Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Frame troubles (https://forum.exetools.com/showthread.php?t=14605)

Git 10-26-2012 21:11
Frame troubles
 
I'm having trouble understanding what is happening in this code snippet. Quite a few of the Delphi procs start in a similar way with same two FS: statements

Code:
CODE:004BDE62 33 C0                      xor    eax, eax
CODE:004BDE64 55                          push    ebp
CODE:004BDE65 68 FF DE 4B 00            push    offset @@4
CODE:004BDE6A 64 FF 30                    push    dword ptr fs:[eax]
CODE:004BDE6D 64 89 20                    mov    fs:[eax], esp
...
CODE:004BDEFF E9 00 64 F4 FF      @4:    jmp    @HandleFinally
...

  v8 = &v15;
  v7 = v4BDEFF;
  v6 = __readfsdword(0);
  __writefsdword(0, (unsigned int)&v6);
...

In particular, what are the two statements involving FS doing and is there a way to make hexrays do a proper job of handling them?. Sorry for the dumb question, but this is the first time that I've had to look at FS.

Git

mm10121991 10-26-2012 21:15
isn't this just setting a seh handler ??

deepzero 10-26-2012 22:45
yes., because you zeroed eax with the xor.
olly would let you know via a comment... ;)

Git 10-26-2012 23:22
Yes, I suspect it is some kind of exception handler. Is there any way to get hexrays to handle it more elegantly?

Git


All times are GMT +8. The time now is 06:11.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX