diff options
| author | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2023-10-03 18:33:01 +0200 |
|---|---|---|
| committer | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2023-10-03 18:33:01 +0200 |
| commit | 26406e2c93ff0ac8431912c5dd39d5cddd65836e (patch) | |
| tree | 99f0837631d0fe113fec8af7f5680e3da1c78a5a | |
| parent | 5195ae9ab73290d69f4089a18775de7d1bfd67a5 (diff) | |
Fix KiVerifyScopesExecute signature for LA57 kernel
ntkrla57.exe uses AND with r/m32 here rather than r/m64, which the signature was needlessly specific about by including a REX prefix
| -rw-r--r-- | EfiGuardDxe/PatchNtoskrnl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/EfiGuardDxe/PatchNtoskrnl.c b/EfiGuardDxe/PatchNtoskrnl.c index 1da3474..161ba08 100644 --- a/EfiGuardDxe/PatchNtoskrnl.c +++ b/EfiGuardDxe/PatchNtoskrnl.c @@ -31,7 +31,7 @@ STATIC CONST UINT8 SigKeInitAmd64SpecificState[] = { // This function is present since Windows 8.1 and is responsible for executing all functions in the KiVerifyXcptRoutines array. // One of these functions, KiVerifyXcpt15, will indirectly initialize a PatchGuard context from its exception handler. STATIC CONST UINT8 SigKiVerifyScopesExecute[] = { - 0x48, 0x83, 0xCC, 0xCC, 0x00, // and [REG+XX], 0 + 0x83, 0xCC, 0xCC, 0x00, // and d/qword ptr [REG+XX], 0 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE // mov rax, 0FEFFFFFFFFFFFFFFh }; |