RE: [ntdev] Change Thread stack, was Re: About …ZwCreateProcess Well, if you will patch the undocumented SEH structures on the stack - then maybe it will work.
Anyway ExQueueWorkItem is the best way of switching stacks on NT 
Max
----- Original Message -----
From: Bi Chen
To: NT Developers Interest List
Sent: Friday, November 01, 2002 11:31 PM
Subject: [ntdev] RE: Change Thread stack, was Re: About …ZwCreatePro cess
Hi, Max.
Thanks for the comment. Is Mark Rody correct in stating that SEH stores the orginal stack (start) pointer (I believe he is always correct), so switch the stack trick will never work?
Bi
-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Friday, November 01, 2002 11:52 AM
To: NT Developers Interest List
Subject: [ntdev] RE: Change Thread stack, was Re: About …ZwCreateProcess
IIRC the only dedicated TSSs and stacks are for double fault (KiTrap08) and NMI. All other things, including SEH, are running on usual kernel stacks.
Max
----- Original Message -----
From: Bi Chen
To: NT Developers Interest List
Sent: Friday, November 01, 2002 2:13 AM
Subject: [ntdev] RE: Change Thread stack, was Re: About …ZwCreateProcess
You must at least update fields in ETHREAD and tss to reflect ring0 stack change. Otherwise one switch of your thread, you may be back to old one and if that happens a bugcheck is ensured.
I am not sure SHE will use stock any old stack pointer. After an exception, OS is obligated to save the current thread context, including the esp before it calls the your exception handler.
I wonder if the SHE handler works in current thread stack or it has its own dedicate stack (its own tss) in Microsoft implementation. Could some guru or people from Microsoft comment on this?
Bi
-----Original Message-----
From: James Antognini [mailto:xxxxx@mindspring.nospam.com]
Sent: Wednesday, October 30, 2002 1:34 PM
To: NT Developers Interest List
Subject: [ntdev] Re: About …ZwCreateProcess
Expanding the stack is something I’ve wondered about, eg, copying the
stack at procedure entry to a larger area and using a little inline
assembler to point ESP to that area, and of course reversing at
procedure exit. But the technique might get sticky in exception
handling, since the old stack pointer might be squirreled away somewhere
that SEH uses.
What are the known holes?
–
If replying by e-mail, please remove “nospam.” from the address.
James Antognini
You are currently subscribed to ntdev as: xxxxx@appstream.com
To unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to ntdev as: xxxxx@appstream.com
To unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%