def handler(self, event): if ( event.get_event_code() == win32.EXCEPTION_DEBUG_EVENT and event.get_exception_code() != win32.STATUS_BREAKPOINT and (event.is_last_chance() or event.get_exception_code() in self.alwaysCatchExceptions) ): crash = Crash(event) report = CrashReport() crash = Crash(event) (exploitable, type, info) = crash.isExploitable() try: report.code = event.get_thread().disassemble(crash.pc, 0x10)[0][2] except: report.code = "Could not disassemble" if crash.faultAddress is None or MemoryAddresses.align_address_to_page_start(crash.faultAddress) == 0: report.nearNull = True else: report.nearNull = False report.type = type lib = event.get_thread().get_process().get_module_at_address(crash.pc) if lib != None: report.location = lib.get_label_at_address(crash.pc) else: report.location = HexDump.address(crash.pc, event.get_thread().get_process().get_bits())[-4:] if crash.faultAddress == None: crash.faultAddress = 0 report.faultAddr = HexDump.address(crash.faultAddress, event.get_thread().get_process().get_bits()) report.stack = "" stList = self.getStackTraceRelList(event.get_thread()) if len(stList) > 0: for ra in stList: lib = event.get_thread().get_process().get_module_at_address(ra) if lib != None: report.stack += ( lib.get_label_at_address(ra) + " " + HexDump.address(ra, event.get_thread().get_process().get_bits()) + "\n" ) else: report.stack += HexDump.address(ra, event.get_thread().get_process().get_bits()) + "\n" if report.stack == "": report.stack = "NO_STACK" report.info = crash.fullReport() return report return None
def handler(self, event): if event.get_event_code() == win32.EXCEPTION_DEBUG_EVENT and event.get_exception_code() != win32.STATUS_BREAKPOINT and (event.is_last_chance() or event.get_exception_code() in self.alwaysCatchExceptions): crash = Crash(event) report = CrashReport() crash = Crash(event) (exploitable, type, info) = crash.isExploitable() try: report.code = event.get_thread().disassemble( crash.pc, 0x10 ) [0][2] except: report.code = "Could not disassemble" if crash.faultAddress is None or MemoryAddresses.align_address_to_page_start(crash.faultAddress) == 0: report.nearNull = True else: report.nearNull = False report.type = type lib = event.get_thread().get_process().get_module_at_address(crash.pc) if lib != None: report.location = lib.get_label_at_address(crash.pc) else: report.location = HexDump.address(crash.pc, event.get_thread().get_process().get_bits())[-4:] if crash.faultAddress == None: crash.faultAddress = 0 report.faultAddr = HexDump.address(crash.faultAddress, event.get_thread().get_process().get_bits()) report.stack = "" stList = self.getStackTraceRelList(event.get_thread()) if len(stList)>0: for ra in stList: lib = event.get_thread().get_process().get_module_at_address(ra) if lib != None: report.stack += lib.get_label_at_address(ra) + " " + HexDump.address(ra, event.get_thread().get_process().get_bits()) + "\n" else: report.stack += HexDump.address(ra, event.get_thread().get_process().get_bits()) + "\n" if report.stack == "": report.stack = "NO_STACK" report.info= crash.fullReport() return report return None