diff options
| -rw-r--r-- | miasm/tools/seh_helper.py | 10 | ||||
| -rw-r--r-- | miasm/tools/win_api.py | 22 |
2 files changed, 28 insertions, 4 deletions
diff --git a/miasm/tools/seh_helper.py b/miasm/tools/seh_helper.py index c5d8db44..51ea2c15 100644 --- a/miasm/tools/seh_helper.py +++ b/miasm/tools/seh_helper.py @@ -43,22 +43,24 @@ default_image_base = 0x400000 def build_fake_teb(): """ - +0x000 NtTib : _NT_TIB + +0x000 NtTib : _NT_TIB +0x01c EnvironmentPointer : Ptr32 Void +0x020 ClientId : _CLIENT_ID +0x028 ActiveRpcHandle : Ptr32 Void +0x02c ThreadLocalStoragePointer : Ptr32 Void - +0x030 ProcessEnvironmentBlock : Ptr32 _PEB + +0x030 ProcessEnvironmentBlock : Ptr32 _PEB + +0x034 LastErrorValue : Uint4B ... """ o = "" o += pdw(default_seh) o += (0x18 - len(o)) *"\x00" o += pdw(tib_address) - + o += (0x30 - len(o)) *"\x00" o += pdw(peb_address) - + o += pdw(0x11223344) + return o diff --git a/miasm/tools/win_api.py b/miasm/tools/win_api.py index 5a4d1edc..13ec5934 100644 --- a/miasm/tools/win_api.py +++ b/miasm/tools/win_api.py @@ -20,6 +20,7 @@ import struct from Crypto.Hash import MD5 import inspect from zlib import crc32 +import seh_helper handle_toolhelpsnapshot = 0xaaaa00 toolhelpsnapshot_info = {} handle_curprocess = 0xaaaa01 @@ -1539,3 +1540,24 @@ def kernel32_lstrcmpW(): def kernel32_lstrcmpiW(): my_lstrcmp('lstrcmpiW', lambda x: get_str_unic(x).lower()) + + +def kernel32_SetFileAttributesA(): + ret_ad = vm_pop_uint32_t() + lpfilename = vm_pop_uint32_t() + dwfileattributes = vm_pop_uint32_t() + print whoami(), hex(ret_ad), hex(lpfilename), hex(dwfileattributes) + + if lpfilename: + fname = get_str_ansi(lpfilename) + print "filename", repr(fname) + eax = 1 + else: + eax = 0 + vm_set_mem(seh_helper.FS_0_AD+0x34, pdw(3)) + + + regs = vm_get_gpreg() + regs['eip'] = ret_ad + regs['eax'] = eax + vm_set_gpreg(regs) |