API tools faq
paste
Advertisement
aaSSfxxx

[NASM] [win32] funny tricks with SEH handlers

aaSSfxxx
Aug 29th, 2012
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.82 KB | None | 0 0
raw download clone embed print report
  1. BITS 32
  2. extern MessageBoxA
  3. extern ExitProcess
  4.  
  5. section .data readable writeable
  6. title db "Everything works",0
  7. message db "THE GAME FAGGOT",0
  8. trololo2 db "Second SEH handler", 0
  9. normal db "Normal execution taken", 0
  10.  
  11. section .idata readable writeable
  12.  
  13. section .text readable writeable executable
  14. global _start
  15.  
  16. MsgBox:
  17. push ebp
  18. mov ebp, esp
  19. push 16
  20. push title
  21. push dword[ebp+8]
  22. push 0
  23. call MessageBoxA
  24. leave
  25. ret 4
  26. _start:
  27. push _seh
  28. push dword[fs:0]
  29. mov [fs:0], esp
  30. int 3
  31. _normal:
  32. push normal
  33. call MsgBox
  34. _exit:
  35. call ExitProcess
  36. ret
  37.  
  38. _seh:
  39. push message
  40. call MsgBox
  41. mov eax, [fs:0]
  42. lea eax, [eax+4]
  43. mov dword[eax], _seh2
  44. int3
  45. jmp _exit
  46.  
  47. _seh2:
  48. mov eax, [esp+0ch]
  49. lea eax, [eax+0B8h]
  50. mov dword[eax], _normal
  51. mov eax, 0
  52. ret
  53. ; SAFEEIP = CONTEXT + B8h
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!