The Mysterious Life of an Exception
Error handling is often done using exceptions. Because error code paths represent abnormal program behavior, they are an interesting target for reverse engineering.
Try, catch and throw semantics are straight-forward to use when programming, but what’s happening behind the scenes? On a quest to figure this out, we will follow an exception on its journey from the throw statement all the way to it being caught by its handler. On its way it will interact with many different parts of the program’s runtime, which will use DWARF information to unwind the stack, determining the handler using Language-Specific Data Areas (LSDA), personality routines, and more.
Using what we learnt, we’ll introduce a reverse-engineering plugin for Binary Ninja that extracts exception handling information from ELF and Mach-O binaries.