Skip to content

Instantly share code, notes, and snippets.

@gavz
Forked from aaaddress1/vehMon.cpp
Created May 3, 2024 22:14
Show Gist options
  • Save gavz/71dc5b69da50b61cb41048932ca1d1e1 to your computer and use it in GitHub Desktop.
Save gavz/71dc5b69da50b61cb41048932ca1d1e1 to your computer and use it in GitHub Desktop.
VEH Monitor
// VEH Montior by aaaddress1@chroot.org
#include <stdio.h>
#include <windows.h>
#pragma warning( disable : 4996 )
LONG __stdcall TrapFilter(PEXCEPTION_POINTERS pexinf) {
if (pexinf->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION && ((DWORD)pexinf->ExceptionRecord->ExceptionAddress & 0x80000000))
pexinf->ContextRecord->Eip = pexinf->ContextRecord->Eip ^ 0x80000000;
else if (pexinf->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP)
return EXCEPTION_CONTINUE_SEARCH;
if (!strncmp((PCHAR)pexinf->ContextRecord->Eip, "\xB8\xEF\xBE\xAD\xDE", 5)) {
pexinf->ContextRecord->Eip += 12;
pexinf->ContextRecord->Ebx = 0x1337;
}
if (!strncmp((PCHAR)pexinf->ContextRecord->Eip, "\xCC", 1))
pexinf->ContextRecord->Eip += 1;
else if (*(PBYTE)pexinf->ContextRecord->Eip != 0xea && *(PWORD)(pexinf->ContextRecord->Eip + 5) != 0x33)
pexinf->ContextRecord->EFlags |= 0x100;
return EXCEPTION_CONTINUE_EXECUTION;
}
int main(int argc, char* argv[]) {
puts("what's the answer of (0xdeadbeef ^ 0xcafecafe) ?");
HANDLE veh = AddVectoredExceptionHandler(0, TrapFilter);
_asm {
pushfd
or dword ptr[esp], 0x100
popfd
}
int answer = 0;
_asm {
mov eax, 0xdeadbeef
mov ebx, 0xcafecafe
xor ebx, eax
mov answer, ebx
}
_asm int 3;
printf("Answer should be... %x!\n", answer);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment