metsrv/pool_party.c: Fix allocation size #783

molecula2788 · 2025-11-15T16:31:07Z

This is a classic bug where the size of a pointer is allocated, instead of the size of the underlying structure.

dledda-r7 · 2025-12-02T09:43:42Z

@molecula2788 good catch, i have noticed it couple of months ago and is currently fixed here: #764

However I'll probably go ahead and land this before and rebase the other PR as this should require non-testing. Thanks for opening this PR. Cheers

dledda-r7 · 2025-12-02T10:06:58Z

c/meterpreter/source/metsrv/pool_party.c

 		}

-		pNtDll = (NtDll*)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(pNtDll));
+		pNtDll = (NtDll*)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(*pNtDll));


Suggested change

pNtDll = (NtDll*)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(*pNtDll));

pNtDll = (NtDll*)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(NtDll));

metsrv/pool_party.c: Fix allocation size

8a76bdb

dledda-r7 reviewed Dec 2, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

metsrv/pool_party.c: Fix allocation size #783

metsrv/pool_party.c: Fix allocation size #783

Uh oh!

molecula2788 commented Nov 15, 2025

Uh oh!

dledda-r7 commented Dec 2, 2025

Uh oh!

dledda-r7 Dec 2, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

	pNtDll = (NtDll)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(pNtDll));
	pNtDll = (NtDll*)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(NtDll));

metsrv/pool_party.c: Fix allocation size #783

Are you sure you want to change the base?

metsrv/pool_party.c: Fix allocation size #783

Uh oh!

Conversation

molecula2788 commented Nov 15, 2025

Uh oh!

dledda-r7 commented Dec 2, 2025

Uh oh!

dledda-r7 Dec 2, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants