GET /api/techniques/179/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 179,
"key": "misusing-structured-exception-handlers",
"unprotect_id": "U0218, B0032.016",
"name": "Misusing Structured Exception Handlers",
"description": "Misusing Structured Exception Handlers is a technique used by malware to make it more difficult for security analysts to reverse engineer the code. Structured Exception Handlers (SEH) are functions that are used to handle exceptions in a program. These can be misused by malware to fool disassemblers and make it harder to analyze the code. One way this is done is by using the FS segment register to gain access to the Thread Environment Block (TEB), which contains a pointer to the Structured Exception Handler (SEH) chain. \r\n\r\nThe SEH chain functions like a stack, with the most recently pushed function being the one that is executed when an exception occurs. By manipulating the SEH chain, malware authors can make it more difficult for analysts to understand the code and identify any potentially malicious behavior.",
"resources": "https://1malware1.medium.com/anti-disassembly-techniques-e012338f2ae0",
"creation_date": "2022-06-13T23:55:04.099000Z",
"tags": "Structured Exception Handlers (SEH),\r\nException handling,\r\nThread Environment Block (TEB),\r\nStructured Exception Handler (SEH) chain,\r\nFS segment register,",
"modification_date": "2023-10-04T10:44:21.079000Z",
"category": [
5
],
"rules": [],
"attachments": [],
"featured_api": [],
"contributors": []
}
