stevemk14ebr
commented
1 month ago https://github.com/mandiant/STrace/commit/58547f054933e81e7fb9bbef0f40cd23cb110af5 fixes the first issue by using Se api
Open stevemk14ebr opened 1 month ago
stevemk14ebr
commented
1 month ago https://github.com/mandiant/STrace/commit/58547f054933e81e7fb9bbef0f40cd23cb110af5 fixes the first issue by using Se api
Usermode reads should use https://github.com/mandiant/STrace/blob/7e2d56c23ec89566fd82667b7f220037480a4e6b/C/STrace/DynamicTrace.cpp#L5 or at least ProbeForRead to restrict addresses we read to UM and catch with try except if they're invalid addresses.
Guard against PEB / Module lists stomping. Cycles can be created not including the list head/end causing infinite loops in the module walks