Exception handling in dynamic allocated x64 code

Forum for discussion about kernel-mode development.

Exception handling in dynamic allocated x64 code

Postby grechkoed » Thu Jul 27, 2017 3:02 pm

Hello!

I develop kernel-mode packer and interested if someone face a problem with dynamic allocated code in x64 binaries (x32 works)
The thing is if we wan't to make exceptions work in unpacked code, we need to make kernel to know about PRUNTIME_FUNCTION array that covers all unpacked code (these array usually stores in .pdata section)
ntoskrnl.exe has internal list of such arrays (similar to InvertedFunctionTable in user mode) Also there are two functions in user mode to dynamically add PRUNTIME_FUNCTION arrays in internal list (RtlAddFunctionTable and RtlInstallFunctionTableCallback).

Who knows, are there similar functions in kernel-mode? Or are there another ways to make exceptions work?
Thanks)
grechkoed
 
Posts: 4
Joined: Mon Apr 24, 2017 8:18 am
Reputation point: 0

Return to Kernel-Mode Development

Who is online

Users browsing this forum: No registered users and 1 guest