Detours icon indicating copy to clipboard operation
Detours copied to clipboard
verified publisher icon microsoft

Fixed detour_alloc_trampoline_allocate_new

Open xorcus opened this issue 1 year ago • 1 comments

detour_alloc_trampoline_allocate_new(pbTarget, pLo, pHi) was designed with the assumption that pbTarget is going to be between pLo and pHi. In our case, 32-bit cscript!mainCRTStartup was loaded at 0x34020, i.e. pbTarget was below pLo (which was fixed to 0x80000 in detour_2gb_below), and therefore:

  • detour_alloc_region_from_hi(pLo, pbTarget) did not do anything
  • detour_alloc_region_from_lo(pbTarget, pHi) allocated a 64 KiB block below pLo (in our case happened to be 0x70000) which was later discarded and NULL returned in detour_alloc_trampoline

The fix clamps pbTarget into [pLo, pHi] range.

xorcus avatar Nov 02 '24 22:11 xorcus

@microsoft-github-policy-service agree company="Microsoft"

xorcus avatar Nov 02 '24 22:11 xorcus