Skip to content

gmh5225/Dump-val-exception-handler

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 

Repository files navigation

val-exception-handler

Attempted conversion of [tarekwiz / League-Unpacker (https://github.com/tarekwiz/League-Unpacker/blob/master/Unpackman/Main.cpp)] using RtlpCallVectoredHandlers instead of NtRaiseException

It's current state is rather underwhelming, as it is only able to properly dump the necessary UWORLD_STATE & UWORLD_KEY offsets

To update to current Windows version, offsets must be made to the following:

const auto ki_dispatcher = reinterpret_cast<std::uintptr_t>(GetProcAddress(GetModuleHandleA("ntdll.dll"), "KiUserExceptionDispatcher"));
const auto exception_dispatch = calculate_relative<std::int32_t>(ki_dispatcher + 0x29, 5, 1); //ki_dispatcher + ??? [new offset]
const auto rtlp = calculate_relative<std::int32_t>(exception_dispatch + 0x66, 5, 1); //exception_dispatch + ??? [new_offset]

NOTE: ntdll.dll function chains can change per Windows version, so look for: ExportedFunction -> RtlDispatchException -> RtlpCallVectoredHandlers

About

Based off of [tarekwiz / League-Unpacker]

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%