ghidra icon indicating copy to clipboard operation
ghidra copied to clipboard

Published 20 hours ago verified publisher icon NationalSecurityAgency

Decompile Windows' Structured Exception Handling (SEH)

Open jrmuizel opened this issue 4 years ago • 6 comments

It would be nice if the decompiler could correctly decompile functions that use structured exception handling.

This would involve recognizing exception registration setup code, the scope table, and properly hooking up the control flow.

https://web.archive.org/web/20150318041037/https://www.microsoft.com/msj/0197/exception/exception.aspx has a good overview of how it works.

jrmuizel avatar Nov 14 '20 20:11 jrmuizel

Good suggestiion. We've had supporting try/catch block scope on the books for a while. The first step was recoverying the SEH information and laying it down so it could be used.

Our plan is to handle sub-function such as exceptions in an upcoming release.

emteere avatar Nov 16 '20 23:11 emteere

Just piggy-backing this request to have SEH structures included. This is helpful when reversing exploits setting a malicious handler in the TIB.

0xThiebaut avatar Apr 10 '21 19:04 0xThiebaut

bump

famouzkk avatar Dec 24 '22 21:12 famouzkk

bump

MajsterTynek avatar Aug 25 '23 02:08 MajsterTynek

Good suggestion. We've had supporting try/catch block scope on the books for a while. The first step was recoverying the SEH information and laying it down so it could be used.

Our plan is to handle sub-function such as exceptions in an upcoming release.

@emteere is this still work-in-progress?

Wall-AF avatar May 11 '24 09:05 Wall-AF

Another reference is https://www.openrce.org/articles/full_view/21.

Wall-AF avatar May 11 '24 15:05 Wall-AF