freefirex · February 16, 2023 15:40 · Feb 16, 2023
diff --git a/COFF_With_Exception_handler.c b/COFF_With_Exception_handler.c
@@ -0,0 +1,42 @@
+#define _WIN32_WINNT 0x0502
+#define WINVER 0x0502
+#include <windows.h>
+#include <errhandlingapi.h>
+#include <process.h>
+#include "beacon.h"
+
+WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler (ULONG First, PVECTORED_EXCEPTION_HANDLER Handler);
+DECLSPEC_IMPORT uintptr_t __cdecl MSVCRT$_beginthreadex(void *_Security,unsigned _StackSize,_beginthreadex_proc_type _StartAddress,void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr);
+DECLSPEC_IMPORT void __cdecl MSVCRT$_endthreadex(unsigned _Retval);
+WINBASEAPI DWORD WINAPI KERNEL32$WaitForSingleObject (HANDLE hHandle, DWORD dwMilliseconds);
+WINBASEAPI BOOL WINAPI KERNEL32$GetExitCodeThread (HANDLE hThread, LPDWORD lpExitCode);
+WINBASEAPI ULONG WINAPI KERNEL32$RemoveVectoredExceptionHandler (PVOID Handle);
+
+LONG PvectoredExceptionHandler(EXCEPTION_POINTERS* ExceptionInfo)
+{
+    MSVCRT$_endthreadex(ExceptionInfo->ExceptionRecord->ExceptionCode);
+    return EXCEPTION_CONTINUE_EXECUTION;
+}
+
+unsigned __stdcall testfunc(void * val)
+{
+    BeaconPrintf(CALLBACK_OUTPUT,"infunc");
+    int a = 5;
+    a = a / 0;
+    BeaconPrintf(CALLBACK_OUTPUT,"after");
+    return 0;
+}
+
+VOID go( 
+	IN PCHAR Buffer, 
+	IN ULONG Length 
+) 
+{
+    DWORD param = 0;
+    PVOID handler = KERNEL32$AddVectoredExceptionHandler(0, PvectoredExceptionHandler);
+    HANDLE thread = (HANDLE)MSVCRT$_beginthreadex(NULL, 0, testfunc, NULL, 0, NULL);
+    KERNEL32$WaitForSingleObject(thread, INFINITE);
+    KERNEL32$GetExitCodeThread(thread, &param);
+    BeaconPrintf(CALLBACK_OUTPUT,"back %x", param);
+    KERNEL32$RemoveVectoredExceptionHandler(handler);
+};