The fundamentals of a structured exception handler
An exception is an event that occurs during the execution of a program. In operating systems, we have two different types of exceptions that are hardware and software. The CPU, while executing some instructions and accessing invalid memory addresses, makes hardware exceptions. The software-based exceptions are initiated by the programs and applications currently running on the operating system.
Structured Exception Handling (SEH) is a mechanism to figure and handle both types of exceptions that occur in an operating system. When we send data to an application in an exploitable environment, it will raise an exception and the exception handler will handle it. This will prevent the target software from crashing. This makes the software free from the overflow attack. Let's discuss how we can handle these situations and how we can bypass the SEH-based protection in applications.
Controlling SEH
The agenda of SEH-based exploitation is to overwrite...