What are the criterias for using SEH in a kernel mode code?

Rotor_Clix · July 18, 2012, 7:32am

Hi

I’m searching for the rules that must be considered when writing a kernel mode code with SEH.

As far as I understand that whatever exception is raised at dispatch_level or higher, SEH doesn’t work. Right?

But being under dispatch _level is enough to make our SEH handler work? what are the criterias?

I couldn’t find any specific documentation or list about what exceptions can be handled by user-defined SEH handler that Windows kernel gives permission to handle the exception.

Can you please give some information about that.

Thanks

Doron_Holan · July 18, 2012, 9:41am

The criteria is that you should be using SEH for only very small chunks of code and ONLY around APIs that are documented to throw an exception on error. In other words, wrapping all your code to catch null or bad memory derefs is the worst thing you can do.

What problem are you trying to solve?

d

debt from my phone

From: xxxxx@gmail.com
Sent: 7/18/2012 4:32 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] What are the criterias for using SEH in a kernel mode code?

Hi

I’m searching for the rules that must be considered when writing a kernel mode code with SEH.

As far as I understand that whatever exception is raised at dispatch_level or higher, SEH doesn’t work. Right?

But being under dispatch _level is enough to make our SEH handler work? what are the criterias?

I couldn’t find any specific documentation or list about what exceptions can be handled by user-defined SEH handler that Windows kernel gives permission to handle the exception.

Can you please give some information about that.

Thanks

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Rotor_Clix · July 18, 2012, 10:46am

Thanks Doron Holan.

I am not trying to solve a particular problem. I am just trying to be sure which exceptions in kernel mode is allowed to handled by SEH Handler. I know that some exceptions than can’t be handled by kernel-mode code even if write an exception handler for that.

There is a list in here:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms679356(v=vs.85).aspx

But it is for user-mode I think.

Which ones of these exception types are allowed to handle by SEH in kernel-mode? I am just trying to learn that.

Doron_Holan · July 18, 2012, 11:19am

Like I said the first time, you don’t really operate with the mindset that it is a list of exceptions. Rather, specific APIs will document they use SEH to return an error and you use SEH around those API calls. For instance, MmProbeAndLockPages, http://msdn.microsoft.com/en-us/library/windows/hardware/ff554664(v=vs.85).aspx, says this

Calls to MmProbeAndLockPages must be enclosed in a try/except block. If the pages do not support the specified operation, the routine raises the STATUS_ACCESS_VIOLATION or other exceptions. For more information, see Handling Exceptions.

See the Handling Exceptions page, http://msdn.microsoft.com/en-us/library/windows/hardware/ff546823(v=vs.85).aspx, for a partial list of APIs (MmMapLockedPages, MmProbeAndLockPages, ProbeForRead, ProbeForWrite)

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Wednesday, July 18, 2012 7:46 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] What are the criterias for using SEH in a kernel mode code?

Thanks Doron Holan.

I am not trying to solve a particular problem. I am just trying to be sure which exceptions in kernel mode is allowed to handled by SEH Handler. I know that some exceptions than can’t be handled by kernel-mode code even if write an exception handler for that.

There is a list in here:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms679356(v=vs.85).aspx

But it is for user-mode I think.

Which ones of these exception types are allowed to handle by SEH in kernel-mode? I am just trying to learn that.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Rotor_Clix · July 18, 2012, 11:54am

Thank you Doron Holan.

Maxim_S_Shatskih · July 23, 2012, 4:44am

> I couldn’t find any specific documentation or list about what exceptions can be handled by user-

defined SEH handler that Windows kernel gives permission to handle the exception.

SEH only works correctly in managed languages. Even in C++ they are a joke - to use SEH in C++ properly, you will need to wrap all non-SEH calls which can fail (like the OS APIs) to RAII wrappers.

So, in Windows kernel, it is just a syntactic sugar which will allow you to place the error-handling code in the end of the function. Look at FASTFAT sample.

The only place in Windows where you must use SEH is the APIs documented to throw exceptions, like MmProbeAndLockPages or CcCopyRead.

Anywhere else this is nonsense. Your code will not become more robust if you will handle access violations using SEH, for instance. You should fix them instead.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Scott_Noone_OSR · July 23, 2012, 12:33pm

“Maxim S. Shatskih” wrote in message news:xxxxx@ntdev…

The only place in Windows where you must use SEH is the APIs
documented to throw exceptions, like MmProbeAndLockPages or CcCopyRead.

Just for the archives, you must also wrap all user pointer accesses in SEH
blocks (though these should be rare for most drivers).

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com