Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Callfixup for _guard_dispatch_icall to x86-64-win.cspec #318

Closed
marpie opened this issue Apr 3, 2019 · 0 comments

Comments

Projects
None yet
2 participants
@marpie
Copy link
Contributor

commented Apr 3, 2019

Is your feature request related to a problem? Please describe.
x64 PE files utilizing CFG (Control Flow Guard) use _guard_dispatch_icall to check for issues before calling protected functions.

Describe the solution you'd like
By adding the following lines to x86-64-win.cspec it is possible to guide the Decompiler in correctly recognizing the right call target.

  <callfixup name="guard_dispatch_icall">
    <target name="_guard_dispatch_icall"/>
      <pcode>
        <body><![CDATA[
          goto [RAX];
        ]]></body>
      </pcode>
  </callfixup>

The screenshot below shows the difference after applying the callfixup:

scr001

@marpie marpie added the enhancement label Apr 3, 2019

@ryanmkurtz ryanmkurtz self-assigned this Apr 5, 2019

@ryanmkurtz ryanmkurtz added this to the 9.1 milestone Apr 18, 2019

@ryanmkurtz ryanmkurtz closed this Apr 18, 2019

@ryanmkurtz ryanmkurtz modified the milestones: 9.1, 9.0.3 Apr 25, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.