From f8ca8c0c008980352c2b3eee6eda21f395bde4cf Mon Sep 17 00:00:00 2001
From: Matthijs Lavrijsen <mattiwatti@gmail.com>
Date: Sat, 30 Jan 2021 04:42:06 +0100
Subject: Use PE runtime function tables for finding function start addresses

---
 EfiGuardDxe/PatchBootmgr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'EfiGuardDxe/PatchBootmgr.c')

diff --git a/EfiGuardDxe/PatchBootmgr.c b/EfiGuardDxe/PatchBootmgr.c
index aa27135..5c3c481 100644
--- a/EfiGuardDxe/PatchBootmgr.c
+++ b/EfiGuardDxe/PatchBootmgr.c
@@ -300,7 +300,7 @@ PatchBootManager(
 	// Found signature; backtrack to function start
 	// Note: pOriginalAddress is a pointer to a (function) pointer, because the original address depends on the type of boot manager we are patching.
 	VOID **pOriginalAddress = PatchingBootmgrEfi ? &gOriginalBootmgrImgArchStartBootApplication : &gOriginalBootmgfwImgArchStartBootApplication;
-	*pOriginalAddress = (VOID*)BacktrackToFunctionStart(Found, MAX((UINT8*)ImageBase + CodeSection->VirtualAddress, Found - 1024));
+	*pOriginalAddress = (VOID*)BacktrackToFunctionStart((UINT8*)ImageBase, NtHeaders, Found);
 	CONST VOID* OriginalAddress = *pOriginalAddress;
 	if (OriginalAddress == NULL)
 	{
-- 
cgit v1.2.3