The second argument of RtlMoveMemory is source pointer, not the size.
And, buf is an array of single char string objects, you can't call RtlMoveMemory on it.
While troubleshooting, I tried to allocate a memory, returns a pointer as the following:
buf = Pointer.malloc(Fiddle::SIZEOF_CHAR * shellcode.size, Fiddle::Pointer[shellcode.bytes.pack('C*')])
=> #<Fiddle::Pointer:0x02f4fae0 ptr=0x02c807e0 size=110 free=0x0299ef10>
Then I used it the RtlMoveMemeory function
Function.new(kernel32['RtlMoveMemory'], [4, 2, 4], 4).call(ptr, buf, shellcode.size)
Still getting the same error
ruby 2.5.1p57 (2018-03-29 revision 63029) [i386-mingw32]
-- Control frame information -----------------------------------------------
c:0003 p:---- s:0018 e:000017 CFUNC :call
c:0002 p:0332 s:0011 E:001cf4 EVAL ./ruby2shellcode-2.rb:66 [FINISH]
c:0001 p:0000 s:0003 E:001d58 (none) [FINISH]
-- Ruby level backtrace information ----------------------------------------
./ruby2shellcode-2.rb:66:in `<main>'
./ruby2shellcode-2.rb:66:in `call'
-- C level backtrace information -------------------------------------------
C:\Windows\SYSTEM32\ntdll.dll(KiFastSystemCallRet+0x0) [0x770f38b0]
C:\Windows\System32\KERNELBASE.dll(WaitForSingleObject+0x12) [0x73f621b2]
C:\Ruby25\bin\msvcrt-ruby250.dll(rb_print_backtrace+0x40) [0x62a8aa60]
C:\Windows\SYSTEM32\ntdll.dll(WinSqmEventWrite+0x144cb) [0x7711a48b]
-- Other runtime information -----------------------------------------------
* Loaded script: ./ruby2shellcode-2.rb
* Loaded features:
0 enumerator.so
1 thread.rb
2 rational.so
3 complex.so
4 C:/Ruby25/lib/ruby/2.5.0/i386-mingw32/enc/encdb.so
5 C:/Ruby25/lib/ruby/2.5.0/i386-mingw32/enc/trans/transdb.so
6 C:/Ruby25/lib/ruby/2.5.0/i386-mingw32/enc/windows_1252.so
7 C:/Ruby25/lib/ruby/2.5.0/i386-mingw32/rbconfig.rb
8 C:/Ruby25/lib/ruby/2.5.0/rubygems/compatibility.rb
9 C:/Ruby25/lib/ruby/2.5.0/rubygems/defaults.rb
10 C:/Ruby25/lib/ruby/2.5.0/rubygems/deprecate.rb
11 C:/Ruby25/lib/ruby/2.5.0/rubygems/errors.rb
12 C:/Ruby25/lib/ruby/2.5.0/rubygems/version.rb
13 C:/Ruby25/lib/ruby/2.5.0/rubygems/requirement.rb
14 C:/Ruby25/lib/ruby/2.5.0/rubygems/platform.rb
15 C:/Ruby25/lib/ruby/2.5.0/rubygems/basic_specification.rb
16 C:/Ruby25/lib/ruby/2.5.0/rubygems/stub_specification.rb
17 C:/Ruby25/lib/ruby/2.5.0/rubygems/util/list.rb
18 C:/Ruby25/lib/ruby/2.5.0/i386-mingw32/stringio.so
19 C:/Ruby25/lib/ruby/2.5.0/uri/rfc2396_parser.rb
20 C:/Ruby25/lib/ruby/2.5.0/uri/rfc3986_parser.rb
21 C:/Ruby25/lib/ruby/2.5.0/uri/common.rb
22 C:/Ruby25/lib/ruby/2.5.0/uri/generic.rb
23 C:/Ruby25/lib/ruby/2.5.0/uri/ftp.rb
24 C:/Ruby25/lib/ruby/2.5.0/uri/http.rb
25 C:/Ruby25/lib/ruby/2.5.0/uri/https.rb
26 C:/Ruby25/lib/ruby/2.5.0/uri/ldap.rb
27 C:/Ruby25/lib/ruby/2.5.0/uri/ldaps.rb
28 C:/Ruby25/lib/ruby/2.5.0/uri/mailto.rb
29 C:/Ruby25/lib/ruby/2.5.0/uri.rb
30 C:/Ruby25/lib/ruby/2.5.0/rubygems/specification.rb
31 C:/Ruby25/lib/ruby/2.5.0/rubygems/exceptions.rb
32 C:/Ruby25/lib/ruby/site_ruby/2.5.0/ruby_installer/runtime/singleton.rb
33 C:/Ruby25/lib/ruby/site_ruby/2.5.0/ruby_installer/runtime.rb
34 C:/Ruby25/lib/ruby/site_ruby/2.5.0/ruby_installer/runtime/msys2_installation.rb
35 C:/Ruby25/lib/ruby/2.5.0/i386-mingw32/fiddle.so
36 C:/Ruby25/lib/ruby/2.5.0/fiddle/function.rb
37 C:/Ruby25/lib/ruby/2.5.0/fiddle/closure.rb
38 C:/Ruby25/lib/ruby/2.5.0/fiddle.rb
39 C:/Ruby25/lib/ruby/site_ruby/2.5.0/ruby_installer/runtime/dll_directory.rb
40 C:/Ruby25/lib/ruby/2.5.0/i386-mingw32/enc/utf_16le.so
41 C:/Ruby25/lib/ruby/2.5.0/i386-mingw32/enc/trans/utf_16_32.so
42 C:/Ruby25/lib/ruby/2.5.0/rubygems/defaults/operating_system.rb
43 C:/Ruby25/lib/ruby/2.5.0/rubygems/dependency.rb
44 C:/Ruby25/lib/ruby/2.5.0/rubygems/core_ext/kernel_gem.rb
45 C:/Ruby25/lib/ruby/2.5.0/monitor.rb
46 C:/Ruby25/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb
47 C:/Ruby25/lib/ruby/2.5.0/rubygems.rb
48 C:/Ruby25/lib/ruby/2.5.0/rubygems/path_support.rb
49 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/version.rb
50 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/core_ext/name_error.rb
51 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/levenshtein.rb
52 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/jaro_winkler.rb
53 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/spell_checker.rb
54 C:/Ruby25/lib/ruby/2.5.0/delegate.rb
55 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/spell_checkers/name_error_checkers/class_name_checker.rb
56 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb
57 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/spell_checkers/name_error_checkers.rb
58 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/spell_checkers/method_name_checker.rb
59 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/spell_checkers/key_error_checker.rb
60 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/spell_checkers/null_checker.rb
61 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean/formatters/plain_formatter.rb
62 C:/Ruby25/lib/ruby/gems/2.5.0/gems/did_you_mean-1.2.0/lib/did_you_mean.rb
63 C:/Ruby25/lib/ruby/2.5.0/fiddle/value.rb
64 C:/Ruby25/lib/ruby/2.5.0/fiddle/pack.rb
65 C:/Ruby25/lib/ruby/2.5.0/fiddle/struct.rb
66 C:/Ruby25/lib/ruby/2.5.0/fiddle/cparser.rb
67 C:/Ruby25/lib/ruby/2.5.0/fiddle/import.rb
68 C:/Ruby25/lib/ruby/2.5.0/fiddle/types.rb
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
There is something missing, How would I troubleshoot fiddle errors, since most errors are segmentation fault, while dealing with memeory?
Updated by 
Updated by