Created
February 16, 2023 15:40
-
-
Save freefirex/8b202c94fc6c1036aed1402a4dd28db1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _WIN32_WINNT 0x0502 | |
#define WINVER 0x0502 | |
#include <windows.h> | |
#include <errhandlingapi.h> | |
#include <process.h> | |
#include "beacon.h" | |
WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler (ULONG First, PVECTORED_EXCEPTION_HANDLER Handler); | |
DECLSPEC_IMPORT uintptr_t __cdecl MSVCRT$_beginthreadex(void *_Security,unsigned _StackSize,_beginthreadex_proc_type _StartAddress,void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr); | |
DECLSPEC_IMPORT void __cdecl MSVCRT$_endthreadex(unsigned _Retval); | |
WINBASEAPI DWORD WINAPI KERNEL32$WaitForSingleObject (HANDLE hHandle, DWORD dwMilliseconds); | |
WINBASEAPI BOOL WINAPI KERNEL32$GetExitCodeThread (HANDLE hThread, LPDWORD lpExitCode); | |
WINBASEAPI ULONG WINAPI KERNEL32$RemoveVectoredExceptionHandler (PVOID Handle); | |
LONG PvectoredExceptionHandler(EXCEPTION_POINTERS* ExceptionInfo) | |
{ | |
MSVCRT$_endthreadex(ExceptionInfo->ExceptionRecord->ExceptionCode); | |
return EXCEPTION_CONTINUE_EXECUTION; | |
} | |
unsigned __stdcall testfunc(void * val) | |
{ | |
BeaconPrintf(CALLBACK_OUTPUT,"infunc"); | |
int a = 5; | |
a = a / 0; | |
BeaconPrintf(CALLBACK_OUTPUT,"after"); | |
return 0; | |
} | |
VOID go( | |
IN PCHAR Buffer, | |
IN ULONG Length | |
) | |
{ | |
DWORD param = 0; | |
PVOID handler = KERNEL32$AddVectoredExceptionHandler(0, PvectoredExceptionHandler); | |
HANDLE thread = (HANDLE)MSVCRT$_beginthreadex(NULL, 0, testfunc, NULL, 0, NULL); | |
KERNEL32$WaitForSingleObject(thread, INFINITE); | |
KERNEL32$GetExitCodeThread(thread, ¶m); | |
BeaconPrintf(CALLBACK_OUTPUT,"back %x", param); | |
KERNEL32$RemoveVectoredExceptionHandler(handler); | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment