Out of curiosity, what was the assumption that ntlea made that necessitates a wrapper around GetWindowLongA? Is there a way to satisfy ntlea without having to write assembly?
That's described in the subject of 3/3. It should really be a comment in the code, though. Technically we don't need to push $-2, but we need a two-byte instruction that shifts %esp by -4. What ntlea does, in more detail, is: * Check for the hotpatch prefix (well, actually only the first 4 bytes of it). If it's not present, it makes different assumptions about the internal assembly, that are harder to match. [1] * Replace the first 5 bytes with a jump to a hook. When the hook returns, it does: pushl %ebp movl %esp, %ebp pushl $-2 and then jumps to byte offset 7 in the original function. [2] [1] https://github.com/zxyacb/ntlea/blob/faeacc46c9015e828f312382632e0b0774f7541... [2] https://github.com/zxyacb/ntlea/blob/master/Tools/ntlea/ntleai/ntleax.c#L325 -- https://gitlab.winehq.org/wine/wine/-/merge_requests/3855#note_45552