32-bit hotpatching question
Stefan Dösinger
stefandoesinger at gmail.com
Sun Jun 7 04:56:24 CDT 2020
Am 07.06.20 um 11:47 schrieb Stefan Dösinger:
> Check the nop opcode in Windows DLLs. If Microsoft's kernel32.dll
> switched to 66 90 we're safe to switch too. If they still use 8b ff we
> probably should stick to that.
I just checked my Win10 19.09, it still uses 8b ff. So either Microsoft
compiles Windows with an old Visual Studio or they kept the old style
nops for Windows itself.
Also worth noting is that I have not seen any application that uses the
2 byte instructions the way Microsoft uses it themselves for on the fly
updates: Put an absolute jump in the 5 bytes (0xcc or 0x90) before the
function and then replace the two byte instruction with a relative -5
jump. The applications I dealt with all replace the first 5 bytes with
an absolute jump, with varying degrees of care. The idea of the 2 byte
nop is that it can be replaced without caring about races, whereas
replacing the 5 bytes will crash and burn if a thread is in the middle
of executing them. Steam hotpatches on process creation or DLL load, so
it is fine. Others I am not so sure...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20200607/b7eb347b/attachment.sig>
More information about the wine-devel
mailing list