File tree Expand file tree Collapse file tree 1 file changed +6
-6
lines changed
Expand file tree Collapse file tree 1 file changed +6
-6
lines changed Original file line number Diff line number Diff line change @@ -349,17 +349,17 @@ def __init__(self, ql):
349349 self .path = self .ql .path
350350
351351 def run (self ):
352- self .init_dlls = [b"ntoskrnl.exe" , b" ntdll.dll"b"kernel32.dll" , b"user32.dll" ]
353- self .sys_dlls = [b"ntoskrnl.exe" , b" ntdll.dll"b"kernel32.dll" ]
352+ self .init_dlls = [b"ntdll.dll" , b"kernel32.dll" , b"user32.dll" ]
353+ self .sys_dlls = [b"ntdll.dll" , b"kernel32.dll" ]
354354 self .pe_entry_point = 0
355355 self .sizeOfStackReserve = 0
356356
357- if self .ql .shellcoder :
358- self .init_dlls .remove (b"ntoskrnl.exe" )
359- self .sys_dlls .remove (b"ntoskrnl.exe" )
360- else :
357+ if not self .ql .shellcoder :
361358 self .pe = pefile .PE (self .path , fast_load = True )
362359 self .is_driver = (self .pe .OPTIONAL_HEADER .Subsystem == 1 )
360+ if self .is_driver :
361+ self .init_dlls = [b"ntoskrnl.exe" ]
362+ self .sys_dlls = [b"ntoskrnl.exe" ]
363363
364364 if self .ql .archtype == QL_ARCH .X86 :
365365 self .stack_address = int (self .ql .os .profile .get ("OS32" , "stack_address" ), 16 )
You can’t perform that action at this time.
0 commit comments