[Bug 48989] Riot Vanguard (Riot Games) 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.KeIpiGenericCall
WineHQ Bugzilla
wine-bugs at winehq.org
Wed Apr 22 14:06:04 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=48989
--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
small addendum...
I propose to keep it as stub for now, that is not calling the supplied
'BroadcastFunction'.
--- snip ---
001b:fixme:ntoskrnl:KeIpiGenericCall stub: 0000000000D61D74 0000000000000000
--- snip ---
It's used as one of many anti-debugging measures:
--- snip ---
0000000000D61D74 | 48:83EC 28 | sub rsp,28 |
0000000000D61D78 | 33C9 | xor ecx,ecx |
0000000000D61D7A | E9 2A3A2E00 | jmp vgk.10457A9 |
...
00000000010457A9 | 90 | nop |
00000000010457AA | E9 00000000 | jmp vgk.10457AF |
00000000010457AF | FA | cli |
00000000010457B0 | 41:81F8 934FCB45 | cmp r8d,45CB4F93 |
00000000010457B7 | 6644:3BD9 | cmp r11w,cx |
00000000010457BB | F9 | stc |
00000000010457BC | 33C0 | xor eax,eax |
00000000010457BE | E9 00000000 | jmp vgk.10457C3 |
00000000010457C3 | 0F23F8 | mov dr7,rax | zap debug control
00000000010457C6 | E9 00000000 | jmp vgk.10457CB |
00000000010457CB | FB | sti |
00000000010457CC | F5 | cmc |
00000000010457CD | F8 | clc |
00000000010457CE | 48:83C4 28 | add rsp,28 |
00000000010457D2 | E9 00000000 | jmp vgk.10457D7 |
00000000010457D7 | C3 | ret |
--- snip ---
It zeros out dr7 (debug control) in attempt to prevent hw breakpoints.
Although such measures can be defeated why not avoiding the trouble in first
place.
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list