From fb612140e27bbbb1e51c8ad91da6afa2eb7f636b Mon Sep 17 00:00:00 2001 From: Reid Kleckner Date: Tue, 2 Aug 2016 20:36:29 +0000 Subject: [asan] Intercept RtlRaiseException instead of kernel32!RaiseException Summary: On my install of Windows 10, RaiseException is a tail call to kernelbase!RaiseException. Obviously, we fail to intercept that. Instead, try hooking at the ntdll!RtlRaiseException layer. It is unlikely that this layer will contain control flow. Intercepting at this level requires adding a decoding for 'LEA ESP, [ESP + 0xXXXXXXXX]', which is a really obscure way to write 'SUB ESP, 0xXXXXXXXX' that avoids clobbering EFLAGS. Reviewers: etienneb Subscribers: llvm-commits, kubabrecka Differential Revision: https://reviews.llvm.org/D23046 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@277518 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/asan/asan_win.cc | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'lib/asan/asan_win.cc') diff --git a/lib/asan/asan_win.cc b/lib/asan/asan_win.cc index 500beee43..8857506d5 100644 --- a/lib/asan/asan_win.cc +++ b/lib/asan/asan_win.cc @@ -71,10 +71,10 @@ void __asan_default_on_error() {} } // extern "C" // ---------------------- Windows-specific interceptors ---------------- {{{ -INTERCEPTOR_WINAPI(void, RaiseException, void *a, void *b, void *c, void *d) { - CHECK(REAL(RaiseException)); +INTERCEPTOR_WINAPI(void, RtlRaiseException, void *ExceptionRecord) { + CHECK(REAL(RtlRaiseException)); __asan_handle_no_return(); - REAL(RaiseException)(a, b, c, d); + REAL(RtlRaiseException)(ExceptionRecord); } @@ -135,7 +135,10 @@ namespace __asan { void InitializePlatformInterceptors() { ASAN_INTERCEPT_FUNC(CreateThread); - ASAN_INTERCEPT_FUNC(RaiseException); + // RtlRaiseException is always linked dynamically. + CHECK(::__interception::OverrideFunction("RtlRaiseException", + (uptr)WRAP(RtlRaiseException), + (uptr *)&REAL(RtlRaiseException))); #ifdef _WIN64 ASAN_INTERCEPT_FUNC(__C_specific_handler); -- cgit v1.2.3