The process handle `pHandle` is never closed resulting in a leaked handle.
JohnLaTwC opened this issue · 1 comments
JohnLaTwC commented
The process handle pHandle
is never closed resulting in a leaked handle.
NTSTATUS status = pNtOpenProcess(&pHandle, PROCESS_ALL_ACCESS, &ObjectAttributes, &ClientId);
...
// Locate memory hole for shellcode to reside in.
UINT_PTR loaderAddress = findMemoryHole(pHandle, exportAddress, sizeof(shellcodeLoader) + shellcodeSize);
if (loaderAddress == 0)
{
BeaconPrintf(CALLBACK_ERROR, "Unable to locate memory hole within 2G of export address");
+ CloseHandle(pHandle); <<< add a call to closehandle here
return;
}
pHandle
should also be closed in a cleanup routine or at any of these function return points.
Line 194 in 9cdc0db
Line 213 in 9cdc0db
Line 228 in 9cdc0db
Line 238 in 9cdc0db
Line 246 in 9cdc0db
Line 253 in 9cdc0db
Line 261 in 9cdc0db
Line 265 in 9cdc0db
iilegacyyii commented
Hi John, I've added a fix in the locations you mentioned. Thanks for raising this :)