Files with SEH support - Githubissues

TheWover / donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

BSD 3-Clause "New" or "Revised" License

3.61k stars 638 forks source link

Files with SEH support #143

Closed shanya0xff closed 11 months ago

shanya0xff commented 11 months ago

Any ideas how to add support to files with SEH? For x64 unmanaged binaries we can use RtlAddFunctionTable NTAPI, but what about x32 binaries?

shanya0xff commented 11 months ago

UPD: I noticed that using module overloading injection helped me to make my 32-bit PE handle exceptions correctly. So, to support SEH in your x32 PE, just choose module overloading when building an instance. The main thing is that your application will be mapped like an Image(MEM_IMAGE) in host-process, and this helped me in my case.

upsground commented 6 months ago

It didn't work for me. When my c++ application throws an exception, the program just crashes.

I generate as follows: donut.exe -a:2 -j:in.exe -i:in.exe

What am I doing wrong?