The UNWIND_INFO is used for x64 exception handling and to unwind the stack. It is pointed to by the RUNTIME_FUNCTION struct.
상속: AbstractStructure
UNWIND_INFO 1 문서
예제 #1
0
        /// <summary>
        ///     Get the UNWIND_INFO from a runtime function form the
        ///     Exception header in x64 applications.
        /// </summary>
        /// <param name="sh">Section Headers of the PE file.</param>
        /// <returns>UNWIND_INFO for the runtime function.</returns>
        private UNWIND_INFO GetUnwindInfo(IMAGE_SECTION_HEADER[] sh)
        {
            // Check if the last bit is set in the UnwindInfo. If so, it is a chained
            // information.
            var uwAddress = (UnwindInfo & 0x1) == 0x1
                ? UnwindInfo & 0xFFFE
                : UnwindInfo;

            var uw = new UNWIND_INFO(Buff, uwAddress.RVAtoFileMapping(sh));

            return(uw);
        }
예제 #2
0
        public void UnwindInfoConstructorWorks_Test()
        {
            var unwindInfo = new UNWIND_INFO(RawStructures.RawUnwindInfo, 2);
            Assert.AreEqual((byte) 0x1, unwindInfo.Version);
            Assert.AreEqual((byte) 0x12, unwindInfo.Flags);
            Assert.AreEqual((byte) 0x33, unwindInfo.SizeOfProlog);
            Assert.AreEqual((byte) 0x5, unwindInfo.FrameRegister);
            Assert.AreEqual((byte) 0x6, unwindInfo.FrameOffset);

            Assert.AreEqual(1, unwindInfo.UnwindCode.Length);
            Assert.AreEqual((byte) 0x77, unwindInfo.UnwindCode[0].CodeOffset);
            Assert.AreEqual((byte) 0x8, unwindInfo.UnwindCode[0].UnwindOp);
            Assert.AreEqual((byte) 0x9, unwindInfo.UnwindCode[0].Opinfo);

            Assert.AreEqual(0xffeeddcc, unwindInfo.ExceptionHandler);
        }