New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: Make use of x64 unwinding data #2109

Open
yangbowen opened this Issue Jan 22, 2019 · 2 comments

Comments

Projects
None yet
3 participants
@yangbowen
Copy link

yangbowen commented Jan 22, 2019

In Windows x64, programs are required to provide information called "unwinding data" for exception handling and debugging. This information contains useful stuff like function start addresses and end addresses. The debugger may use the unwinding data to show function scopes and the SEH chain.
See x64 exception handling for more details.

@mrexodia mrexodia added the feature label Jan 22, 2019

@mrexodia

This comment has been minimized.

Copy link
Member

mrexodia commented Jan 22, 2019

@Mattiwatti

This comment has been minimized.

Copy link
Contributor

Mattiwatti commented Feb 4, 2019

Adding to this: this is a blog post that uses the unwind data to find an unexported function, but the concept can be easily adapted to something more generically useful such as making use of the RUNTIME_FUNCTION and UNWIND_INFO data to obtain the start and end addresses of e.g. the function EIP is currently in to show the function scope.

(archive.org link because the site seems to be down) https://web.archive.org/web/20180409202525/https://kbdsmoke.me/obtaining-unexported-function-addresses-using-exceptions/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment