Closed ladislav-zezula closed 3 years ago
1) The structure LDR_MODULE should be renamed to LDR_DATA_TABLE_ENTRY. This is the name under which the structure is publicky known
2) These functions, parsing the InLoadOrderModuleList have their ending condition wrong and are touching random data via mod->BaseAddress.
InLoadOrderModuleList
mod->BaseAddress
I'll prepare pull request for this.
Thank you :heart:
kevoreilly
commented
3 years ago kevoreilly
commented
3 years ago
1) The structure LDR_MODULE should be renamed to LDR_DATA_TABLE_ENTRY. This is the name under which the structure is publicky known
2) These functions, parsing the
InLoadOrderModuleListhave their ending condition wrong and are touching random data viamod->BaseAddress.I'll prepare pull request for this.