From 51ba022c29d3faae424ac6c51c0d7fb0a4cb5b84 Mon Sep 17 00:00:00 2001
From: Duncan Ogilvie <mr.exodia.tpodt@gmail.com>
Date: Fri, 10 Apr 2020 03:56:08 +0200
Subject: [PATCH] Fix a weird exploit when attaching to a process that
 overwrites its own OptionalHeader.SizeOfStackReserve

---
 TitanEngine/Global.Debugger.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/TitanEngine/Global.Debugger.cpp b/TitanEngine/Global.Debugger.cpp
index f5120a5..13f6bb1 100644
--- a/TitanEngine/Global.Debugger.cpp
+++ b/TitanEngine/Global.Debugger.cpp
@@ -172,7 +172,7 @@ static NTSTATUS CreateThreadSkipAttach(IN HANDLE ProcessHandle, IN PUSER_THREAD_
             THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH,
             0,
             0x4000 /* PAGE_SIZE * 4 */,
-            0,
+            0x4000,
             nullptr);
     }
     else
@@ -182,7 +182,7 @@ static NTSTATUS CreateThreadSkipAttach(IN HANDLE ProcessHandle, IN PUSER_THREAD_
             NULL,
             FALSE,
             0,
-            0,
+            0x4000,
             0x4000 /* PAGE_SIZE * 4 */,
             StartRoutine,
             Argument,