OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Article Abstract Microsoft Visual C++ is the most widely used compiler for Win32 so it is important for the Win32 reverser to be familiar with its inner working. Being able to recognize the compiler-generated glue code helps to quickly concentrate on the actual code written by the programmer. It also helps in recovering the high-level structure of the program.

In part I of this 2-part article (see also: Part II: Classes, Methods and RTTI), I will concentrate on the stack layout, exception handling and related structures in MSVC-compiled programs. Some familiarity with assembler, registers, calling conventions etc. is assumed.

Full Article ...

Printer Friendly ...

Article Comments

aeppert	Posted: Monday, March 6 2006 12:04.30 CST
Excellent collection of information. Very much worth reading for anyone that deals with Win32.

halvar	Posted: Monday, March 6 2006 13:55.01 CST
Thanks for the article, very useful !

ryanlrussell	Posted: Tuesday, March 7 2006 03:14.46 CST
This is the best collection of SEH info I've seen so far, and your diagrams are gorgeous, too! Would I be very rude to sya that you went over things way WAY too fast? :) I look forward to part II. Let me see if I can't pull some examples to ask you about...

igorsk	Posted: Tuesday, March 7 2006 03:34.02 CST
I'm glad you liked it. And sorry for the speed, I'm not a very good writer :)

Opcode	Posted: Tuesday, March 7 2006 19:11.42 CST
Great article! Looking forward to see the next one! Thank you.

g3nuin3	Posted: Friday, March 17 2006 23:53.00 CST
Great Article. Looking forward to the next one. cheers

randori82	Posted: Saturday, March 25 2006 03:47.57 CST
great article, looking forward to part 2!

tcarter	Posted: Thursday, April 6 2006 21:23.00 CDT
Absolutely awesome article!

SYSOP008	Posted: Monday, April 10 2006 00:03.26 CDT
Wonderful! Really like this one, thanks for your contribution.

winndy	Posted: Monday, April 17 2006 22:11.46 CDT
Great article.But I have a question. In figure SEH4 Stack Layout , why EH Cookie Offset pointer to GS Cookie in stack,while GS Cookie Offset pointer to EH Cookie in stack ? A mistake? Thanks

igorsk	Posted: Tuesday, April 18 2006 07:37.07 CDT
winndy: yep, forgot to fix the arrows while dragging boxes around. Thanks for noting that!

CmJohn	Posted: Friday, May 22 2009 01:08.38 CDT
Great work�� I think there is a clerical error "Stack UInwinding: Automatic destruction of such objects that happens when the control leaves the scope due to an exception. ", is it ought to be "Unwinding"?

lazyworm	Posted: Tuesday, April 20 2010 22:38.55 CDT
that's helpful

voila	Posted: Thursday, July 1 2010 17:40.37 CDT
thanks .... gonna really helpful :) :)

kael	Posted: Wednesday, August 4 2010 02:06.13 CDT
This is good article .. sunshine the understanding of binary-auditing.com for module HLL Mapping and Manual decompilation.

msuarez	Posted: Friday, October 15 2010 08:23.51 CDT
thank you very much!

Donner2011

Posted: Wednesday, December 21 2011 04:02.42 CST

Considerably, the story is in reality the greatest on this noteworthy topic. I agree with your conclusions and will eagerly watch forward to your next updates. Saying nice one will not just be sufficient, for the wonderful clarity in your writing. I will immediately grab your rss feed to stay privy of any updates!
maternity wedding dresses
Pregnancy wedding dresses
maternity dresses for weddings
chiffon maternity wedding dresses
short maternity wedding dresses
plus size maternity wedding dresses
christmas costumes
This is a really good read for me, Must admit that you are one of the best bloggers I ever saw.Thanks for posting this informative article.

There are 31,320 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
hi!	Jul/01
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit