You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Narly and SafeSEH says my module masked.dll is safeSEH OFF. But mona on windbg & Immunity doesn't say the same. Infact, I see 4-6 safeSEH modules with other plugins but mona says all are SEH protected. Probably that's why "!mona seh" results into nothing.
Tested on Windows 7 64-bit with WinDbg:6.12.0002.633 x86 and Immunity v1.85
The text was updated successfully, but these errors were encountered:
0:015> !nmod
00030000 0003c000 CRYPTBASE NO_SEH *ASLR *DEP C:\Windows\syswow64\CRYPTBASE.dll
00230000 00239000 netutils /SafeSEH ON /GS *ASLR *DEP C:\Windows\SysWOW64\netutils.dll
00240000 0024f000 wkscli /SafeSEH ON /GS *ASLR *DEP C:\Windows\SysWOW64\wkscli.dll
00320000 0032d000 wshbth /SafeSEH ON /GS *ASLR *DEP C:\Windows\SysWOW64\wshbth.dll
00330000 0033a000 NO_SEH *ASLR *DEP C:\Program Files (x86)\masked
\masked.dll
0x00330000 | 0x0033a000 | 0x0000a000 | True | True | True | True | False | 2016.0.0.2150 [masked.dll](C:Program Files %28x86%29maskedmasked.dll)
0x40210000 | 0x40215000 | 0x00005000 | False | True | True | True | True | 6.1.7600.16385 [MSIMG32.dll](C:
WindowsSysWOW64MSIMG32.dll)
Log data, item 5
Address=0BADF00D
Message= 0x002b0000 | 0x002ba000 | 0x0000a000 | True | True | True | True | False | 2016.0.0.2150
[masked.dll](C:Program Files %28x86%29maskedmasked.dll)
/SafeSEH Module Scanner, item 5
SEH mode=No SEH
Base=0x560000
Limit=0x56a000
Module version=2016.0.0.2150
Module Name=C:\Program Files (x86)\masked\masked.dll
Narly and SafeSEH says my module masked.dll is safeSEH OFF. But mona on windbg & Immunity doesn't say the same. Infact, I see 4-6 safeSEH modules with other plugins but mona says all are SEH protected. Probably that's why "!mona seh" results into nothing.
Tested on Windows 7 64-bit with WinDbg:6.12.0002.633 x86 and Immunity v1.85
The text was updated successfully, but these errors were encountered: