forked from N4NU/scripts_for_RE
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathshow_SEH_chain.py
63 lines (54 loc) · 2.1 KB
/
show_SEH_chain.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/python
#
# (IDA Pro Only) Shows SEH chains (stack and handlers) for all threads.
#
# Author: Satoshi Tanda
#
################################################################################
# The MIT License (MIT)
#
# Copyright (c) 2013 tandasat
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
# the Software, and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
################################################################################
from idc import *
from idaapi import *
from idautils import *
def GetFsBase(tid):
idc.SelectThread(tid)
return idaapi.dbg_get_thread_sreg_base(tid, cpu.fs)
def GetExceptionChain(tid):
fs_base = GetFsBase(tid)
exc_rr = Dword(fs_base)
result = []
while exc_rr != 0xffffffff:
prev = Dword(exc_rr)
handler = Dword(exc_rr + 4)
print '%6d %08X %08X' % (tid, exc_rr + 4, handler)
exc_rr = prev
result.append(handler)
return result
def main():
print 'TID Address Handler'
curr_tid = idc.GetCurrentThreadId()
result = {}
for tid in idautils.Threads():
result[tid] = GetExceptionChain(tid)
idc.SelectThread(curr_tid)
if __name__=='__main__':
main()