-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SRDI_CLEARMEMORY bug or missing feature? #22
Comments
Just seeing this, I'll have to dig in a take a look, it's been a while since I've looked at the memory free option Thanks for the helpful info! |
Alright, here are my thoughts based on my quick 5m walk through:
I don't know that actually freeing the memory will ever be reasonable without creating some sort of shellcode jump to safely free the memory, but never actually try to return there. The next best solution would be to simply zero out the DLL data in memory, but leave the block allocated. I think this achieves 80% of most people would want, but still leaves the memory region as an artifact. |
Hi Nick, Thanks a lot for taking the time to look into this. I was in fact experimenting with subtracting an offset to the dllData pointer to make it point to the start of the bootstrap code, but without much success. |
I am trying to use the SRDI_CLEARMEMORY flag, but I am having a couple of issues. First, if I try running the shellcode generated using the PIC code of
ShellcodeRDI.c
I don't get any call toVirtualFree
and it seems that there is no visible effect on the allocated memory.After reading the
ShellcodeRDI.c
, the code responsible for the memory cleaning looks like is the following:However, it looks to me that
pVirtualFree
andpLocalFree
are initialised but no value is assigned to them?I tried modifying the code myself and added the following at line ~ 260 of
ShellcodeRDI.c
:Now, if I debug the program with something like x64dbg, I can see the invocation to VirtualFree but the following error is returned:
LocalFree
fails as well with this:The program I used to inject the sRDI shellcode is the DotNet loader in the main repository, where the
ConvertToShellcode
function is called with the0x2
flag.Am I doing something wrong here (except for spending my Sunday reading C code)?
The text was updated successfully, but these errors were encountered: