Rebuild Exception Information of a x86 64Bit Pe-File Disassembly

[Peter Johnson]

On Thu, 14 Jun 2007, Stefan Sellmer wrote:

> Hi List, In the past i wrote a disassembler which is able to produce 
> recompileable code of programs which are written in C(x68 -32bit 
> pe-files) and are compiled with msvc 7.  After the asm-listing was created 
> by the disassembler, it is was easy to obfuscate it on text level and 
> assemble it again with yasm and then link it again with cl(msvc 7). This 
> was done in order to protect a driver + additional programs from reverse 
> engineering. Now i try the same with x86 64-bit pe-files, but there is 
> one problem, is it possible to rebuild the the Exception Information???

For this application, probably the easiest way to do this is with explicit 
section .xdata and section .pdata.. and converting the disassembly output 
into corresponding db/dd/dq insertions yourself.  Yasm will happily pass 
through .xdata and .pdata sections into the output and I know of at least 
one compiler that does exactly this (generating SEH at that level and just 
passing the raw db's down to the assembler).

-- 
Peter