SEH

[Malware Utkonos]

I'm having problems with a technique for stepping into an SEH. It worked before, and now it doesn't. I'm stuck getting dropped in ntdll.dll rather than in the handler code.

This is in a DLL btw. The DLL is loaded, then the SEH is set. I would set a memory breakpoint on the executable code section of the DLL, and disable it immediately. Then set an exception breakpoint and run until that breakpoint. Next, enable the memory breakpoint, and finally step into the exception. This used to leave me in the SEH, and with the current snapshot release, it doesn't work properly. I may just be doing something incorrect.

Is there a more stable, or better process to identify the SEH code and to step into it?

[Duncan Ogilvie]

Once an exception is hit put a breakpoint on KiUserExceptionDispatch and from there trace until you reach user code.

--
Don't forget to report issues on http://issues.x64dbg.com!
---
You received this message because you are subscribed to the Google Groups "x64dbg" group.
To unsubscribe from this group and stop receiving emails from it, send an email to x64dbg+un...@googlegroups.com.
To post to this group, send email to x64...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/x64dbg/42e49b95-740c-4227-b78c-e9f4b7f60def%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.