Here it goes. A detailed blog on proxying your DLL loads and hiding the original callstack from userland hooks/ETW with a new set of undocumented API and some hacky tricks. Code is on my Github repository. This one was a brain buster 🔥
0xdarkvortex.dev/proxying-dll-l
Conversation
And the PIC shellcode will crash if you exceed the stack limit and the _chkstk routine doesnt exist. I have explicitly tested it during my shellcode development for brc4.
1
1
Show replies
Maybe you should read some msdn docs instead of arrogantly shouting what you dont understand
1
1
More RTFM for you
"_chkstk() increases the stack when needed by committing some of the pages previously reserved for the stack. If there is no more physical memory available for committed pages, _chkstk fails"
1
1
Show replies

