No matter how the shellcode has captured control, when it happens, it can register a custom handler of structured exceptions. This can be done as shown in Listing 5.7.
PUSH handler ; Write the address of the custom structured exception handler. PUSH FS:[00000000h] ; Write the address of the pointer to the previous SEH frame. MOV FS, [00000000h], ESP ; Register the new SEH frame.
Now, if the shellcode touches an invalid cell or makes some error of a similar type, the application being attacked won't be closed by the operating system. Control will be returned to the shellcode, informing it that it mustn't access that cell and has to immediately change tactics using other algorithms. The shellcode might cause multiple exceptions, and the main goal for the hacker consists of avoiding stack overflow. The maximum nesting depth is large but still limited.