angr.analyses.cfg.pe_msvc_eh_structs

Struct definitions and parsing utilities for MSVC C++ exception handling structures found in x86 PE binaries.

References: - ___CxxFrameHandler3: The MSVC C++ exception handler for 32-bit binaries. - __EH_prolog3 / __EH_prolog3_catch / __EH_prolog3_GS: C++ EH prolog helpers. - __SEH_prolog4 / __SEH_prolog4_GS: SEH prolog helpers. - FuncInfo: Describes exception handling metadata for a function. - UnwindMapEntry: Describes state unwinding actions during exception handling.

class angr.analyses.cfg.pe_msvc_eh_structs.FuncInfo

Bases: object

Parsed FuncInfo struct from a 32-bit PE binary.

__init__(addr, magic_number, max_state, p_unwind_map, n_try_blocks, p_try_block_map, n_ip_map_entries, p_ip_to_state_map, p_es_type_list, eh_flags)

Parameters:

• addr (int)

• magic_number (int)

• max_state (int)

• p_unwind_map (int)

• n_try_blocks (int)

• p_try_block_map (int)

• n_ip_map_entries (int)

• p_ip_to_state_map (int)

• p_es_type_list (int)

• eh_flags (int)

addr

magic_number

max_state

p_unwind_map

n_try_blocks

p_try_block_map

n_ip_map_entries

p_ip_to_state_map

p_es_type_list

eh_flags

class angr.analyses.cfg.pe_msvc_eh_structs.UnwindMapEntry

Bases: object

Parsed UnwindMapEntry struct from a 32-bit PE binary.

__init__(addr, to_state, action)

Parameters:

• addr (int)

• to_state (int)

• action (int)

addr

to_state

action

angr.analyses.cfg.pe_msvc_eh_structs.parse_funcinfo(memory, addr)

Parse a FuncInfo struct at the given address.

Parameters:

• memory – The loader memory interface (supports .load(addr, size)).

• addr (int) – The virtual address of the FuncInfo struct.

Return type:

FuncInfo | None

Returns:

A FuncInfo object, or None if parsing fails.

class angr.analyses.cfg.pe_msvc_eh_structs.EH4ScopeTable

Bases: object

Parsed _EH4_SCOPETABLE struct from a 32-bit PE binary.

__init__(addr, gs_cookie_offset, gs_cookie_xor_offset, eh_cookie_offset, eh_cookie_xor_offset, records)

Parameters:

• addr (int)

• gs_cookie_offset (int)

• gs_cookie_xor_offset (int)

• eh_cookie_offset (int)

• eh_cookie_xor_offset (int)

• records (list[EH4ScopeRecord])

addr

gs_cookie_offset

gs_cookie_xor_offset

eh_cookie_offset

eh_cookie_xor_offset

records

property total_size: int

class angr.analyses.cfg.pe_msvc_eh_structs.EH4ScopeRecord

Bases: object

Parsed _EH4_SCOPETABLE_RECORD struct from a 32-bit PE binary.

__init__(enclosing_level, filter_func, handler_func)

Parameters:

• enclosing_level (int)

• filter_func (int)

• handler_func (int)

enclosing_level

filter_func

handler_func

angr.analyses.cfg.pe_msvc_eh_structs.parse_eh4_scopetable(memory, addr, code_range=None)

Parse an _EH4_SCOPETABLE at the given address.

Parameters:

• memory – The loader memory interface.

• addr (int) – The virtual address of the _EH4_SCOPETABLE.

• code_range (tuple[int, int] | None) – Optional (min_addr, max_addr) of executable memory. When provided, FilterFunc and HandlerFunc pointers are validated against this range.

Return type:

EH4ScopeTable | None

Returns:

An EH4ScopeTable object, or None if parsing fails.

angr.analyses.cfg.pe_msvc_eh_structs.parse_unwind_map(memory, addr, count)

Parse an array of UnwindMapEntry structs.

Parameters:

• memory – The loader memory interface.

• addr (int) – The virtual address of the first UnwindMapEntry.

• count (int) – The number of entries (maxState from FuncInfo).

Return type:

list[UnwindMapEntry]

Returns:

A list of UnwindMapEntry objects.

class angr.analyses.cfg.pe_msvc_eh_structs.TryBlockMapEntry

Bases: object

Parsed TryBlockMapEntry struct from a 32-bit PE binary.

__init__(addr, try_low, try_high, catch_high, n_catches, p_handler_array, handlers)

Parameters:

• addr (int)

• try_low (int)

• try_high (int)

• catch_high (int)

• n_catches (int)

• p_handler_array (int)

• handlers (list[HandlerType])

addr

try_low

try_high

catch_high

n_catches

p_handler_array

handlers

class angr.analyses.cfg.pe_msvc_eh_structs.HandlerType

Bases: object

Parsed HandlerType struct from a 32-bit PE binary.

__init__(addr, adjectives, p_type, disp_catch_obj, address_of_handler)

Parameters:

• addr (int)

• adjectives (int)

• p_type (int)

• disp_catch_obj (int)

• address_of_handler (int)

addr

adjectives

p_type

disp_catch_obj

address_of_handler

angr.analyses.cfg.pe_msvc_eh_structs.parse_handler_array(memory, addr, count)

Parse an array of HandlerType structs.

Parameters:

• memory – The loader memory interface.

• addr (int) – The virtual address of the first HandlerType.

• count (int) – The number of entries (nCatches from TryBlockMapEntry).

Return type:

list[HandlerType]

Returns:

A list of HandlerType objects.

angr.analyses.cfg.pe_msvc_eh_structs.parse_try_block_map(memory, addr, count)

Parse an array of TryBlockMapEntry structs, including their nested HandlerType arrays.

Parameters:

• memory – The loader memory interface.

• addr (int) – The virtual address of the first TryBlockMapEntry.

• count (int) – The number of entries (nTryBlocks from FuncInfo).

Return type:

list[TryBlockMapEntry]

Returns:

A list of TryBlockMapEntry objects.