title: structured_exception_handling.md
in 32Bit Windows, Exception Information is stored on the Stack!
Looks like this:
push offset loc_10061C0
mov eax, large fs:0
push eax
mov large fs:0, esp
Exception Information is stored at fs:0. When a Exception occures the OS looks at fs:0 for the Exception Handling Routine, calls it and returns back to the current EIP
The Pointer to the Handler Routine at fs:0 can be overwritten within a Buffer Overflow, so by causing an Exception you can run your own Code