About Trap Module Location

OSR_Community_User · December 18, 2001, 11:48pm

Hi,

I have 2 Questions :

I have read in book about Trap Handler location, it says When an
exception occur CPU will transfer control to fixed location to execute Trap
Handler. What is this Fixed location mean ?

Is this something like BOOT strap loader will load MBR to location 0:7C00
always ( This is fixed location and Hardware knows about only about this )

Does Trap handler location is defined by Hardware ?

When Exception occurs OS will get information from FS:[0] and this will
point to structure _NT_TIB ( Thread Information Block )

Does anybody know the details of following structure ( This i have taken
from ntddk.h ):

typedef struct _NT_TIB {
struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
PVOID StackBase;
PVOID StackLimit;
PVOID SubSystemTib;
union {
PVOID FiberData;
ULONG Version;
};
PVOID ArbitraryUserPointer;
struct _NT_TIB *Self;
} NT_TIB;

Does anybody has the structure struct _EXCEPTION_REGISTRATION_RECORD ?
what is FS stands for ? Where do i get more information about this ?

Thanks in Adavance,
Satish K.S

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Eugene · December 19, 2001, 4:01am

Hi, Satish!

typedef struct _EXCEPTION_REGISTRATION_RECORD {
struct _EXCEPTION_REGISTRATION_RECORD *Next;
PVOID Handler;
} EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD;

If you whant to know something else about NT internals try to look
http://www.acc.umu.se/~bosse/ntifs.h
or to buy MS IFS Kit

Eugene.

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · December 19, 2001, 4:25am

Hi Eugene Lomovsky,

Thanks for Reply.

I got another structure exsup.inc from VC++ directory :

;typedef struct _EXCEPTION_REGISTRATION PEXCEPTION_REGISTRATION;
;struct _EXCEPTION_REGISTRATION{
; struct _EXCEPTION_REGISTRATION *prev;
; void (*handler)(PEXCEPTION_RECORD, PEXCEPTION_REGISTRATION, PCONTEXT,
PEXCEPTION_RECORD);
; struct scopetable_entry *scopetable;
; int trylevel;
; int _ebp;
; PEXCEPTION_POINTERS xpointers;
;};
_EXCEPTION_REGISTRATION struc
prev dd ?
handler dd ?
_EXCEPTION_REGISTRATION ends

I didnt understand which one i should consider ?

Regards,
Satish K.S
----- Original Message -----
From: “Eugene Lomovsky”
To: “NT Developers Interest List”
Sent: Wednesday, December 19, 2001 2:28 PM
Subject: [ntdev] RE: About Trap Module Location

> Hi, Satish!
>
> typedef struct _EXCEPTION_REGISTRATION_RECORD {
> struct _EXCEPTION_REGISTRATION_RECORD *Next;
> PVOID Handler;
> } EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD;
>
> If you whant to know something else about NT internals try to look
> http://www.acc.umu.se/~bosse/ntifs.h
> or to buy MS IFS Kit
>
> Eugene.
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@aalayance.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Eugene · December 19, 2001, 6:05am

Hi, Satish!

No matter. Try to explore it under debugger, you must to see two ULONGs… Or
you confused about “prev”/“next” names? >8)

Eugene.

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · December 20, 2001, 5:43pm

> 1) I have read in book about Trap Handler location, it says When an

exception occur CPU will transfer control to fixed location to execute Trap
Handler. What is this Fixed location mean ?

The location which is set in IDT.

Does Trap handler location is defined by Hardware ?

No, by the kernel code which fills the IDT.

Does anybody has the structure struct _EXCEPTION_REGISTRATION_RECORD ?

Try to disassemble __except_handler_3 or the code generated by CL if you use __try/__catch. I had this type of fun about 5 years
ago.

what is FS stands for ? Where do i get more information about this ?

FS is a processor’s segment register. Microsoft uses it for thread info block in user mode and for PCR in kernel mode.
More information > Intel’s x86 manuals.

Max

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · December 20, 2001, 11:23pm

Hi Max,

Thanks for answering. I will try tp gather some info and i will be back
again with doubts.

Regards,
Satish K.S

> 1) I have read in book about Trap Handler location, it says When an
> exception occur CPU will transfer control to fixed location to execute
Trap
> Handler. What is this Fixed location mean ?

The location which is set in IDT.

> Does Trap handler location is defined by Hardware ?

No, by the kernel code which fills the IDT.

> 3) Does anybody has the structure struct _EXCEPTION_REGISTRATION_RECORD
?

Try to disassemble __except_handler_3 or the code generated by CL if you
use __try/__catch. I had this type of fun about 5 years
ago.

> 4) what is FS stands for ? Where do i get more information about this ?

FS is a processor’s segment register. Microsoft uses it for thread info
block in user mode and for PCR in kernel mode.
More information > Intel’s x86 manuals.

Max

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com