New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEH page refresh #2103

Open
packmad opened this Issue Jan 14, 2019 · 0 comments

Comments

Projects
None yet
2 participants
@packmad
Copy link

packmad commented Jan 14, 2019

Would be nice to have a way to refresh the SEH page.

Because when you face the classical 32 bit malware trick (in order to move the newly created record to the top of SEH chain)
mov dword ptr fs:[0],esp

the only way to "refresh" the SEH page is to put a breakpoint on some instruction on the previous first element, then it triggers the update of the SEH page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment