myued.h

Cracker终结者——提供最优秀的软件保护技术

// return FALSE - bypass  SEH
// return TRUE  - execute SEH

BOOL WINAPI MyUserExceptionDispatcher(PEXCEPTION_RECORD pxcpt, PCONTEXT pcntx) {
  TCHAR Msg[2088/sizeof(TCHAR)];
  PTSTR Info = Msg;
  DWORD i;

  Info += _stprintf(Info,
    _T("%08X=Dispatch==%08X\r\n"),
    GetTickCount(), GetCurrentThreadId()); 

  if(pxcpt) {
    Info += _stprintf(Info,
      _T("ExceptionCode    = %08X\r\n")
      _T("ExceptionFlags   = %08X\r\n")
      _T("ExceptionRecord  = %08X\r\n")
      _T("ExceptionAddress = %08X\r\n")
      _T("NumberParameters = %X\r\n"),
      pxcpt->ExceptionCode, pxcpt->ExceptionFlags, pxcpt->ExceptionRecord,
      pxcpt->ExceptionAddress, pxcpt->NumberParameters);
    if(pxcpt->NumberParameters) {
      for(i = 0; i < pxcpt->NumberParameters; i++)
        Info += _stprintf(Info, _T("xInformation[%X]  = %08X\r\n"), i, pxcpt->ExceptionInformation[i]);
    }
  }

  if(pcntx) {
    if(pcntx->ContextFlags & (CONTEXT_CONTROL ^ CONTEXT_i386)) {
      Info += _stprintf(Info,
        _T("\r\n")
        _T("EIP = %08X\r\n")
        _T("CS  = %08X\r\n")
        _T("EFL = %08X\r\n")
        _T("ESP = %08X\r\n")
        _T("SS  = %08X\r\n")
        _T("EBP = %08X\r\n"),
        pcntx->Eip, pcntx->SegCs, pcntx->EFlags, pcntx->Esp, pcntx->SegSs, pcntx->Ebp);
    }
    if(pcntx->ContextFlags & (CONTEXT_INTEGER ^ CONTEXT_i386)) {
      Info += _stprintf(Info,
        _T("EAX = %08X\r\nECX = %08X\r\nEDX = %08X\r\n")
        _T("ESI = %08X\r\nEDI = %08X\r\n"),
        pcntx->Eax, pcntx->Ecx, pcntx->Edx, pcntx->Esi, pcntx->Edi);
    }
    if(pcntx->ContextFlags & (CONTEXT_SEGMENTS ^ CONTEXT_i386)) {
      Info += _stprintf(Info,
        _T("DS  = %08X\r\nES  = %08X\r\nFS  = %08X\r\nGS  = %08X\r\n"),
        pcntx->SegDs, pcntx->SegEs, pcntx->SegFs, pcntx->SegGs);
    }
    if(pcntx->ContextFlags & (CONTEXT_DEBUG_REGISTERS ^ CONTEXT_i386)) {
      Info += _stprintf(Info,
        _T("DR0 = %08X\r\nDR1 = %08X\r\nDR2 = %08X\r\n")
        _T("DR3 = %08X\r\nDR6 = %08X\r\nDR7 = %08X\r\n"),
        pcntx->Dr0, pcntx->Dr1, pcntx->Dr2, pcntx->Dr3, pcntx->Dr6, pcntx->Dr7);
    }
  }

  Info += _stprintf(Info,
    _T("\r\n\r\n"));

  if(hLogFile != INVALID_HANDLE_VALUE)
    WriteFile(hLogFile, Msg, (Info - Msg)*sizeof(TCHAR), &i, NULL);

  return(TRUE);
}