There seems to be an inconsistency between the x86 and x64 stubs. The shellcodebase (arg 5) and Flags (arg 6) seem to be swapped for some reason.
This usually results in a multi-hour long delay.
The delay is caused by Flags(shellcodebase) is larger than 16 bytes: Bytes 16->32 are reserved for the sleep variable which is used by Step 5: process our import table in combination with SRDI_OBFUSCATEIMPORTS in the pSleep function.
This fix is only tested and implemented for the Python language. The other languages are still TODO. Any feedback is welcome.
There seems to be an inconsistency between the x86 and x64 stubs. The shellcodebase (arg 5) and Flags (arg 6) seem to be swapped for some reason.
This usually results in a multi-hour long delay.
The delay is caused by Flags(shellcodebase) is larger than 16 bytes: Bytes 16->32 are reserved for the
sleepvariable which is used byStep 5: process our import tablein combination withSRDI_OBFUSCATEIMPORTSin thepSleepfunction.This fix is only tested and implemented for the Python language. The other languages are still TODO. Any feedback is welcome.
Note: This is, as far as I can see, a direct fix for https://github.com/monoxgas/sRDI/issues/31