1

Topic: Re: singularities of structural exception handling in Win64

What actually Windows business it is multiple or the pointer of a stack 8 in the program is not multiple, time the output agent is all the same already found and flew down it is not necessary to research further? I think business such that the compiler calculates for certain alignment of a stack by a call of functions. He also calculates for it not simply so and that it was possible to use instructions SSE by operation with stack variables. However certainly it would be possible violently  a stack, remembering in it original "irregular" value. The manager takes the following 8 byte "deep into" a stack, hoping that it is the next address of reset, and tries to define nevertheless on them what from known, i.e. the registered subroutines was fulfilled. But it is very shaky and doubtful technology. The technology certainly terrifying in , but has a zero overhead projector in . The most interesting moment in article is not considered: namely that that can be in RtlAddFunctionTable (. RUNTIME_FUNCTION.) - UNWIND_INFO which is including a prompter for that dizassemblera-simulator. Prologues/epilogues of functions  should be not aby-what, and to correspond to simulator possibilities, it as though an agreement part.  64 began to turn a little more further from fans  on . At first, exceptions happen as a result of different errors. At some errors far not the fact that the stack generally contains something reasonable. The technology is invented for "the authorized" exceptions, that is thrown by hands. Serviceability of the program after what thread illegal instruction or the broken storage actually is interesting to nobody.

2

Re: Re: singularities of structural exception handling in Win64

> Concerning alignment of a stack I both with the author and with you agree.  all of them, forgive my French. What for, for example, in lousy API InternetGetConnectedState to use SSE2? The answer: yes it is not used there such commands, it is simple on road one behaved in a queer way wrote >... > movdqa xmmword ptr [rsp+20h], xmm0 > movdqa xmmword ptr [rsp+30h], xmm1 > movdqa xmmword ptr [rsp+40h], xmm2 > movdqa xmmword ptr [rsp+50h], xmm3 > mov rdx, rax > lea rcx, [WININET! Ordinal103+0x43524 > call WININET! DispatchAPICall+0x3f0 (> movdqa xmm0, xmmword ptr [rsp+20h] > movdqa xmm1, xmmword ptr [rsp+30h] > movdqa xmm2, xmmword ptr [rsp+40h] > movdqa xmm3, xmmword ptr [rsp+50h] Well before to do what or outputs would be necessary to glance in WININET! DispatchAPICall+0x3f0. And  than to look in a debugger output generally it would be necessary to adjust characters. > i.e. remembered and recovered these devil's registers. Well, even, if also it is necessary to use inside them - well and  a stack on 16 INSIDE the programs. What for you force all to cut a stack large chunks? It is a part of agreements on a call. > life in the program after an exception can quite > be frequent I saw in programs of a construction of type such: > On underflow begin; x=0; goto m1; end; > ... > x=x/y; > m1: ... Such exception does not lead to falling. 64 flew down always  multiple sizeof (void *) that is 8. To achieve roughness it is possible only the incorrect code, instead of an exception in the correct code,  the compiler taking into account rules known to it. If to write the code on  which does add rsp, 3, and then to catch at the head remains only . As I already told - least authors of agreements  in 64 took care of fans of the warm lamp assembler.

3

Re: Re: singularities of structural exception handling in Win64

O>> Well before to do what or outputs it would be necessary to glance in WININET! DispatchAPICall+0x3f0. And  than to look in a debugger output generally it would be necessary to adjust characters. > did not understand, what characters to adjust? Debazhnye characters. windbg it is adjusted on public  the character-server by two commands:.symfix and.reload > It there was only an illustration of thoughtless saving by a call of the elementary function. From what you took that saving thoughtless, and function the elementary? That for the code about WININET! DispatchAPICall+0x3f0 which it is caused between saving/restoration MMX of registers you looked? Well and to alignment of a stack it generally has no relation. O>> it is a part of agreements on a call. > Lunix without it manages. There it is just remembered that is necessary, instead of generally all > SSE2 are used not often, well and remember them in those rare occurences when them really use At first, it is very often used. Secondly  saving MMX of registers it is direct  always it is not provided calling convention, stack alignment for this purpose is provided only that the compiler could without additional checks in any place use SSE. And MMX the context is saved only if is used. In your example the compiler decided to save SSE before a call of not public function. Its this right as for not public functions the compiler has the right to suppose on volatile/preserved registers. It is assured that about WININET! DispatchAPICall+0x3f0 there is a code which   SSE therefore the compiler and decided to save  a context. And as function about WININET! DispatchAPICall+0x3f0 is not public the compiler has quite the right to place saving/restoration  of a context in the causing code. Agreements about volatile/preserved registers is only for public characters. The compiler is free to optimize internal calls somehow, including without submitting to agreements on saving of registers, and it does it everywhere. In 64 by the way the optimizer became especially malicious. O>> such exception does not lead to falling. 64 flew down always  multiple sizeof (void *) that is 8. To achieve roughness it is possible only the incorrect code, instead of an exception in the correct code,  the compiler taking into account rules known to it. If to write the code on  which does add rsp, 3, and then to catch at the head remains only . As I already told - least authors of agreements  in 64 took care of fans of the warm lamp assembler. > it at all did not understand. In an example it was a question at all of a stack, and about exponent underflow ("underflow") of a variable x type double. In the program in this case to it it is appropriated "pure" 0.0E0. In a number of calculations and it is necessary, but sometimes underflow is a sign of an error of calculation. Hardware interrupt from FPU is intercepted and the variable is adjusted. After an exception the program continues the normal (provided) performance. It was the example on "life after an exception". Once again: there is a code sample when it is is specific this scenario of usage of exceptions works incorrectly on 64? Or your complaints concern only that that difficult all it to understand "by eye" as it all works now and quickly on a knee to process this business  ?

4

Re: Re: singularities of structural exception handling in Win64

O>> Debazhnye characters. windbg it is adjusted on public  the character-server by two commands:.symfix and.reload O>> From what you took that saving thoughtless, and function the elementary? That for the code about WININET! DispatchAPICall+0x3f which it is caused between saving/restoration MMX of registers you looked? Well and to alignment of a stack it generally has no relation. > In my opinion we each other do not understand. What " characters" will be displayed in storage commands? I in Windbg only transited  some tens commands in call InternetGetConnectedState and found out storage/restoration XMM though on sense this function only should get an internal flag. Storage of registers unnecessary in this case demanded stack alignment on 16 and if was not unnecessary XMM, general alignment on 8 suffices. Dejuazhnye characters which would help to understand that for the code is on WININET! DispatchAPICall+0x3f0, probably it would suggest an idea you that InternetGetConnectedState far not so is simple as it seems. For example on my system InternetGetConnectedState simply causes InternetGetConnectedStateEx, and that inside  that does, including a call  and reversal on RPC to system services. O>> in your example the compiler decided to save SSE before a call of not public function. Its this right as for not public functions the compiler has the right to suppose on volatile/preserved registers. > Yes let to itself that wants does inside. And outside of call InternetGetConnectedState what for what functions it INSIDE causes the nobility. If inside there are exotic calls, let inside and understands with additional requirements. And that so before ANY call it is necessary to save and align all. It is dead time and code size magnification. Here which you resulted this code, it as I suppose and there is code InternetGetConnectedState? So it also is INSIDE InternetGetConnectedState. Why you confuses that InternetGetConnectedState saves in itself MMX registers before causing what that the internal giblets (which  SSE)? OO>> Once again: there is a code sample when it is is specific this scenario of usage of exceptions works incorrectly on 64? Or your complaints concern only that that difficult all it to understand "by eye" as it all works now and quickly on a knee to process this business  ? > And again we each other did not understand. And here a stack? The example refuted the statement > "Serviceability of the program after what thread illegal instruction or to the broken storage actually is interesting to nobody". Really we do not understand. I meant that there are two sorts of exceptions. The first - exceptions of level of logic of application. The second - exceptions of protection level of OS from incorrect functioning of the program. You underflow exception - concerns the first. The such cannot lead to an exception handler call on not aligned stack as places from which they can take off are known to the compiler and it  the code so that logic exceptions  on a correct stack. If the exception arises  a rigid error of protection -  incorrectly selected storage or  that that after execution of a stack execution went on the garbage code, it means that program execution is impossible further. That will do, it is necessary to call only on LPC post-mortem . > In my opinion, OS should transfer an exception to the output agent, and further not its dog business is interesting"it to somebody or"is uninteresting". The author of article swears that the exception is, the output agent on it is, and its OS does not cause, because say the stack mandatory should be multiple 8. Well it is not multiple 8, it is hardware after all prohibitions on it is not present? OS what for forbids it? Because there are agreements about adequate  the code which a little above than "is hardware". And according to which flew down should remain always aligned on 8 (and by a call of public function, in its prologue - on 16). If it that suddenly did not become - the code not  means. Time of fans to write quirks on  transited. Now ball corrects . It is pure fabrications of the author. I personally understand developers of OS. The fact of that that a stack appeared not  on 8 specifies in that that  is fatal because in the correct code such should not to happen. So is better to do nothing on this stack not to break still the big fire wood.

5

Re: Re: singularities of structural exception handling in Win64

O>> Why you confuses that InternetGetConnectedState saves in itself MMX registers before causing what that the internal giblets (which  SSE)? > Because I know that do commands SSE2 for which registers XMM are involved. And what for in the subroutine returning the connection status on the Internet, are necessary a command (and registers) processing on two double for time, I do not understand. Yes though and for banal memcpy. Open IDA and rummage under the column of calls of this function. It by the way very branchy. O>> really we do not understand. I meant that there are two sorts of exceptions. The first - exceptions of level of logic of application. The second - exceptions of protection level of OS from incorrect functioning of the program. You underflow exception - concerns the first. The such cannot lead to an exception handler call on not aligned stack as places from which they can take off are known to the compiler and it  the code so that logic exceptions  on a correct stack. > the compiler does not generate any exceptions. On determination the exception can happen in any place. The author of article validly shows that attempt on current contents of a stack to define the subroutine is an unreasoned nonsense. For example, there is a preparation of parameters for an API call. Selected a place, we get the next parameter - an error, the non-initialized pointer - an access exception. , and in a stack still simply garbage (there still placed nothing). The garbage starts to "be researched" OS. Logic exceptions can arise at throw and at arithmetics. The access exception is an exception after which do not live, and survive. Without warranties. Besides, as I understood a problem arose with the code which was  homebrew PL/1 the compiler.  it needed to be begun with that after each instruction  code RSP remained aligned on 8 byte. And not to forget  the correct prologues/epilogues of functions. O>> because there are agreements about adequate  the code which a little above than "is hardware". And according to which flew down should remain always aligned on 8 (and by a call of public function, in its prologue - on 16). If it that suddenly did not become - the code not  means. Time of fans to write quirks on  transited. Now ball corrects . > Above "hardware" anything is not present. Requirements of frequency rate 16 are given not by the agreement, and only used commands of type "Above" of the hardware means under agreements. However , got used to write on   on agreements, they do not understand such concept. . > movdqa xmm0, xmmword ptr [rsp+20h] - reversal to XMM and storages. They give a hardware exception because of not aligned access. > a ridiculous dash: that in a call the stack was multiple 16, outside of a call it should be not multiple 16. > But the author of article not because of it suffered. He agrees with all requirements of a call of functions. But he would like to address at the moment of a step mode exception with a stack as he got used in Win32. And the step mode exception turns in fatal that any odd fellow on the M letter cannot check that during this moment (performance of the next command is simple) the stack is used not as at an API call. SetUnhandledExceptionFilter* it is not intended for implementation , who in a subject is known for a long time to all that it is unreliable. For  is DebugAPI at  there are no such problems since they work through LPC from adjacent process. The author of article went through the river  though  there was a bridge and complains **. * Usage SetUnhandledExceptionFilter for  is especially strange that it does not catch already caught exceptions. I suppose AddVectoredExceptionHandler for  would be more adequate decision, though still not adequate. Setting of the output agent through RtlAddFunctionTable on various addresses is fraught with demolition of other exception handlers written not by the author: in system code and in the indirect code which appeared in its process on what or to the reasons (for example windows hooks dll, COM servers). Besides once RtlAddFunctionTable can refuse to register such function since its range is superimposed with already registered and it will be absolutely right. It is necessary to be accurater. ** I walked through the river  and implemented the similar mechanism in one research project for  a software, and in the friend, not research - for swapping implementation at level . But in difference from the author of article I approximately understood with what I deal and instead of that to complain of the mean microsoftware which is not giving  , is simple  ntdll! KiUserExceptionDispatcher.

6

Re: Re: singularities of structural exception handling in Win64

O>> Yes though and for banal memcpy. > It after all so is banal by means of SSE2. Almost as tonsils autogenous cutting through a bum. If it is more favourable, why is not present? O>> logic Exceptions can arise at throw and at arithmetics. The access exception is an exception after which do not live, and survive. Without warranties. > why? Well addressed to null pointer, happens. What for at once to fall? Well for example, in With null pointer dereferencing is undefined behavior. But  at system level is certainly processed situation. But for this purpose it is necessary to play by rules. Physics laws allow the car to go somehow, but all  eat on roads. When  leaves after the journey and nobody is wound on a pole blames creators of roads/cars. Itself it is guilty. And in this case - that that resolves the processor are laws of physics. But there are also more high-level rules, as that a correctness of prologues/epilogues, mandatory alignment of a stack in any point of execution of the program. The processor allows to break them, but the functional given by OS assumes that those who use it -  conform to the rules. Well and time does not follow also them wound on a pole - are guilty. > I so understood that the problem was in the organization of transmission of objects-lines through a stack. In Win32 all interruptions (including step by step debugging and test points) did not demand any alignment of a stack. In Win64 any exception demands the aligned stack - differently the forced end of the task. In any translator it is easy to provide any alignment. Here it was necessary to change a row layout paradigm in a stack and to finish a system library, instead of the translator. Classical "it worked for me". You relied on not documentary singularities  on a certain platform. Now they changed. Moreover - they can change at any moment, with any . O>> However , got used to write on   on agreements, they do not understand such concept. > Such impression that at you to the assembler something personal ... At me simply quite good such experience in , , asme/dizasme and other this bog therefore I extremely do not divide the decision "and let's make as works, it works". In the beginning it is necessary to read the documentation and to do at once as it is necessary. And only if if as it is necessary does not work as it would be desirable - then already to think about . > In Win32 all was reliable. On all exceptions there is built in response PL/1 run-time libraries, i.e. structural exception handling has already been built initially in language. Therefore all exceptions, and not just debugging also were necessary to the author. And taki-yes, in notorious PL/1 all exceptions share on fatal and not fatal. Differences - what to do if the output agent is not set. Fatal - end the task, not fatal - continue. > the author easily (and it is lawful) disconnected "researches" of a stack, indirect exception handlers go to a garden. > and the problem in Win64 remained exactly one - the exception is, the output agent is, a stack in tolerable limits, but the output agent is caused only on aligned on 8 stack. It contradicts a principle of scalability of OS, and to the processor on this alignment to spit, and to one cretin in a microsoftware - is not present. It is not necessary to confuse the  and "principles of scalability of OS". O>> Setting of the output agent through RtlAddFunctionTable on various addresses is fraught with demolition of other exception handlers written not by the author: in system code and in the indirect code which appeared in its process on what or to the reasons (for example windows hooks dll, COM servers). Besides once RtlAddFunctionTable can refuse to register such function, since Its range is superimposed with already registered and will be absolutely right. It is necessary to be accurater. > once again - all exceptions should transit through a system library on language philosophy. A system library - in sense  it is is specific this language which works UNDER OS Windows? In that case it breaks a principle of sharing of responsibility. As  OS functional - causing system functions,  COM the interface - you should rely on that that this functional is for you a black box. The open interception  you interfere with its operation. As a result some system functions will work not as follows. For example LookupAccountSid instead of error status code reset can throw an exception, since inside it  RPC, and RPC in itself  mechanism SEH. Thus, shorting on itself exception handling, you risk to break another's code which works in your process. It not . Yours it is far not unique in system. But certainly all will always work for the programmer. Problems get out at users.