search

WithSecureLabs / C3

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
Other
1.53k stars 270 forks source link

Early function return in LoadPe() fails to release memory in error branch #52

Closed JohnLaTwC closed 3 years ago

JohnLaTwC commented 3 years ago 
        //
        // STEP 8.1: Add Exception handling
        //
#if defined _M_X64
        auto pImageEntryException = &ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION];

        if (pImageEntryException->Size > 0)
        {
            auto functionTable = Rva2Va<PRUNTIME_FUNCTION>(baseAddress, pImageEntryException->VirtualAddress);
            DWORD count = pImageEntryException->Size / sizeof(IMAGE_RUNTIME_FUNCTION_ENTRY);
            if (!RtlAddFunctionTable(functionTable, count, (DWORD64)baseAddress))
            {
+               VirtualFree((void*)baseAddress, 0, MEM_RELEASE);
                return 1;
            }
        }

#elif defined _M_IX86

https://github.com/FSecureLABS/C3/blob/d01c3a42d2ecb525a368c10d5b5f82c22457715e/Src/CebuLoader/LoadPe.cpp#L330