1 Jan
2024
1 Jan
'24
1:18 p.m.
Jinoh Kang (@iamahuman) commented about dlls/ntdll/tests/exception.c:
*/0x48, 0x81, 0x34, 0x24, 0xd5, 0x08, 0x00, 0x00, /* xorq $0x8d5, (%rsp) */0x9d, /* popf *//* invoke NtContinue... */0xff, 0x94, 0x24, 0xd0, 0x00, 0x00, 0x00, /* call *8*12+0x70(%rsp) *//* validate stack pointer */0x48, 0x8b, 0x0c, 0x24, /* 1: (%rsp), %rcx */0x48, 0x39, 0xe1, /* cmp %rsp, %rcx */0x74, 0x02, /* je 2; jump over ud2 */0x0f, 0x0b, /* ud2; stack pointer invalid, let's crash *//* invoke capture context */0x48, 0x8b, 0x4c, 0x24, 0x50, /* 2: mov 8*10(%rsp), %rcx; context */0x48, 0x81, 0xc1, 0xd0, 0x04, 0x00, 0x00, /* $0x4d0, %rcx; +sizeof(CONTEXT) to get context->after */
```suggestion:-0+0 0x48, 0x81, 0xc1, 0xd0, 0x04, 0x00, 0x00, /* add $0x4d0, %rcx; +sizeof(CONTEXT) to get context->after */ ```