On Fri May 2 11:04:10 2025 +0000, Paul Gofman wrote:
This helps The Finals which stopped working after recent game update. The todo in test is related to https://gitlab.winehq.org/wine/wine/-/merge_requests/283 . That MR is otherwise orhtogonal though, it relates to sanitizing flags in the context passed to NtContextThread, whlie this one concerns what happens when NT flag is set by app upon calling syscall. It could maybe look reasonable to sanitize the flag on syscall entry, but then the test shows that returned r11 value and the flags (apart from NtSetContextThread) keep NT flag, so fixing up before iret avoids some complication and also avoids adding extra to default syscall path.
Since the iret slowpath is triggered, it means the game is either installing instrumentation context or setting context, isn't it? Merely entering the syscall with NT flag is not enough to trigger the bug.
If the slowpath is triggered by CONTEXT_CONTROL, it would be automatically handled by !283 since now the EFlags is overwritten by a sanitized value.
Otherwise, the game is either using instrumentation callback or setting CONTEXT_INTEGER *only* (w/o _CONTROL). Either case seems unlikely to me. If this is the case, maybe that needs to be documented as well as tested.