You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hence, the section variable is initialized to the SECTION_HEADER in output buffer (module->headers) we just allocated. Later, we do an if check using if (section->SizeOfRawData == 0). The problem is, the output buffer must be zero right after allocation by VirtualAlloc(). Even worse is there are something else performed if the output buffer is not zero which won't be executed at all. So it looks like the code is not behaving in a manner consistent with its initialized value.
Since I am not able to fully understand what these lines are doing. I can only second guess that the initializer is incorrect.
The text was updated successfully, but these errors were encountered:
The only variables which are used from the structure in the variable 'section' are
section->SizeOfRawData
and
section->VirtualAddress
It does not matter if you load 'section' from
module->headers
or from
old_headers
because before calling CopySections() the following line is executed:
memcpy(headers, dos_header, old_header->OptionalHeader.SizeOfHeaders);
In this function under MemoryModule.c:
It looks like this line:
PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(module->headers);
should instead be this or something else:
PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(old_headers);
This function is called like this:
Hence, the
section
variable is initialized to the SECTION_HEADER in output buffer (module->headers) we just allocated. Later, we do an if check usingif (section->SizeOfRawData == 0)
. The problem is, the output buffer must be zero right after allocation by VirtualAlloc(). Even worse is there are something else performed if the output buffer is not zero which won't be executed at all. So it looks like the code is not behaving in a manner consistent with its initialized value.Since I am not able to fully understand what these lines are doing. I can only second guess that the initializer is incorrect.
The text was updated successfully, but these errors were encountered: