Alexander Morozov amorozov@etersoft.ru writes:
Changelog: ntoskrnl.exe: Change calling conventions for InterlockedExchange, InterlockedCompareExchange, InterlockedDecrement and InterlockedIncrement
--- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec @@ -28,11 +28,11 @@ @ stub Exfi386InterlockedExchangeUlong @ stub Exfi386InterlockedIncrementLong @ stub HalExamineMBR -@ stdcall InterlockedCompareExchange(ptr long long) kernel32.InterlockedCompareExchange -@ stdcall InterlockedDecrement(ptr) kernel32.InterlockedDecrement -@ stdcall InterlockedExchange(ptr long) kernel32.InterlockedExchange +@ stdcall -norelay InterlockedCompareExchange(ptr long long) NTOSKRNL_InterlockedCompareExchange +@ stdcall -norelay InterlockedDecrement(ptr) NTOSKRNL_InterlockedDecrement +@ stdcall -norelay InterlockedExchange(ptr long) NTOSKRNL_InterlockedExchange @ stdcall InterlockedExchangeAdd(ptr long ) kernel32.InterlockedExchangeAdd -@ stdcall InterlockedIncrement(ptr) kernel32.InterlockedIncrement +@ stdcall -norelay InterlockedIncrement(ptr) NTOSKRNL_InterlockedIncrement
Why didn't you fix InterlockedExchangeAdd too?
Why didn't you fix InterlockedExchangeAdd too?
Yes, this function also should be fixed. I will send new patch. Sorry. I got confused because this function worked:
#include "wdm.h"
#pragma code_seg("INIT") NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { LONG a = 0xaa, b = 0xbb, *ptr = &b, ret = 0xcc;
ret = InterlockedExchangeAdd(ptr, a); DbgPrint("*ptr %x, ret %x\n", *ptr, ret);
return STATUS_SUCCESS; } #pragma code_seg()
........... 10628: c7 45 fc aa 00 00 00 movl $0xaa,0xfffffffc(%ebp) 1062f: c7 45 f4 bb 00 00 00 movl $0xbb,0xfffffff4(%ebp) 10636: 8d 45 f4 lea 0xfffffff4(%ebp),%eax 10639: 89 45 f8 mov %eax,0xfffffff8(%ebp) 1063c: c7 45 f0 cc 00 00 00 movl $0xcc,0xfffffff0(%ebp) 10643: 8b 55 fc mov 0xfffffffc(%ebp),%edx 10646: 8b 4d f8 mov 0xfffffff8(%ebp),%ecx 10649: e8 42 fe ff ff call 0x10490 ...........
-
Alexander Morozov -
Alexandre Julliard