How does this asm code setup SEH?

I grabbed some code from internet, that supposed to handle exceptions with SEH,

  PUSH  OFFSET Handler
  PUSH  FS:[0]
  MOV  FS:[0], ESP

But the FS:[0] should be holding the address of handler instead right?

So mov fs:[0], esp is wrong, because esp currently pointed to the original fs:[0]:

The stack is like this:

| fs:[0]  |  <-- ESP
| handler |

So, shouldn't that be esp + 4 like stuff? I'm obviously wrong, but I don't get why.


  • [fs:0] points to the last element in the linked list of exception handlers.

    Each element contains two things:

    1. the address of the next/previous element
    2. the address of a handler/function

    The code that you presented creates another element, links it to the current/last element, and makes the new element the current/last one.

    Look up Matt Pietrek's articles on SEH. This stuff is described there in greater detail.