FAST_CWD: adjust the initial search scope

A *very* recent Windows build adds more code to the preamble of
RtlGetCurrentDirectory_U() so that the previous heuristic failed to find
the call to the locking routine.

This only affects the 64-bit version of ntdll, where the 0xe8 byte is
now found at offset 40, not the 32-bit version. However, let's just
double the area we search for said byte for good measure.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin 2017-01-11 14:21:31 +01:00 committed by Corinna Vinschen
parent e0477b4a0b
commit e5cadbfdcd
1 changed files with 2 additions and 2 deletions

View File

@ -4034,7 +4034,7 @@ find_fast_cwd_pointer ()
if (!get_dir || !ent_crit) if (!get_dir || !ent_crit)
return NULL; return NULL;
/* Search first relative call instruction in RtlGetCurrentDirectory_U. */ /* Search first relative call instruction in RtlGetCurrentDirectory_U. */
const uint8_t *rcall = (const uint8_t *) memchr (get_dir, 0xe8, 40); const uint8_t *rcall = (const uint8_t *) memchr (get_dir, 0xe8, 80);
if (!rcall) if (!rcall)
return NULL; return NULL;
/* Fetch offset from instruction and compute address of called function. /* Fetch offset from instruction and compute address of called function.
@ -4133,7 +4133,7 @@ find_fast_cwd_pointer ()
if (!get_dir || !ent_crit) if (!get_dir || !ent_crit)
return NULL; return NULL;
/* Search first relative call instruction in RtlGetCurrentDirectory_U. */ /* Search first relative call instruction in RtlGetCurrentDirectory_U. */
const uint8_t *rcall = (const uint8_t *) memchr (get_dir, 0xe8, 32); const uint8_t *rcall = (const uint8_t *) memchr (get_dir, 0xe8, 64);
if (!rcall) if (!rcall)
return NULL; return NULL;
/* Fetch offset from instruction and compute address of called function. /* Fetch offset from instruction and compute address of called function.