Copy Link
Add to Bookmark
Report
Xine - issue #3 - Phile 102
/-----------------------------\
| Xine - issue #3 - Phile 102 |
\-----------------------------/
;
;
;
; SIMPLE TEST OF THE SEH METHOD IN WIN32
; Written by Murkry/IkX
;
;
; Works restore the regs to original when done.
;Object it to have a exception occur and catch it restore the stack to just
;b4 we installed the handler.
;very simple aplication and I am sure I am missing something,
;but since JQ did not illuminate with his virus I figure the least I could
;do was throw some code together that let people play with this neat
;feature. The best thing I can think of here is setting up a seh then
;do things that if the error occurs you know your in NT of win95 and can
;act accordingling. Say you get API addrress routine if SEH gets hit
;exit out graceful from the virus. If you think about it the the possiblities
;are endless. BTW in JQ Cabanas virus he restores his stack to just
;after he did a pusha so he can then do a popa and have his regs in a
;known values.
;
;
; Compiling the sample:
; tasm32 /ml /m3 sehtest,,;
; tlink32 /Tpe /aa /c sehtest,sehtest,, import32.lib
;Murkry
.386
.RADIX 16
locals
jumps
.model flat ,stdcall
extrn ExitProcess:PROC
extrn MessageBoxA:PROC ;note in the user32.dll
.data ;the data area
title1 db 'this is a title',0
storage dd 4 dup(0)
last db 'SEH TESTER',0
db 0Bh
db 0
t db '0_______________'
mess dd ?
dd ?
db ?
db '4_______________' ;OLD EXCEPTION HANDLER
dd ?
dd ?
db ?
db '8_______________'
dd ?
dd ?
db ?
db 'C_______________'
dd ?
dd ?
db ?
db '10______________'
dd ?
dd ?
db ?
db '14______________'
dd ?
dd ?
db ?
db '18______________'
dd ?
dd ?
db ?
db '1c______________'
dd ?
dd ?
db ?
db '20______________'
dd ?
dd ?
db ?
db '24______________'
dd ?
dd ?
db ?
db '28______________'
dd ?
dd ?
db ?
db '2c______________'
dd ?
dd ?
db ?
db '30______________'
dd ?
dd ?
db ?
db '34______________'
dd ?
dd ?
db ?
db '38______________'
dd ?
dd ?
db ?
db '3c______________'
dd ?
dd ?
db ?
db '40______________'
dd ?
dd ?
db ?
db '44______________'
dd ?
dd ?
db ?
db '48______________'
dd ?
dd ?
db ?
db '4c______________'
dd ?
dd ?
db ?
db '50______________'
db 0
.code ;executable code starts here
HOST:
Push Offset seh ;Set up the SEH
push dword ptr fs:[0]
mov fs:[0],esp
xchg eax,[ebx] ;crash
JMP NO_SEH
seh: ;IF WE GET HERE THEN AN EXCEPTION HAS OCCURED
MOV esp,[ESP + 08] ;gets the ESP when SEH was set
POP DWORD PTR FS:[0] ;Restores the SEH for us
add esp,4 ;GETS RID OF OUR seh HANDLER
NO_SEH: ;ok now just run through a routine to check our stack
;which should now be set to the stack at the start of the program
MOV ebx ,(50h/4)+1
mov edi,offset mess
LOOP1:
mov cx,1ch
digit_loop:
pop eax
push eax
shr eax,Cl
and ax,000fh
sub cx,4
cmp al,9
jle number
sub al,0ah
add al,41h
jmp letter
number:
or al,30h
letter:
stosb
cmp cx,0fffCh
jne digit_loop
mov al,0dh
stosb
add edi,10H
pop ecx
DEC EBX
jnz LOOP1
mov al,0
stosb
;now we call the MenuBox API
;------------------------------------------------------------------------
mov eax, 0
push eax
mov eax, offset last ;
push eax ;
mov eax,offset t ;
push eax ;
mov eax,0
push eax
call MessageBoxA
fini: ;left over from a Teacher who use to teach me C++
push LARGE -1
;call dword ptr edi ;when I used the routine to locate
;the ExitProcess address
call ExitProcess ;this simply terminates the program
end HOST
