JavaScript is not available.

Couldn't read past the first blatantly incorrect statement. "_chkstk" doesn't catch shit, all it does is touching all the pages so that you don't subtract more than a page in one go without touching the page guard. It throws, not catches.

Furthermore, your shellcode won't crash if you don't link against _chkstk, provided that you use the compiler flag for inlining it on gcc, one of the compilers you mention explicitly by name.

_chkstk Routine - Win32 apps

Maybe you should read some msdn docs instead of arrogantly shouting what you dont understand

learn.microsoft.com

Called by the compiler when you have more than one page of local variables in your function.

More RTFM for you "_chkstk() increases the stack when needed by committing some of the pages previously reserved for the stack. If there is no more physical memory available for committed pages, _chkstk fails"

"When you enter a function (VC++ with the stack checking enabled), it will call the _chkstk located in CHKSTK.ASM. This function does a stack page probing and causes the necessary pages of memory to be allocated using the guard page scheme, if possible."

Nowhere in these three quotes does it say it catches anything. "increases the stack", "causes the necessary pages of memory to be allocated". That is because it does not catch anything. It causes exceptions that are caught and memory allocated in place of the guard pages.

So while your supposedly source materials are correct, you interpreted it wrong, and your statement ("This exception is usually caught by the _chkstk routine") is simply just wrong. Nothing in those links and quotes says anything equivalent to that.

In case you're wondering where the magic *actually* happens, check nt!MiCheckForUserStackOverflow

7:39 PM · Jan 26, 2023

434

Views

Jan 27

The doc literally says "_chkstk() increases the stack when needed by committing some of the pages previously reserved for the stack". How did you miss that?