[PATCH 1/5] ntoskrnl.exe: Store current thread object at right offset from GS.
Zebediah Figura
z.figura12 at gmail.com
Wed Jul 15 18:44:23 CDT 2020
On 7/15/20 2:59 PM, Derek Lesho wrote:
> In kernel mode, GS base is not set to a TEB, but fortunately the offset
> for the current thread object, which EasyAntiCheat.sys relies on,
> doesn't conflict with anything in the TEB.
Perhaps this should be a comment in the code, not in the commit message.
>
> Signed-off-by: Derek Lesho <dlesho at codeweavers.com>
> ---
> dlls/ntoskrnl.exe/ntoskrnl.c | 33 ++++++++++++++++++++++++++++-----
> 1 file changed, 28 insertions(+), 5 deletions(-)
>
> diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
> index d407cffee69..2430b0d9202 100644
> --- a/dlls/ntoskrnl.exe/ntoskrnl.c
> +++ b/dlls/ntoskrnl.exe/ntoskrnl.c
> @@ -870,7 +870,7 @@ NTSTATUS CDECL wine_ntoskrnl_main_loop( HANDLE stop_event )
>
> for (;;)
> {
> - NtCurrentTeb()->Reserved5[1] = NULL;
> + NtCurrentTeb()->SystemReserved1[15] = NULL;
> if (!context.in_buff && !(context.in_buff = HeapAlloc( GetProcessHeap(), 0, context.in_size )))
> {
> ERR( "failed to allocate buffer\n" );
> @@ -891,7 +891,7 @@ NTSTATUS CDECL wine_ntoskrnl_main_loop( HANDLE stop_event )
> context.params = reply->params;
> context.in_size = reply->in_size;
> client_tid = reply->client_tid;
> - NtCurrentTeb()->Reserved5[1] = wine_server_get_ptr( reply->client_thread );
> + NtCurrentTeb()->SystemReserved1[15] = wine_server_get_ptr( reply->client_thread );
> }
> else
> {
> @@ -2339,7 +2339,7 @@ POBJECT_TYPE PsThreadType = &thread_type;
> */
> PRKTHREAD WINAPI KeGetCurrentThread(void)
> {
> - struct _KTHREAD *thread = NtCurrentTeb()->Reserved5[1];
> + struct _KTHREAD *thread = NtCurrentTeb()->SystemReserved1[15];
>
> if (!thread)
> {
> @@ -2352,7 +2352,7 @@ PRKTHREAD WINAPI KeGetCurrentThread(void)
> kernel_object_from_handle( handle, PsThreadType, (void**)&thread );
> if (handle != GetCurrentThread()) NtClose( handle );
>
> - NtCurrentTeb()->Reserved5[1] = thread;
> + NtCurrentTeb()->SystemReserved1[15] = thread;
> }
>
> return thread;
> @@ -2881,6 +2881,22 @@ DEVICE_OBJECT* WINAPI IoGetAttachedDeviceReference( DEVICE_OBJECT *device )
> }
>
>
> +struct system_thread_ctx
> +{
> + PKSTART_ROUTINE start;
> + PVOID context;
> +};
> +
> +static void WINAPI init_system_thread(PVOID context)
> +{
> + struct system_thread_ctx info = *(struct system_thread_ctx *)context;
> + HeapFree( GetProcessHeap(), 0, context );
> +
> + NtCurrentTeb()->SystemReserved1[15] = KeGetCurrentThread();
> +
> + info.start(info.context);
> +}
> +
> /***********************************************************************
> * PsCreateSystemThread (NTOSKRNL.EXE.@)
> */
> @@ -2889,9 +2905,16 @@ NTSTATUS WINAPI PsCreateSystemThread(PHANDLE ThreadHandle, ULONG DesiredAccess,
> HANDLE ProcessHandle, PCLIENT_ID ClientId,
> PKSTART_ROUTINE StartRoutine, PVOID StartContext)
> {
> + struct system_thread_ctx *info;
> +
> if (!ProcessHandle) ProcessHandle = GetCurrentProcess();
> +
> + info = HeapAlloc( GetProcessHeap(), 0, sizeof(*info) );
> + info->start = StartRoutine;
> + info->context = StartContext;
> +
> return RtlCreateUserThread(ProcessHandle, 0, FALSE, 0, 0,
> - 0, StartRoutine, StartContext,
> + 0, init_system_thread, info,
> ThreadHandle, ClientId);
> }
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20200715/77e58834/attachment.sig>
More information about the wine-devel
mailing list