https://bugs.winehq.org/show_bug.cgi?id=48989
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
small addendum...
I propose to keep it as stub for now, that is not calling the supplied 'BroadcastFunction'.
--- snip --- 001b:fixme:ntoskrnl:KeIpiGenericCall stub: 0000000000D61D74 0000000000000000 --- snip ---
It's used as one of many anti-debugging measures:
--- snip --- 0000000000D61D74 | 48:83EC 28 | sub rsp,28 | 0000000000D61D78 | 33C9 | xor ecx,ecx | 0000000000D61D7A | E9 2A3A2E00 | jmp vgk.10457A9 | ... 00000000010457A9 | 90 | nop | 00000000010457AA | E9 00000000 | jmp vgk.10457AF | 00000000010457AF | FA | cli | 00000000010457B0 | 41:81F8 934FCB45 | cmp r8d,45CB4F93 | 00000000010457B7 | 6644:3BD9 | cmp r11w,cx | 00000000010457BB | F9 | stc | 00000000010457BC | 33C0 | xor eax,eax | 00000000010457BE | E9 00000000 | jmp vgk.10457C3 | 00000000010457C3 | 0F23F8 | mov dr7,rax | zap debug control 00000000010457C6 | E9 00000000 | jmp vgk.10457CB | 00000000010457CB | FB | sti | 00000000010457CC | F5 | cmc | 00000000010457CD | F8 | clc | 00000000010457CE | 48:83C4 28 | add rsp,28 | 00000000010457D2 | E9 00000000 | jmp vgk.10457D7 | 00000000010457D7 | C3 | ret | --- snip ---
It zeros out dr7 (debug control) in attempt to prevent hw breakpoints.
Although such measures can be defeated why not avoiding the trouble in first place.
Regards