From b266351be7cd6dd67f13d58bdbda73ac69433f2e Mon Sep 17 00:00:00 2001
From: Ajax <commial@gmail.com>
Date: Thu, 23 Jun 2016 17:41:51 +0200
Subject: From MSDN, SEH valid values are only 0 and 1

---
 miasm2/os_dep/win_api_x86_32_seh.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/miasm2/os_dep/win_api_x86_32_seh.py b/miasm2/os_dep/win_api_x86_32_seh.py
index 5cf96234..962d315f 100644
--- a/miasm2/os_dep/win_api_x86_32_seh.py
+++ b/miasm2/os_dep/win_api_x86_32_seh.py
@@ -684,9 +684,14 @@ def return_from_seh(jitter):
         jitter.pc = jitter.cpu.EIP
         log.info('Context::Eip: %x', jitter.pc)
 
-    elif jitter.cpu.EAX == -1:
-        raise NotImplementedError("-> seh try to go to the next handler")
-
     elif jitter.cpu.EAX == 1:
         # ExceptionContinueSearch
         raise NotImplementedError("-> seh, gameover")
+
+    else:
+        # https://msdn.microsoft.com/en-us/library/aa260344%28v=vs.60%29.aspx
+        # But the type _EXCEPTION_DISPOSITION may take 2 others values:
+        #  - ExceptionNestedException = 2
+        #  - ExceptionCollidedUnwind = 3
+        raise ValueError("Valid values are ExceptionContinueExecution and "
+                         "ExceptionContinueSearch")
-- 
cgit 1.4.1