结构RUNTIME_FUNCTION [英] Struct RUNTIME_FUNCTION

问题描述

我通过IDA在RUNTIME_FUNCTION结构的.pdata段中找到了一个大数组。
因此，我可以在其中找到信息：从它的编译内容，如何创建它以及如何在C ++中使用它。
请给我本书，或提供具有良好描述和教程的链接，以使用此结构来处理异常和消除异常。

I found a large array in .pdata segment of RUNTIME_FUNCTION structures by IDA. So, where I can find information: from what it's compiled, how I can create this and how to use it in C++. Give me please books, or links with good descriptions and tutorials for exception handling and unwinding with this structure.

推荐答案

您可以在 Microsoft的MSDN 中找到有关RUNTIME_FUNCTION和相关结构的更多信息。

You can find more information on RUNTIME_FUNCTION and related structures at Microsoft's MSDN.

这些结构由编译器生成，并用于实现结构化异常处理。在您的代码执行期间，可能会发生异常，并且运行时系统需要能够遍历调用堆栈以查找该异常的处理程序。为此，运行时系统需要知道函数序言的布局，并保存它们的寄存器，以便正确展开各个函数栈框架。更多详细信息，请此处。

These structures are generated by the compiler and used to implement structured exception handling. During the execution of your code an exception may occur, and the runtime system needs to be able to walk up the call stack to find a handler for that exception. To do so, the runtime system needs to know the layout of the function prologs, which registers they save, in order to correctly unwind the individual function stack frames. More details are here.

RUNTIME_FUNCTION是描述单个函数的结构，它包含展开该函数所需的数据。

The RUNTIME_FUNCTION is the structure which describes a single function, and it contains the data required to unwind it.

如果在运行时生成代码并且需要使该代码可用于运行时系统（因为您的代码调用了可能会引发异常的已编译代码），则可以创建 RUNTIME_FUNCTION 实例，用于每个生成的函数，并填写 UNWIND_INFO ，然后通过调用 RtlAddFunctionTable 。

If you generate code at runtime and need to make that code available to the runtime system (because your code calls out to already compiled code which may raise an exception) then you create RUNTIME_FUNCTION instances for each of your generated functions, fill in the UNWIND_INFO for each, and then tell the runtime system by calling RtlAddFunctionTable.

这篇关于结构RUNTIME_FUNCTION的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！