Suspicious padding value #27
Description
Currently when adding padding 0xcofebabe is added, this can be viewed here.
This can obviously be signed by a security product.
Now, I thought about setting it to NULL, but I had noticed that sometimes our padding is parsed as a return address by the stack. I've only ever seen this happen in the WinDBG stack unwinder, and never in the process hacker one, making me wonder if it even matters.
This needs to be investigated further.