ntdll: Stub system service requests in i386 mode (Int 2E, SYSENTER, SYSCALL) (try 3)
Paul Chitescu
paulc at voip.null.ro
Tue Jul 6 16:15:00 CDT 2010
Changelog:
ntdll: Stub system service requests in i386 mode (Int 2E, SYSENTER, SYSCALL)
Some system checkers, antiviruses and protections make direct system service
requests bypassing the Nt... entry points. Oh, and probably some viruses too.
On Linux (at least) SYSCALL is used by the system so we won't have a chance to
see it, it crashes the application.
No idea if this mechanism is used on other architectures and what is the call
convention there.
Changed from previous attempts:
- fixed the parameter offset, for SYSENTER and SYSCALL it is 8 above edx ==
esp.
- added comments about how the parameters must be located on stack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntdll_i386_system_service.patch
Type: text/x-patch
Size: 2725 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-patches/attachments/20100707/c761d62c/attachment.bin>
More information about the wine-patches
mailing list