows systems (post XP SP2) due to the changes Microsoft made to address the security issues present in the early SEH design. The examples still work on later versions of Windows if compiled with /link /safeseh:no. * * * Covers the obscure details needed to get low-level SEH (and particularly SafeSEH) code to work on more modern Windows. * * * * {{cite web, url=https://www.optiv.com/blog/old-meets-new-microsoft-windows-safeseh-incompatibility/, title=Old Meets New: Microsoft Windows SafeSEH Incompatibility, author=Joshua J. Drake, date=10 Jan 2012, access-date=9 January 2017, archive-date=9 January 2017, archive-url=https://web.archive.org/web/20170109184752/https://www.optiv.com/blog/old-meets-new-microsoft-windows-safeseh-incompatibility, url-status=dead An article explaining why Windows 7 SP1 ignores SafeSEH for some older binaries, while Windows XP SP3 honors it. Control flow Microsoft application programming interfaces