Bugfix loading address of library path into rcx

The old code breaks if the payload is executed from a memory area where the 4 most significant bytes are non-zero.
2015-11-02 16:56:07 +01:00
parent a01d7c966a
commit 4eaf1ace81
1 changed files with 1 additions and 1 deletions
@@ -15,7 +15,7 @@ delta:                   ;
 %include "./src/block/block_api.asm" ; 
 start:                   ;
  pop rbp                ; Pop off the address of 'api_call' for calling later.
-  lea rcx, [ebp+libpath-delta]
+  lea rcx, [rbp+libpath-delta]
  mov r10d, 0x0726774C        ; hash( "kernel32.dll", "LoadLibraryA" )
  call rbp               ; LoadLibraryA( &libpath );
 	; Finish up with the EXITFUNK.