From 59f19f54b20d5e09f4658aae2ee2066d58d50c5b Mon Sep 17 00:00:00 2001
From: Duncan Ogilvie <mr.exodia.tpodt@gmail.com>
Date: Tue, 4 Jan 2022 08:43:19 +0100
Subject: [PATCH] Fix VEH/VCH enumeration on Windows 10

Closes #2814
---
 src/dbg/exhandlerinfo.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/dbg/exhandlerinfo.cpp b/src/dbg/exhandlerinfo.cpp
index d2018533..713fd542 100644
--- a/src/dbg/exhandlerinfo.cpp
+++ b/src/dbg/exhandlerinfo.cpp
@@ -138,8 +138,9 @@ struct VEH_ENTRY_VISTA
 {
     duint Flink;
     duint Blink;
-    DWORD Count;
-    duint VectoredHandler;
+    duint PtrRefCount;
+    duint VectoredHandler; // unclear when this changed
+    duint VectoredHandler2;
 };
 
 bool ExHandlerGetVCH(std::vector<duint> & Entries, bool GetVEH)
@@ -174,6 +175,9 @@ bool ExHandlerGetVCH(std::vector<duint> & Entries, bool GetVEH)
         if(!MemRead(cur_entry, &entry, sizeof(entry)))
             return false;
         auto handler = entry.VectoredHandler;
+        // At some point Windows updated the structure
+        if(handler == ArchValue(0, 0xBAADF00D00000000))
+            handler = entry.VectoredHandler2;
         if(!MemDecodePointer(&handler, true))
             return false;
         Entries.push_back(handler);