Merge pull request #3 from RaMMicHaeL/patch1

CreateBootstrap: take "shadow space" into account
dismantl · Jun 28, 2016 · 823e30c · 823e30c
2 parents 058b176 + 133e5ab
commit 823e30c
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/inject/src/LoadLibraryR.c b/inject/src/LoadLibraryR.c
@@ -466,6 +466,10 @@ static DWORD CreateBootstrap(
 			MoveMemory(lpBuffer + i, &nUserdataLen, sizeof(nUserdataLen));
 			i += sizeof(nUserdataLen);
 
+			// sub rsp, 20
+			MoveMemory(lpBuffer + i, "\x48\x83\xec\x20", 4);
+			i += 4;
+
 			// move rax, <address of reflective loader>
 			MoveMemory(lpBuffer + i, "\x48\xc7\xc0", 3);
 			i += 3;
@@ -503,6 +507,10 @@ static DWORD CreateBootstrap(
 			MoveMemory(lpBuffer + i, &nUserdataLen, sizeof(nUserdataLen));
 			i += sizeof(nUserdataLen);
 
+			// sub rsp, 20
+			MoveMemory(lpBuffer + i, "\x48\x83\xec\x20", 4);
+			i += 4;
+
 			// move rax, <address of reflective loader>
 			MoveMemory(lpBuffer + i, "\x48\xb8", 2);
 			i += 2;