0

I'm doing a project that reorders basic blocks inside a function at runtime in C++ under 64-bit Linux. Of course, the reordering process includes updating instructions like "jmp", etc. One problem is that if (I guess) the compiler (clang++ or g++) determines the try{...} block using a range, i.e., from address1 to address2; the reordered code would have problems (some basic blocks are moved out of range and some new basic blocks are swapped in).

My question is: Does the compiler/program determines the try{...} block using a range? If so, or not, how can I know and modify the corresponding determinants, through which I can recover the try/throw/catch blocks and let the program execute normally after reordering; when the program has been already loaded into memory?

WindChaser
  • 960
  • 1
  • 10
  • 30
  • [Answered on RE.SE](http://reverseengineering.stackexchange.com/questions/6311/how-to-recover-the-exception-info-from-gcc-except-table-and-eh-handle-sections). – Igor Skochinsky Dec 15 '14 at 17:38

1 Answers1

0

FYI, here is the relevant document for LLVM's implementation for try-catch. g++ does something very similar.

When you say by range, I would assume you are thinking the compiler would assume the code instruction from 0x0010 to 0x0020 is code, and instruction from 0x0020 to 0x0024 is for the catch block. From the LLVM specification, it doesn't rely on such assumption.

Edit:

here is some more reading for the implementation for how g++ and clang implements try-catch

leorex
  • 2,058
  • 1
  • 14
  • 15
  • So is it like setjmp/longjmp, which saves the program counter (RIP/EIP) and other registers in setjmp, and restores them later in longjmp? Or does it use another mechanism, nothing to do with program counter? – WindChaser Dec 15 '14 at 07:30
  • so it saves EIP/RIP in the exception table, right? how does it know the range of the try block? i.e., how many code basic blocks in the try{...}. – WindChaser Dec 15 '14 at 22:00
  • and how to know which basic blocks are in the try{...}? – WindChaser Dec 15 '14 at 22:07
  • For the details of the beginning and the end address of a exception block and how the stack unwinds, read the blog posts @Igor Skochinsky referenced in his answer. For the number of 'code basic blocks' in that range, I have absolutely no idea how to retrieve that sort of information – leorex Dec 15 '14 at 23:00