https://bugs.winehq.org/show_bug.cgi?id=48989
Etaash Mathamsetty etaash.mathamsetty@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |etaash.mathamsetty@gmail.co | |m
--- Comment #4 from Etaash Mathamsetty etaash.mathamsetty@gmail.com --- (In reply to Anastasius Focht from comment #1)
Hello folks,
small addendum...
I propose to keep it as stub for now, that is not calling the supplied 'BroadcastFunction'.
--- snip --- 001b:fixme:ntoskrnl:KeIpiGenericCall stub: 0000000000D61D74 0000000000000000 --- snip ---
It's used as one of many anti-debugging measures:
--- snip --- 0000000000D61D74 | 48:83EC 28 | sub rsp,28 | 0000000000D61D78 | 33C9 | xor ecx,ecx | 0000000000D61D7A | E9 2A3A2E00 | jmp vgk.10457A9 | ... 00000000010457A9 | 90 | nop | 00000000010457AA | E9 00000000 | jmp vgk.10457AF | 00000000010457AF | FA | cli | 00000000010457B0 | 41:81F8 934FCB45 | cmp r8d,45CB4F93 | 00000000010457B7 | 6644:3BD9 | cmp r11w,cx | 00000000010457BB | F9 | stc | 00000000010457BC | 33C0 | xor eax,eax | 00000000010457BE | E9 00000000 | jmp vgk.10457C3 | 00000000010457C3 | 0F23F8 | mov dr7,rax | zap debug control 00000000010457C6 | E9 00000000 | jmp vgk.10457CB | 00000000010457CB | FB | sti | 00000000010457CC | F5 | cmc | 00000000010457CD | F8 | clc | 00000000010457CE | 48:83C4 28 | add rsp,28 | 00000000010457D2 | E9 00000000 | jmp vgk.10457D7 | 00000000010457D7 | C3 | ret | --- snip ---
It zeros out dr7 (debug control) in attempt to prevent hw breakpoints.
Although such measures can be defeated why not avoiding the trouble in first place.
Regards
Unfortunately it seems like our best option is to implement a semi-stub, since a surprisingly large number of kernel level drivers use it