参考文档:https://blog.csdn.net/kevin3683/article/details/19040809
分析发现SetUnhandledExceptionFilter 返回值不为空,可能是被其他覆盖,设置后调用如下函数:
SetUnhandledExceptionFilter(WinCrashUnhandledExceptionFilter);
void * addr = (void*)GetProcAddress(LoadLibraryA("kernel32.dll"),"SetUnhandledExceptionFilter");
if (addr)
{
unsigned char code[16];
int size = 0;
code[size++] = 0x33;
code[size++] = 0xC0;
code[size++] = 0xC2;
code[size++] = 0x04;
code[size++] = 0x00;
DWORD oldFlag, tmpFlag;
VirtualProtect(addr, size, PAGE_READWRITE, &oldFlag);
WriteProcessMemory(GetCurrentProcess(), addr, code, size, NULL);
VirtualProtect(addr, size, oldFlag, &tmpFlag);
}