Masm32 jump to label in other module after seh handler handled exception

Question

I am trying an method of anti-debug.

First I did everything nessissery and raised an exception by a line of not corrected code

    assume fs:nothing
    push offset antiDebug    ;function to deal with exception
    push fs:[0]
    mov fs:[0],esp
    mov eax,offset MENU   ;Menu is the label I want to jump to after the exception handled
    push eax
    call dumpRegs
    mov edx,0
    mov dword ptr[edx],0    ;wrong code

    MENU:                   ;I want to jump here after exception handled

antiDebug function ↓,in another module from the above code

antiDebug proc _lpExceptionRecord:ptr EXCEPTION_RECORD,_lpSEH:ptr SEH,_lpContext:ptr CONTEXT,_lpDispatcherContext:ptr DISPATCHER_CONTEXT 
    mov esi,_lpExceptionRecord
    mov edi,_lpContext
    assume esi:ptr EXCEPTION_RECORD,edi:ptr CONTEXT
    invoke MessageBox,NULL,addr infoUser,NULL,MB_OK
    mov eax,[ebp+638H]       ;I debug many times to find the relative 
                             ;distance,eax gets the location oflable MENU
    mov [edi].regEip,eax
    assume esi:nothing,edi:nothing
    mov eax,ExceptionContinueExecution
    ret
antiDebug endp

the problem is that the location of MENU is not in the same module of antiDebug function.So I just cant jump MENU by mov [edi].regEip,eax What am I supposed to do?

ADD DETAILS: in my main module,before I trigger the exception,I push the location of MENU in stack,and you can see in the debug window,eax gets the right value

I continue to debug.In the antiDebug function,here,eax successfully gets the location of lable and pass it to [edi].regEip

But then problem comes.I am sure I get the right location of MENU,but when this function return,I get error.

then error in handler function and error in handler function,I just repeat to execute the handler function(antiDebug)

PS:if I pass [edi].regEip a label in the same module of antiDebug,I can jump there.

Thanks in advance!

you of course can and must `mov [edi].regEip,eax`. all your question - how take address of symbol in another module. you can export this address or export function, which return this address. and anyway all this *anti-debug* have no any sense — RbMm, Apr 21 '20 at 16:15
It's not immediately clear, why you can access `antiDebug` from the first code snippet, but not `MENU` from the second, because it were presumably in a different module. — IInspectable, Apr 21 '20 at 16:16
@RbMm How to export a label? I can only export a function. by keyword proto.. — ooo cherro, Apr 22 '20 at 04:27

score 0 · Answer 1 · answered Apr 23 '20 at 04:43

0

After several days,I seem to figure it out.I dont get the right location of MENU(the label).The the key to solve the problem is how to get the right location of a label(how to export a label to another module.So my solution is define a global variable in main module,and define a function in main module to mov eax,variable that store location

By invoke this function,I get the location of label in the antiDebug module.

answered Apr 23 '20 at 04:43

ooo cherro

55
4

Thanks for sharing the solution! and you could also [accept](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work/5235#5235) yourself. – Drake Wu May 04 '20 at 08:36

Masm32 jump to label in other module after seh handler handled exception

1 Answers1