How to Patch the windows API SetUnhandledExceptionFIlter in 64 bit machine

**weaknessforcats** · Mar 3 '08, 04:10 PM

What do you mean that you patched a Win32 API function?

Plus, what kind of error are you getting? Which OS?

**Sendil kumar** · Mar 6 '08, 07:27 AM

Originally posted by weaknessforcats

What do you mean that you patched a Win32 API function?

Plus, what kind of error are you getting? Which OS?

I have stolen 5 bytes from the address of SetUnhandledExc eptionFilter in Kernel32.dll and added my patch bytes( 0x33, 0xC0, 0xC2, 0x04, 0x00 ) to it.
So, the SetUnhandledExc eptionFilter will never get executed when ever a call is made. This technique is used to enforce your own exception filter so that no one can re-set their own filter once you patched.

When I executed the same in my 64-bit machine it give access violation error.

Thanks,
Sendil

**weaknessforcats** · Mar 6 '08, 05:55 PM

It looks like Microsoft has fixed a bug.

I have no advice since I have never heard of anyone doing stuff like this. I'm just a C++ junkie.

Clearly the address of SetUnhandledExc eptionFilter is outside your process address space.

How to Patch the windows API SetUnhandledExceptionFIlter in 64 bit machine

How to Patch the windows API SetUnhandledExceptionFIlter in 64 bit machine

Comment

Comment

Comment