Why didn't you fix InterlockedExchangeAdd too?
Yes, this function also should be fixed. I will send new patch. Sorry. I got confused because this function worked:
#include "wdm.h"
#pragma code_seg("INIT") NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { LONG a = 0xaa, b = 0xbb, *ptr = &b, ret = 0xcc;
ret = InterlockedExchangeAdd(ptr, a); DbgPrint("*ptr %x, ret %x\n", *ptr, ret);
return STATUS_SUCCESS; } #pragma code_seg()
........... 10628: c7 45 fc aa 00 00 00 movl $0xaa,0xfffffffc(%ebp) 1062f: c7 45 f4 bb 00 00 00 movl $0xbb,0xfffffff4(%ebp) 10636: 8d 45 f4 lea 0xfffffff4(%ebp),%eax 10639: 89 45 f8 mov %eax,0xfffffff8(%ebp) 1063c: c7 45 f0 cc 00 00 00 movl $0xcc,0xfffffff0(%ebp) 10643: 8b 55 fc mov 0xfffffffc(%ebp),%edx 10646: 8b 4d f8 mov 0xfffffff8(%ebp),%ecx 10649: e8 42 fe ff ff call 0x10490 ...........