Exceptions are an important control flow mechanism used in many modern programming languages. They allow for control flow to be diverted directly to an exception handler, and are generally used for handling error conditions. It is hard to reverse engineer binaries containing exception handling since the control flow transitions are not obvious and hidden behind layers of indirection. While some off-the-shelf reverse engineering frameworks support automated recovery of exception information, this process is generally not well-understood and documentation about this process is spread out over multiple standards and varies between implementations.
In this talk, we will approach reverse engineering exceptions from scratch. After a primer on the Intel Itanium C++ ABI, which specifies how language runtimes implement exceptions on different architectures, we will focus on the exception handling data emitted by the compiler. We will show how to parse and understand the call frame information used for unwinding the…
