[PATCH 1/4] ntdll: Set output frame to Rsp - 8 in epilogue on x64.

3 Nov 2025

From: Paul Gofman pgofman@codeweavers.com
---
 dlls/ntdll/tests/unwind.c | 14 +++++++-------
 dlls/ntdll/unwind.c       |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/dlls/ntdll/tests/unwind.c b/dlls/ntdll/tests/unwind.c
index daa90c19a11..c567f299665 100644
--- a/dlls/ntdll/tests/unwind.c
+++ b/dlls/ntdll/tests/unwind.c
@@ -2909,9 +2909,9 @@ static void test_virtual_unwind_x86(void)
         { 0x1c,  0x40,  TRUE,  0x128, 0x010, { {rsp,0x130}, {rbp,0x120}, {rbx,0x130}, {rsi,0x138}, {-1,-1}}},
         { 0x1d,  0x40,  TRUE,  0x128, 0x010, { {rsp,0x130}, {rbp,0x120}, {rbx,0x130}, {rsi,0x138}, {-1,-1}}},
         { 0x24,  0x40,  TRUE,  0x128, 0x010, { {rsp,0x130}, {rbp,0x120}, {rbx,0x130}, {rsi,0x138}, {-1,-1}}},
-        { 0x2b,  0x40,  FALSE, 0x128, 0x010, { {rsp,0x130}, {rbp,0x120}, {-1,-1}}},
-        { 0x32,  0x40,  FALSE, 0x008, 0x010, { {rsp,0x010}, {rbp,0x000}, {-1,-1}}},
-        { 0x33,  0x40,  FALSE, 0x000, 0x010, { {rsp,0x008}, {-1,-1}}},
+        { 0x2b,  0x40,  FALSE, 0x128, 0x128, { {rsp,0x130}, {rbp,0x120}, {-1,-1}}},
+        { 0x32,  0x40,  FALSE, 0x008, 0x008, { {rsp,0x010}, {rbp,0x000}, {-1,-1}}},
+        { 0x33,  0x40,  FALSE, 0x000, 0x000, { {rsp,0x008}, {-1,-1}}},
     };
static const struct results_x86 broken_results_0[] =
@@ -2925,10 +2925,10 @@ static void test_virtual_unwind_x86(void)
         { 0x1c,  0x40,  TRUE,  0x128, 0x010, { {rsp,0x130}, {rbp,0x120}, {rbx,0x130}, {rsi,0x138}, {-1,-1}}},
         { 0x1d,  0x40,  TRUE,  0x128, 0x010, { {rsp,0x130}, {rbp,0x120}, {rbx,0x130}, {rsi,0x138}, {-1,-1}}},
         { 0x24,  0x40,  TRUE,  0x128, 0x010, { {rsp,0x130}, {rbp,0x120}, {rbx,0x130}, {rsi,0x138}, {-1,-1}}},
-        /* On Win11 output frame in epilogue corresponds to context->Rsp - 0x8 when fpreg is set. */
-        { 0x2b,  0x40,  FALSE, 0x128, 0x128, { {rsp,0x130}, {rbp,0x120}, {-1,-1}}},
-        { 0x32,  0x40,  FALSE, 0x008, 0x008, { {rsp,0x010}, {rbp,0x000}, {-1,-1}}},
-        { 0x33,  0x40,  FALSE, 0x000, 0x000, { {rsp,0x008}, {-1,-1}}},
+        /* Before Win11 output frame in epilogue is set with fpreg even after it is popped. */
+        { 0x2b,  0x40,  FALSE, 0x128, 0x010, { {rsp,0x130}, {rbp,0x120}, {-1,-1}}},
+        { 0x32,  0x40,  FALSE, 0x008, 0x010, { {rsp,0x010}, {rbp,0x000}, {-1,-1}}},
+        { 0x33,  0x40,  FALSE, 0x000, 0x010, { {rsp,0x008}, {-1,-1}}},
     };
static const BYTE function_1[] =
diff --git a/dlls/ntdll/unwind.c b/dlls/ntdll/unwind.c
index cd898086862..890de64b0e6 100644
--- a/dlls/ntdll/unwind.c
+++ b/dlls/ntdll/unwind.c
@@ -2083,7 +2083,7 @@ NTSTATUS WINAPI RtlVirtualUnwind2( ULONG type, ULONG_PTR base, ULONG_PTR pc,
             {
                 TRACE("inside epilog.\n");
                 interpret_epilog( (BYTE *)pc, context, ctx_ptr );
-                *frame_ret = frame;
+                *frame_ret = info->frame_reg ? context->Rsp - 8 : frame;
                 *handler_ret = NULL;
                 return STATUS_SUCCESS;
             }
-- 
GitLab


https://gitlab.winehq.org/wine/wine/-/merge_requests/9354

    

2025

2024

2023

2022

[PATCH 1/4] ntdll: Set output frame to Rsp - 8 in epilogue on x64.