On 2020-06-07 11:56, Stefan Dösinger wrote:
Am 07.06.20 um 11:47 schrieb Stefan Dösinger:
Check the nop opcode in Windows DLLs. If Microsoft's kernel32.dll switched to 66 90 we're safe to switch too. If they still use 8b ff we probably should stick to that.
I just checked my Win10 19.09, it still uses 8b ff. So either Microsoft compiles Windows with an old Visual Studio or they kept the old style nops for Windows itself.
Looks like the /arch:IA32 option changes the hotpatch instruction from 66 90 back to 8b ff. This is true in a simple test and also my observation from looking at ReactOS binaries, which use that option.
It makes sense to assume that 32-bit Windows binaries would be built with that option for compatibility; the compiler default is to assume SSE2 these days.