diff options
| author | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2021-05-12 12:55:58 +0200 |
|---|---|---|
| committer | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2021-05-12 12:55:58 +0200 |
| commit | a36292df1de157cf298dbc53bedaf3384dca506d (patch) | |
| tree | 81f5f5d15cabbe8c8f1877a5a1175c5985cad409 | |
| parent | 58d4e2643e147696f908c86f7fb6bf55d08ae9bd (diff) | |
EfiDSEFix: fix BSOD on Windows 10 with KB5003173 when using '-d'
EfiDSEFix was not finding the address of CI!g_CiOptions correctly after KB5003173 changed the layout of CI!CiInitialize.
Fixes #28
| -rw-r--r-- | Application/EfiDSEFix/src/EfiDSEFix.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/Application/EfiDSEFix/src/EfiDSEFix.cpp b/Application/EfiDSEFix/src/EfiDSEFix.cpp index 9235e82..324018d 100644 --- a/Application/EfiDSEFix/src/EfiDSEFix.cpp +++ b/Application/EfiDSEFix/src/EfiDSEFix.cpp @@ -85,7 +85,7 @@ QueryCiOptions( LONG Relative = 0; hde64s hs; - const PUCHAR CiInitialize = reinterpret_cast<PUCHAR>(GetProcedureAddress(reinterpret_cast<ULONG_PTR>(MappedBase), "CiInitialize")); + const PUCHAR CiInitialize = static_cast<PUCHAR>(GetProcedureAddress(reinterpret_cast<ULONG_PTR>(MappedBase), "CiInitialize")); if (CiInitialize == nullptr) return 0; @@ -96,13 +96,19 @@ QueryCiOptions( do { // call CipInitialize - if (CiInitialize[i] == 0xE8) + const BOOLEAN IsCall = CiInitialize[i] == 0xE8; + if (IsCall) j++; - if (j > 1) + if (IsCall && j > 1) { Relative = *reinterpret_cast<PLONG>(CiInitialize + i + 1); - break; + + // KB5003173 added a new 'call wil_InitializeFeatureStaging' to CiInitialize that we need to skip + const PUCHAR CallTarget = CiInitialize + i + 5 + Relative; + hde64_disasm(CallTarget, &hs); + if ((hs.flags & F_ERROR) == 0 && hs.len >= 4 && hs.len <= 6) // wil_InitializeFeatureStaging: 3, __security_init_cookie: 7, CipInitialize: 5 + break; } hde64_disasm(CiInitialize + i, &hs); |