Piotr Caban (@piotr) commented about dlls/msvcrt/handler4.c:
}
+typedef void* (__cdecl *handler_function)(ULONG64, ULONG64); +void* __cdecl catch_block_wrapper(handler_function handler, ULONG64 frame); +__ASM_GLOBAL_FUNC( catch_block_wrapper,
"subq $0x28,%rsp\n\t"__ASM_CFI(".cfi_adjust_cfa_offset 0x28\n\t")__ASM_SEH(".seh_stackalloc 0x28\n\t")__ASM_SEH(".seh_endprologue\n\t")"movq %rcx, %rax\n\t""movq %rdx, 0x10(%rsp)\n\t" /* pass frame on stack in addition to register */"xorq %rcx, %rcx\n\t""callq *%rax\n\t" /* call catch(0, frame) */"addq $0x28,%rsp\n\t"__ASM_CFI(".cfi_adjust_cfa_offset -0x28\n\t")"ret")
While I don't understand why native works this way the patch looks good for me. I have injected custom catch handler so I can use it to obtain some information about how handler is called. I think it would be good to change other differences I've seen this way: - native executes handler with following parameters: handler(handler, frame) - we should copy more data to the stack
```suggestion:-11+0 __ASM_GLOBAL_FUNC( catch_block_wrapper, "subq $0x28,%rsp\n\t" __ASM_CFI(".cfi_adjust_cfa_offset 0x28\n\t") __ASM_SEH(".seh_stackalloc 0x28\n\t") __ASM_SEH(".seh_endprologue\n\t") "movq %rcx, 0x0(%rsp)\n\t" "movl $0x100, 0x8(%rsp)\n\t" "movq %rdx, 0x10(%rsp)\n\t" /* pass frame on stack in addition to register */ "callq *%rax\n\t" /* call catch(catch, frame) */ "addq $0x28,%rsp\n\t" __ASM_CFI(".cfi_adjust_cfa_offset -0x28\n\t") "ret") ```