Skip to content

Commit

Permalink
Move NtFlushInstructionCache above TLS callbacks
Browse files Browse the repository at this point in the history
  • Loading branch information
Nick Landers committed Jun 10, 2019
1 parent 71128b1 commit 1a0fc50
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions ShellcodeRDI/ShellcodeRDI.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,6 +526,8 @@ ULONG_PTR ExecutePayload(ULONG_PTR uiLibraryAddress, DWORD dwFunctionHash, LPVOI
uiValueA += sizeof(IMAGE_SECTION_HEADER);
}

// We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing.
pNtFlushInstructionCache((HANDLE)-1, NULL, 0);

///
// STEP 7: execute TLS callbacks
Expand Down Expand Up @@ -560,9 +562,6 @@ ULONG_PTR ExecutePayload(ULONG_PTR uiLibraryAddress, DWORD dwFunctionHash, LPVOI
// uiValueA = the VA of our newly loaded DLL/EXE's entry point
uiValueA = (uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint);

// We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing.
pNtFlushInstructionCache((HANDLE)-1, NULL, 0);

// call our respective entry point, fudging our hInstance value
// if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter)

Expand Down

0 comments on commit 1a0fc50

Please sign in to comment.