22 Sep
2023
22 Sep
'23
3:47 p.m.
On Fri Sep 22 06:50:36 2023 +0000, eric pouech wrote:
this raises the questions does native ntdll.RtlImageHeader check for e_lfanew being within image boundary? if so, it builtin implementation has to be fixed (with test case please) and if it doesn't you can still add the check on RtlImageHeader's returned value
The native RtlImageHeader does not have boundary checks. I cannot do this check on RtlImageHeader's return value safely since that would be after RtlImageHeader has already potentially accessed an invalid address.