Re: [PATCH v3 0/1] MR8466: ntdll: Also restore rbp before calling user mode callback.

On Tue Jul 1 00:54:29 2025 +0000, Yuxuan Shui wrote:

PE side. The rbp is important because unwind op code `UWOP_SET_FPREG` uses it to restore the rsp. The problems is that the wrong rbp got saved on to the stack frame. When something like this happens: some user mode functions (1) -> syscall -> kernel mode -> `call_user_mode_callback` -> callback -> more user mode functions the callback function (`KiUserCallbackDispatcher`) saves whatever rbp it gets onto the stack. if this rbp differs from what it was at point (1), unwind breaks.

yeah, i think you are right about restoring other registers. if we don't do that, exception handlers located in frames below `call_user_mode_callback` probably will break if we try to invoke them.