From 6de4736e50b2c2b911b82cfe1f0614f755a88ef8 Mon Sep 17 00:00:00 2001 From: Stefanos Kornilios Mitsis Poiitidis Date: Sat, 27 Jan 2024 16:59:59 +0200 Subject: [PATCH] skip over 0x66 prefixes in TLS --- src/common/log.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/common/log.cpp b/src/common/log.cpp index 2a3c5114..535d4bd0 100644 --- a/src/common/log.cpp +++ b/src/common/log.cpp @@ -29,6 +29,9 @@ uint64_t tls_access(int64_t tls_offset) { #ifdef _WIN64 static LONG WINAPI ExceptionHandler(PEXCEPTION_POINTERS pExp) noexcept { + auto orig_rip = pExp->ContextRecord->Rip; + while (*(uint8_t *)pExp->ContextRecord->Rip == 0x66) pExp->ContextRecord->Rip++; + if (*(uint8_t *)pExp->ContextRecord->Rip == 0xcd) { int reg = *(uint8_t *)(pExp->ContextRecord->Rip + 1) - 0x80; int sizes = *(uint8_t *)(pExp->ContextRecord->Rip + 2); @@ -47,6 +50,7 @@ static LONG WINAPI ExceptionHandler(PEXCEPTION_POINTERS pExp) noexcept { return EXCEPTION_CONTINUE_EXECUTION; } + pExp->ContextRecord->Rip = orig_rip; const u32 ec = pExp->ExceptionRecord->ExceptionCode; switch (ec) { case EXCEPTION_ACCESS_VIOLATION: {