diff options
author | Reid Kleckner <rnk@google.com> | 2016-08-02 20:36:29 +0000 |
---|---|---|
committer | Reid Kleckner <rnk@google.com> | 2016-08-02 20:36:29 +0000 |
commit | fb612140e27bbbb1e51c8ad91da6afa2eb7f636b (patch) | |
tree | 8cf649405e255d637297b25b7c30310b3253e822 /lib/interception/tests | |
parent | f9dff4e1068eecd0fe31761258fa5b50a303a2d4 (diff) |
[asan] Intercept RtlRaiseException instead of kernel32!RaiseException
Summary:
On my install of Windows 10, RaiseException is a tail call to
kernelbase!RaiseException. Obviously, we fail to intercept that.
Instead, try hooking at the ntdll!RtlRaiseException layer. It is
unlikely that this layer will contain control flow.
Intercepting at this level requires adding a decoding for
'LEA ESP, [ESP + 0xXXXXXXXX]', which is a really obscure way to write
'SUB ESP, 0xXXXXXXXX' that avoids clobbering EFLAGS.
Reviewers: etienneb
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D23046
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@277518 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/interception/tests')
-rw-r--r-- | lib/interception/tests/interception_win_test.cc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/interception/tests/interception_win_test.cc b/lib/interception/tests/interception_win_test.cc index 611354f03..67b40f701 100644 --- a/lib/interception/tests/interception_win_test.cc +++ b/lib/interception/tests/interception_win_test.cc @@ -163,6 +163,13 @@ const u8 kPatchableCode4[] = { 0x90, 0x90, 0x90, 0x90, }; +const u8 kPatchableCode5[] = { + 0x55, // push ebp + 0x8b, 0xec, // mov ebp,esp + 0x8d, 0xa4, 0x24, 0x30, 0xfd, 0xff, 0xff, // lea esp,[esp-2D0h] + 0x54, // push esp +}; + const u8 kUnpatchableCode1[] = { 0xC3, // ret }; @@ -474,6 +481,7 @@ TEST(Interception, PatchableFunction) { EXPECT_TRUE(TestFunctionPatching(kPatchableCode3, override)); #endif EXPECT_TRUE(TestFunctionPatching(kPatchableCode4, override)); + EXPECT_TRUE(TestFunctionPatching(kPatchableCode5, override)); EXPECT_FALSE(TestFunctionPatching(kUnpatchableCode1, override)); EXPECT_FALSE(TestFunctionPatching(kUnpatchableCode2, override)); |