UWP-SEH-Exception-Sniffing-POC/a_1authrowhook.asm

; crinkle the linkers load order
; a.obj < (anything else).obj
; A/B/C:\... <  ntstc_msvcrt's d:\os\obj\...

PUBLIC _CxxThrowException
EXTERN _SEHReport : proc
EXTERN gGxxThrowRefDll : qword

.code

_CxxThrowException PROC
    MOV R8, [RSP]
    
    push RCX
    push RDX
    
    SUB RSP, 24 ; yo wtf, we have [0, -8], [-8, -8], [-16, -8] writes in our stack?! stdcall compiler optimizer conflicting with the reality that stdcall does not exist under x64?
    MOV RAX, [_SEHReport]
    CALL RAX
    ADD RSP, 24
    POP RDX
    POP RCX

    XOR RAX, RAX

    JMP gGxxThrowRefDll
_CxxThrowException ENDP

END
Initial Commit 2022-01-23 02:32:46 +00:00			`; crinkle the linkers load order`
			`; a.obj < (anything else).obj`
			`; A/B/C:\... < ntstc_msvcrt's d:\os\obj\...`

			`PUBLIC _CxxThrowException`
Recrinkling... 2022-01-23 02:39:33 +00:00			`EXTERN _SEHReport : proc`
			`EXTERN gGxxThrowRefDll : qword`
Initial Commit 2022-01-23 02:32:46 +00:00
			`.code`

			`_CxxThrowException PROC`
			`MOV R8, [RSP]`

			`push RCX`
			`push RDX`

			`SUB RSP, 24 ; yo wtf, we have [0, -8], [-8, -8], [-16, -8] writes in our stack?! stdcall compiler optimizer conflicting with the reality that stdcall does not exist under x64?`
Recrinkling... 2022-01-23 02:39:33 +00:00			`MOV RAX, [_SEHReport]`
Initial Commit 2022-01-23 02:32:46 +00:00			`CALL RAX`
Recrinkling... 2022-01-23 02:39:33 +00:00			`ADD RSP, 24`
			`POP RDX`
			`POP RCX`
Initial Commit 2022-01-23 02:32:46 +00:00
Recrinkling... 2022-01-23 02:39:33 +00:00			`XOR RAX, RAX`
Initial Commit 2022-01-23 02:32:46 +00:00
Recrinkling... 2022-01-23 02:39:33 +00:00			`JMP gGxxThrowRefDll`
Initial Commit 2022-01-23 02:32:46 +00:00			`_CxxThrowException ENDP`

			`END`