ntdll: Properly follow jumps when checking a function epilog.
This commit is contained in:
parent
9ee4809dc3
commit
c0610daf77
|
@ -2629,8 +2629,6 @@ static BOOL is_inside_epilog( BYTE *pc, ULONG64 base, const RUNTIME_FUNCTION *fu
|
||||||
|
|
||||||
for (;;)
|
for (;;)
|
||||||
{
|
{
|
||||||
DWORD offset;
|
|
||||||
|
|
||||||
if ((*pc & 0xf0) == 0x40) pc++; /* rex prefix */
|
if ((*pc & 0xf0) == 0x40) pc++; /* rex prefix */
|
||||||
|
|
||||||
switch (*pc)
|
switch (*pc)
|
||||||
|
@ -2649,11 +2647,15 @@ static BOOL is_inside_epilog( BYTE *pc, ULONG64 base, const RUNTIME_FUNCTION *fu
|
||||||
case 0xc3: /* ret */
|
case 0xc3: /* ret */
|
||||||
return TRUE;
|
return TRUE;
|
||||||
case 0xe9: /* jmp nnnn */
|
case 0xe9: /* jmp nnnn */
|
||||||
offset = pc + 5 + *(LONG *)(pc + 1) - (BYTE *)base;
|
pc += 5 + *(LONG *)(pc + 1);
|
||||||
return (offset >= function->BeginAddress && offset < function->EndAddress);
|
if (pc - (BYTE *)base >= function->BeginAddress && pc - (BYTE *)base < function->EndAddress)
|
||||||
|
continue;
|
||||||
|
break;
|
||||||
case 0xeb: /* jmp n */
|
case 0xeb: /* jmp n */
|
||||||
offset = pc + 2 + (signed char)pc[1] - (BYTE *)base;
|
pc += 2 + (signed char)pc[1];
|
||||||
return (offset >= function->BeginAddress && offset < function->EndAddress);
|
if (pc - (BYTE *)base >= function->BeginAddress && pc - (BYTE *)base < function->EndAddress)
|
||||||
|
continue;
|
||||||
|
break;
|
||||||
case 0xf3: /* rep; ret (for amd64 prediction bug) */
|
case 0xf3: /* rep; ret (for amd64 prediction bug) */
|
||||||
return pc[1] == 0xc3;
|
return pc[1] == 0xc3;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue