On Fri Sep 22 06:50:36 2023 +0000, Aidan Khoury wrote:

`RtlImageNtHeader` lacks proper image boundary checks for e_lfanew, so using it in this case is not safe.

this raises the questions does native ntdll.RtlImageHeader check for e_lfanew being within image boundary? if so, it builtin implementation has to be fixed (with test case please)

and if it doesn't you can still add the check on RtlImageHeader's returned value