зеркало из https://github.com/mozilla/gecko-dev.git
65642af4cd
In Win7 and later, some exported functions in kernel32.dll are just a stub jumping to a function in kernelbase.dll. After the fix for Bug 1642626, our detour resolves such a stub in kernel32.dll and detours a corresponding function in kernelbase.dll. This new behavior caused a problem in Win8 when we detour `DuplicateHandle` because our detour cannot handle the assembly pattern of `KERNELBASE!DuplicateHandle`. Win8's `KERNELBASE!DuplicateHandle` has jump instructions whose destination is within the region where we move instructions to a trampoline. In the example below, the address `000007f954ad271c` is a destination of the `JMP` instructions, but when we detour `KERNELBASE!DuplicateHandle`, we move the original instructions to a trampoline, and that address will point to an invalid instruction, jumping to which address causes a crash. A proposed fix is to detour `KERNEL32!DuplicateHandle` without resolving redirection, that is the behavior before bug 1642626. ``` KERNEL32!DuplicateHandle: 000007f9`54cd2d5c ff2556b61100 jmp qword ptr [KERNEL32!_imp_DuplicateHandle] --> KERNELBASE!DuplicateHandle ``` ``` KERNELBASE!DuplicateHandle: 000007f9`54ad2710 4883ec48 sub rsp,48h 000007f9`54ad2714 4c8bd1 mov r10,rcx 000007f9`54ad2717 83faf4 cmp edx,0FFFFFFF4h 000007f9`54ad271a 733b jae KERNELBASE!DuplicateHandle+0x43 (000007f9`54ad2757) 000007f9`54ad271c 8b842480000000 mov eax,dword ptr [rsp+80h] ... 000007f9`54b8f0de 65488b042560000000 mov rax,qword ptr gs:[60h] 000007f9`54b8f0e7 488b5020 mov rdx,qword ptr [rax+20h] 000007f9`54b8f0eb 488b5220 mov rdx,qword ptr [rdx+20h] 000007f9`54b8f0ef e92836f4ff jmp KERNELBASE!DuplicateHandle+0xc (000007f9`54ad271c) 000007f9`54b8f0f4 65488b042560000000 mov rax,qword ptr gs:[60h] 000007f9`54b8f0fd 488b5020 mov rdx,qword ptr [rax+20h] 000007f9`54b8f101 488b5228 mov rdx,qword ptr [rdx+28h] 000007f9`54b8f105 e91236f4ff jmp KERNELBASE!DuplicateHandle+0xc (000007f9`54ad271c) 000007f9`54b8f10a 65488b042560000000 mov rax,qword ptr gs:[60h] 000007f9`54b8f113 488b5020 mov rdx,qword ptr [rax+20h] 000007f9`54b8f117 488b5230 mov rdx,qword ptr [rdx+30h] 000007f9`54b8f11b e9fc35f4ff jmp KERNELBASE!DuplicateHandle+0xc (000007f9`54ad271c) ``` Differential Revision: https://phabricator.services.mozilla.com/D88136 |
||
|---|---|---|
| .. | ||
| android | ||
| baseprofiler | ||
| build | ||
| dllservices | ||
| linker | ||
| misc | ||
| static | ||
| tests | ||
| moz.build | ||