[PATCH v3 3/3] ntdll: Pass KiUserCallbackDispatcher parameters on stack.

26 Oct 2022

From: Torge Matthies tmatthies@codeweavers.com
In addition to in registers.
Overwatch 2 hooks KiUserCallbackDispatcher and expects to be able to use all the caller-saved registers, but also
expects the callback id to be in ecx.
Signed-off-by: Torge Matthies openglfreak@googlemail.com
---
 dlls/ntdll/signal_x86_64.c      |  3 +++
 dlls/ntdll/unix/signal_x86_64.c | 10 +++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/dlls/ntdll/signal_x86_64.c b/dlls/ntdll/signal_x86_64.c
index 64d0cb1be57..daf44f85c8f 100644
--- a/dlls/ntdll/signal_x86_64.c
+++ b/dlls/ntdll/signal_x86_64.c
@@ -680,6 +680,9 @@ void WINAPI user_callback_dispatcher( ULONG id, void *args, ULONG len )
  */
 __ASM_GLOBAL_FUNC( KiUserCallbackDispatcher,
                   ".byte 0x0f, 0x1f, 0x44, 0x00, 0x00\n\t" /* Overwatch 2 replaces the first 5 bytes with a jump */
+                  "movq 0x28(%rsp), %rdx\n\t"
+                  "movl 0x30(%rsp), %ecx\n\t"
+                  "movl 0x34(%rsp), %r8d\n\t"
                   "andq $0xFFFFFFFFFFFFFFF0, %rsp\n\t"
                   __ASM_SEH(".seh_endprologue\n\t")
                   "call " __ASM_NAME("user_callback_dispatcher") "\n\t"
diff --git a/dlls/ntdll/unix/signal_x86_64.c b/dlls/ntdll/unix/signal_x86_64.c
index db01bc3a736..78ee6bd0b6d 100644
--- a/dlls/ntdll/unix/signal_x86_64.c
+++ b/dlls/ntdll/unix/signal_x86_64.c
@@ -2400,8 +2400,16 @@ NTSTATUS WINAPI KeUserModeCallback( ULONG id, const void *args, ULONG len, void
     {
         struct syscall_frame *frame = amd64_thread_data()->syscall_frame;
         void *args_data = (void *)((frame->rsp - len) & ~15);
+        struct {
+            void *args;
+            ULONG id;
+            ULONG len;
+        } *params = (void *)((ULONG_PTR)args_data - 0x18);
memcpy( args_data, args, len );
+        params->args = args_data;
+        params->id = id;
+        params->len = len;
callback_frame.frame.rcx           = id;
         callback_frame.frame.rdx           = (ULONG_PTR)args;
@@ -2410,7 +2418,7 @@ NTSTATUS WINAPI KeUserModeCallback( ULONG id, const void *args, ULONG len, void
         callback_frame.frame.fs            = amd64_thread_data()->fs;
         callback_frame.frame.gs            = ds64_sel;
         callback_frame.frame.ss            = ds64_sel;
-        callback_frame.frame.rsp           = (ULONG_PTR)args_data - 0x30;
+        callback_frame.frame.rsp           = (ULONG_PTR)params - 0x28;
         callback_frame.frame.rip           = (ULONG_PTR)pKiUserCallbackDispatcher;
         callback_frame.frame.eflags        = 0x200;
         callback_frame.frame.restore_flags = CONTEXT_CONTROL | CONTEXT_INTEGER;
-- 
GitLab

https://gitlab.winehq.org/wine/wine/-/merge_requests/1152

    

2025

2024

2023

2022

[PATCH v3 3/3] ntdll: Pass KiUserCallbackDispatcher parameters on stack.