Merge pull request #35 from mrexodia/fix_leaks

NtQuery · NtQuery · commit 0ca2c1a0da5d · 2016-02-27T17:52:33.000+01:00
fixed some handle/memory leaks and a possible NULL dereference
diff --git a/Scylla/FunctionExport.cpp b/Scylla/FunctionExport.cpp
@@ -40,12 +40,14 @@ BOOL DumpProcessW(const WCHAR * fileToDump, DWORD_PTR imagebase, DWORD_PTR entry
 		peFile = new PeParser(imagebase, true);
 	}
 
-	return peFile->dumpProcess(imagebase, entrypoint, fileResult);
+	bool result = peFile->dumpProcess(imagebase, entrypoint, fileResult);
+
+	delete peFile;
+	return result;
 }
 
 BOOL WINAPI ScyllaRebuildFileW(const WCHAR * fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup)
 {
-
 	if (createBackup)
 	{
 		if (!ProcessAccessHelp::createBackupFile(fileToRebuild))
@@ -291,6 +293,5 @@ int WINAPI ScyllaIatFixAutoW(DWORD_PTR iatAddr, DWORD iatSize, DWORD dwProcessId
 	ProcessAccessHelp::closeProcessHandle();
 	apiReader.clearAll();
 
-
 	return retVal;
 }
diff --git a/Scylla/IATSearch.cpp b/Scylla/IATSearch.cpp
@@ -51,6 +51,7 @@ bool IATSearch::findIATAdvanced( DWORD_PTR startAddress, DWORD_PTR* addressIAT,
 #ifdef DEBUG_COMMENTS
 		Scylla::debugLog.log(L"findAPIAddressInIAT2 :: error reading memory");
 #endif
+		delete [] dataBuffer;
 		return false;
 	}
 
@@ -279,6 +280,7 @@ bool IATSearch::findIATStartAndSize(DWORD_PTR address, DWORD_PTR * addressIAT, D
 #ifdef DEBUG_COMMENTS
 		Scylla::debugLog.log(L"findIATStartAddress :: error reading memory");
 #endif
+		delete [] dataBuffer;
 		return false;
 	}
 
diff --git a/Scylla/ProcessAccessHelp.cpp b/Scylla/ProcessAccessHelp.cpp
@@ -601,6 +601,7 @@ LPVOID ProcessAccessHelp::createFileMappingView(const WCHAR * filePath, DWORD ac
 #ifdef DEBUG_COMMENTS
 		Scylla::debugLog.log(L"createFileMappingView :: GetLastError() == ERROR_ALREADY_EXISTS");
 #endif
+		CloseHandle(hMappedFile);
 		return NULL;
 	}
 
diff --git a/Scylla/TreeImportExport.cpp b/Scylla/TreeImportExport.cpp
@@ -40,6 +40,11 @@ bool TreeImportExport::importTreeList(std::map<DWORD_PTR, ImportModuleThunk> & m
 	}
 
 	TiXmlElement * targetElement = doc.FirstChildElement();
+	if (!targetElement)
+	{
+		Sylla::windowLog.log(L"Load Tree :: Error getting first child element in xml %S\r\n", doc.Value());
+		return false;
+	}
 
 	*addressOEP = ConvertStringToDwordPtr(targetElement->Attribute("oep_va"));
 	*addressIAT = ConvertStringToDwordPtr(targetElement->Attribute("iat_va"));

Original file line number	Diff line number	Diff line change
`@@ -40,12 +40,14 @@ BOOL DumpProcessW(const WCHAR * fileToDump, DWORD_PTR imagebase, DWORD_PTR entry`
`40`	`40`	`peFile = new PeParser(imagebase, true);`
`41`	`41`	`}`
`42`	`42`
`43`		`- return peFile->dumpProcess(imagebase, entrypoint, fileResult);`
	`43`	`+ bool result = peFile->dumpProcess(imagebase, entrypoint, fileResult);`
	`44`	`+`
	`45`	`+ delete peFile;`
	`46`	`+ return result;`
`44`	`47`	`}`
`45`	`48`
`46`	`49`	`BOOL WINAPI ScyllaRebuildFileW(const WCHAR * fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup)`
`47`	`50`	`{`
`48`		`-`
`49`	`51`	`if (createBackup)`
`50`	`52`	`{`
`51`	`53`	`if (!ProcessAccessHelp::createBackupFile(fileToRebuild))`
`@@ -291,6 +293,5 @@ int WINAPI ScyllaIatFixAutoW(DWORD_PTR iatAddr, DWORD iatSize, DWORD dwProcessId`
`291`	`293`	`ProcessAccessHelp::closeProcessHandle();`
`292`	`294`	`apiReader.clearAll();`
`293`	`295`
`294`		`-`
`295`	`296`	`return retVal;`
`296`	`297`	`}`
Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,7 @@ bool IATSearch::findIATAdvanced( DWORD_PTR startAddress, DWORD_PTR* addressIAT,`
`51`	`51`	`#ifdef DEBUG_COMMENTS`
`52`	`52`	`Scylla::debugLog.log(L"findAPIAddressInIAT2 :: error reading memory");`
`53`	`53`	`#endif`
	`54`	`+ delete [] dataBuffer;`
`54`	`55`	`return false;`
`55`	`56`	`}`
`56`	`57`
`@@ -279,6 +280,7 @@ bool IATSearch::findIATStartAndSize(DWORD_PTR address, DWORD_PTR * addressIAT, D`
`279`	`280`	`#ifdef DEBUG_COMMENTS`
`280`	`281`	`Scylla::debugLog.log(L"findIATStartAddress :: error reading memory");`
`281`	`282`	`#endif`
	`283`	`+ delete [] dataBuffer;`
`282`	`284`	`return false;`
`283`	`285`	`}`
`284`	`286`
Original file line number	Diff line number	Diff line change
`@@ -601,6 +601,7 @@ LPVOID ProcessAccessHelp::createFileMappingView(const WCHAR * filePath, DWORD ac`
`601`	`601`	`#ifdef DEBUG_COMMENTS`
`602`	`602`	`Scylla::debugLog.log(L"createFileMappingView :: GetLastError() == ERROR_ALREADY_EXISTS");`
`603`	`603`	`#endif`
	`604`	`+ CloseHandle(hMappedFile);`
`604`	`605`	`return NULL;`
`605`	`606`	`}`
`606`	`607`