Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save rwincey/48271ba78188e49dd3c6ba9a4ce72069 to your computer and use it in GitHub Desktop.
Save rwincey/48271ba78188e49dd3c6ba9a4ce72069 to your computer and use it in GitHub Desktop.
White Knight Labs - Offensive Development Course - Demo of using Exception Filter Function in C++ to catch Access Violations for payload execution and anti-debugging.
// White Knight Labs - Offensive Development Course
// Guardrails - Control Flow & Anti-Debugging
#include <windows.h>
#include <iostream>
// Test function to be called when an access violation occurs
void TestFunction() {
std::cout << "Test function executed after catching access violation." << std::endl;
}
// Exception filter function
LONG WINAPI MyExceptionFilter(EXCEPTION_POINTERS* ExceptionInfo) {
if (ExceptionInfo->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION) {
std::cout << "Access violation detected and caught" << std::endl;
// Call the test function
TestFunction();
return EXCEPTION_EXECUTE_HANDLER; // Handle the exception
}
return EXCEPTION_CONTINUE_SEARCH; // Pass the exception up the chain
}
int main() {
// Install exception filter
SetUnhandledExceptionFilter(MyExceptionFilter);
// Cause an access violation
int* p = nullptr; // Null pointer
*p = 42; // Access violation here
std::cout << "This line won't be executed since the program will terminate after the access violation is handled." << std::endl;
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment