Fix VEH/VCH enumeration on Windows 10

Closes #2814
2022-01-04 08:43:19 +01:00 · 2022-01-04 08:43:19 +01:00 · 59f19f54b2
parent 1b09ed07a6
commit 59f19f54b2
1 changed files with 6 additions and 2 deletions
--- a/src/dbg/exhandlerinfo.cpp
+++ b/src/dbg/exhandlerinfo.cpp
@ -138,8 +138,9 @@ struct VEH_ENTRY_VISTA
 {
    duint Flink;
    duint Blink;
-    DWORD Count;
-    duint VectoredHandler;
+    duint PtrRefCount;
+    duint VectoredHandler; // unclear when this changed
+    duint VectoredHandler2;
 };

 bool ExHandlerGetVCH(std::vector<duint> & Entries, bool GetVEH)
@ -174,6 +175,9 @@ bool ExHandlerGetVCH(std::vector<duint> & Entries, bool GetVEH)
        if(!MemRead(cur_entry, &entry, sizeof(entry)))
            return false;
        auto handler = entry.VectoredHandler;
+        // At some point Windows updated the structure
+        if(handler == ArchValue(0, 0xBAADF00D00000000))
+            handler = entry.VectoredHandler2;
        if(!MemDecodePointer(&handler, true))
            return false;
        Entries.push_back(handler);