我正在将dll手动映射到使用(/ EHa)编译的进程。这样可以捕获以下异常。问题是,由于im手动映射了dll,因此未注册异常/功能,一旦执行异常,就会导致程序崩溃。为了解决此问题,我得出结论,我需要使用此函数“ RtlAddFunctionTable(...)”。可悲的是,即时通讯无法获取前两个参数(FunctionTable和EntryCount)来调用该函数。有人可以帮我一下,告诉我如何获取前两个参数吗?
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
RUNTIME_FUNCTION runtimeFunction = ?;
DWORD size = ?;
RtlAddFunctionTable(&runtimeFunction, size, (DWORD64)hModule);
try
{
int var = *reinterpret_cast<int*>(0xFFFF);
}
catch (...)
{
cout << "Exception" << endl;
}
return TRUE;
}
编辑,我解决了:
bool EnableExceptions(DWORD64 moduleBase)
{
PIMAGE_DOS_HEADER pDOSHeader;
PIMAGE_NT_HEADERS pNTHeader;
PIMAGE_OPTIONAL_HEADER pOptHeader;
pDOSHeader = (PIMAGE_DOS_HEADER)moduleBase;
if (pDOSHeader->e_magic != IMAGE_DOS_SIGNATURE)
return false;
pNTHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDOSHeader + pDOSHeader->e_lfanew);
if (pNTHeader->Signature != IMAGE_NT_SIGNATURE)
return false;
pOptHeader = (PIMAGE_OPTIONAL_HEADER)& pNTHeader->OptionalHeader;
if (pOptHeader->Magic != IMAGE_NT_OPTIONAL_HDR_MAGIC)
return false;
PRUNTIME_FUNCTION pFunctionTable = (PRUNTIME_FUNCTION)((DWORD64)pOptHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION].VirtualAddress + moduleBase);
cout << "functionTable " << hex << functionTable << endl;
DWORD sizeFunctionTable = (pOptHeader->DataDirectory[3].Size / (DWORD)sizeof(RUNTIME_FUNCTION));
cout << "functionTableSize " << dec << functionTableSize << endl;
BOOL success = RtlAddFunctionTable(pFunctionTable, sizeFunctionTable, moduleBase);
cout << "RtlAddFunctionTable " << success << endl;
return success;
}
由于要在启用了SEH的情况下构建.DLL,因此所需的信息应该已经在PE文件中。
根据this blog post,PE中的静态表优先于动态添加的表。
如果由于某种原因需要使用自定义表,则由于地址是相对的(RVA),因此需要使用VirtualAlloc为表分配内存和代码。