diff options
| author | Caroline Leman <CarolineLe@users.noreply.github.com> | 2020-05-03 12:21:04 +0200 |
|---|---|---|
| committer | Caroline Leman <CarolineLe@users.noreply.github.com> | 2020-05-03 12:21:04 +0200 |
| commit | e557fd1a557162b2cc53519f97a241c0a21f1712 (patch) | |
| tree | e5b150f8b9d16dba528184d84305ca30a4eee396 | |
| parent | 04c17c687c2f0b3f4af474c50bd48f7d8c46663f (diff) | |
| download | miasm-e557fd1a557162b2cc53519f97a241c0a21f1712.tar.gz miasm-e557fd1a557162b2cc53519f97a241c0a21f1712.zip | |
Win_seh: fix predecessor of first entry
Diffstat (limited to '')
| -rw-r--r-- | miasm/os_dep/win_api_x86_32_seh.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/miasm/os_dep/win_api_x86_32_seh.py b/miasm/os_dep/win_api_x86_32_seh.py index 90f4b39b..57416477 100644 --- a/miasm/os_dep/win_api_x86_32_seh.py +++ b/miasm/os_dep/win_api_x86_32_seh.py @@ -189,18 +189,23 @@ def build_ldr_data(jitter, modules_info): "Loader struct" ) # (ldrdata.get_size() - offset)) + last_module = modules_info.module2entry[ + modules_info.modules[-1]] + if main_pe: ldrdata.InLoadOrderModuleList.flink = main_addr_entry - ldrdata.InLoadOrderModuleList.blink = 0 + ldrdata.InLoadOrderModuleList.blink = last_module + ldrdata.InMemoryOrderModuleList.flink = main_addr_entry + \ LdrDataEntry.get_type().get_offset("InMemoryOrderLinks") - ldrdata.InMemoryOrderModuleList.blink = 0 - + ldrdata.InMemoryOrderModuleList.blink = last_module + \ + LdrDataEntry.get_type().get_offset("InMemoryOrderLinks") if ntdll_pe: ldrdata.InInitializationOrderModuleList.flink = ntdll_addr_entry + \ LdrDataEntry.get_type().get_offset("InInitializationOrderLinks") - ldrdata.InInitializationOrderModuleList.blink = 0 + ldrdata.InInitializationOrderModuleList.blink = last_module + \ + LdrDataEntry.get_type().get_offset("InInitializationOrderLinks") # Add dummy dll base jitter.vm.add_memory_page(peb_ldr_data_address + 0x24, |