Skip to content
ollysseh ollydbg plugin
Branch: master
Clone or download
Pull request Compare This branch is 7 commits behind marioballano:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Project
external
source
LICENSE.txt
README.md

README.md

###################################################################### Software : OllySSEH /SafeSEH Module Scanner Date : 21 May 2007 Description : OllyDbg /SafeSEH in-memory module scanner Author : Mario Ballano (mballano~gmail.com) Web : http://www.48bits.com/ ######################################################################

This plugin does an in-memory scanning of process loaded modules checking if they were compiled with /SafeSEH, if so it can list the registered handlers (you can follow them at CPU window doing double click ).

This plugin is useful when exploiting vulnerabilities in systems with Software DEP protection.

The plugin lists all loaded modules and can give you the following results for each one:

/SafeSEH Off : No /SafeSEH, jump party ;-)

/SafeSEH ON : /SafeSEH active, you can list registered handles using rigth click.

No SEH : SEH is not active for this module, take a look at PE/COFF specs (IMAGE_DLLCHARACTERISTICS_ NO_SEH)

Error : There was an error reading module structure :-(

######################################################################

References :

http://msdn2.microsoft.com/en-us/library/9a89h429(VS.80).aspx http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx

Greets :

Ruben Santamarta, from http://www.reversemode.com/, for helping me with an anoying unicode/mdi bug in my Visual Studio project! :-)

Cheers,

Mario Ballano

You can’t perform that action at this time.