├── README.md
├── func.go
├── hello.c
└── main.go


/README.md:
--------------------------------------------------------------------------------
1 | # Go-VEH
2 | VEH hook
3 | 


--------------------------------------------------------------------------------
/func.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | /*
 4 | #include<Windows.h>
 5 | */
 6 | import "C"
 7 | import (
 8 | 	"fmt"
 9 | )
10 | 
11 | const(
12 | 	_EXCEPTION_CONTINUE_EXECUTION = -0x1
13 | 	_EXCEPTION_CONTINUE_SEARCH    = 0x0
14 | 	_EXCEPTION_CONTINUE_HANDLE    = 0x1
15 | )
16 | 
17 | //export CustomFunc
18 | func CustomFunc(pExcepInfo C.PEXCEPTION_POINTERS)int32 {
19 | 	println("VEH Hooked!")
20 | 	vehHook(pExcepInfo)
21 | 	return _EXCEPTION_CONTINUE_SEARCH
22 | 
23 | }
24 | 
25 | func vehHook(pExcepInfo C.PEXCEPTION_POINTERS){
26 | 	fmt.Printf("ExceptionCode = 0x%x\n", pExcepInfo.ExceptionRecord.ExceptionCode)
27 | 	fmt.Printf("ExceptionAddress = 0x%x\n",pExcepInfo.ExceptionRecord.ExceptionAddress)
28 | 	fmt.Printf("Rsp = 0x%x\n",pExcepInfo.ContextRecord.Rsp)
29 | 	fmt.Printf("Rip = 0x%x\n",pExcepInfo.ContextRecord.Rip)
30 | }


--------------------------------------------------------------------------------
/hello.c:
--------------------------------------------------------------------------------
 1 | #include<Windows.h>
 2 | #include "_cgo_export.h"
 3 | 
 4 | LONG NTAPI Firstcontinuehandler(PEXCEPTION_POINTERS pExcepInfo)
 5 | {
 6 |     return CustomFunc(pExcepInfo);
 7 | }
 8 | 
 9 | void break0()
10 | {
11 |    __debugbreak();
12 | }
13 | 
14 | LPVOID setptr(){
15 | 	return &Firstcontinuehandler;
16 | }
17 | 


--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | /*
 4 | extern uintptr_t setptr();
 5 | extern void break0();
 6 | */
 7 | import "C"
 8 | import (
 9 | 	"syscall"
10 | )
11 | 
12 | func VEH_proc(){
13 | 	//add VEH
14 | 	vehA := syscall.NewLazyDLL("kernel32.dll").NewProc("AddVectoredExceptionHandler")
15 | 	vehA.Call(1,uintptr(C.setptr()))
16 | }
17 | 
18 | 
19 | 
20 | func main() {
21 | 	VEH_proc()
22 | 	C.break0()
23 | }
24 | 


--------------------------------------------------------------------------------