updt win api; peb struc

2 files changed, 28 insertions, 4 deletions

diff --git a/miasm/tools/seh_helper.py b/miasm/tools/seh_helper.py
index c5d8db44..51ea2c15 100644
--- a/miasm/tools/seh_helper.py
+++ b/miasm/tools/seh_helper.py
@@ -43,22 +43,24 @@ default_image_base = 0x400000
 
 def build_fake_teb():
     """
-    +0x000 NtTib                     : _NT_TIB    
+    +0x000 NtTib                     : _NT_TIB
     +0x01c EnvironmentPointer        : Ptr32 Void
     +0x020 ClientId                  : _CLIENT_ID
     +0x028 ActiveRpcHandle           : Ptr32 Void
     +0x02c ThreadLocalStoragePointer : Ptr32 Void
-    +0x030 ProcessEnvironmentBlock   : Ptr32 _PEB 
+    +0x030 ProcessEnvironmentBlock   : Ptr32 _PEB
+    +0x034 LastErrorValue            : Uint4B
     ...
     """
     o = ""
     o += pdw(default_seh)
     o += (0x18 - len(o)) *"\x00"
     o += pdw(tib_address)
-    
+
     o += (0x30 - len(o)) *"\x00"
     o += pdw(peb_address)
-    
+    o += pdw(0x11223344)
+
     return o
 
 
diff --git a/miasm/tools/win_api.py b/miasm/tools/win_api.py
index 5a4d1edc..13ec5934 100644
--- a/miasm/tools/win_api.py
+++ b/miasm/tools/win_api.py
@@ -20,6 +20,7 @@ import struct
 from Crypto.Hash import MD5
 import inspect
 from zlib import crc32
+import seh_helper
 handle_toolhelpsnapshot = 0xaaaa00
 toolhelpsnapshot_info = {}
 handle_curprocess = 0xaaaa01
@@ -1539,3 +1540,24 @@ def kernel32_lstrcmpW():
 
 def kernel32_lstrcmpiW():
     my_lstrcmp('lstrcmpiW', lambda x: get_str_unic(x).lower())
+
+
+def kernel32_SetFileAttributesA():
+    ret_ad = vm_pop_uint32_t()
+    lpfilename = vm_pop_uint32_t()
+    dwfileattributes = vm_pop_uint32_t()
+    print whoami(), hex(ret_ad), hex(lpfilename), hex(dwfileattributes)
+
+    if lpfilename:
+        fname = get_str_ansi(lpfilename)
+        print "filename", repr(fname)
+        eax = 1
+    else:
+        eax = 0
+        vm_set_mem(seh_helper.FS_0_AD+0x34, pdw(3))
+    
+
+    regs = vm_get_gpreg()
+    regs['eip'] = ret_ad
+    regs['eax'] = eax
+    vm_set_gpreg(regs)