Memory access violation
serge-sb opened this issue · 1 comments
Dear VLD developers,
It seems I've found some rare bug. I'm not able to do pull requests, so pls review my proposition and add it if you find it ok.
Bug is in the utility.cpp in PatchImport function (line 489). After calling to ImageDirectoryEntryToDataEx the idte variable is compared to NULL (line 508). But this is not actually enough. In case idte is not null, the idte->OriginalFirstThunk must be also compared to zero. If it is 0, then the PatchImport must return immediately.
So, the line:
if (idte == NULL) {
should be replaced with:
if ((idte == NULL) || (idte->OriginalFirstThunk == 0)) {
If this is not done, then later in this function IMAGE_THUNK_DATA *thunk points to - I think - corrupted or wrong data, which in turn leads to Access memory violation in FindRealCode((LPVOID)thunk->u1.Function).
KR
Serge