Closed den7ba closed 1 year ago
HoShiMin
commented
1 year ago Updated for WDK 11 and bumped version of Zydis to the latest. @den7ba, could you test it one more time with the latest HookLib? And if it will bsod again, could you give me a dump with PDBs for the driver and test app?
den7ba
commented
1 year ago Updated for WDK 11 and bumped version of Zydis to the latest. @den7ba, could you test it one more time with the latest HookLib? And if it will bsod again, could you give me a dump with PDBs for the driver and test app? Same again. Minidump is enough? dump.zip
HoShiMin
commented
1 year ago Fixed tests. It was false-negative assert. In release mode the compiler makes assumption that a test function couldn't change and caches its return value to use it instead of the second call of a test function. So, an assert fails.
void testHookOnce()
{
const auto original = static_cast<decltype(func<0>)*>(hook(func<0>, handler<0>));
hk_assert(func<0>(11, 22) == validHandler<0>(11, 22));
hk_assert(original(11, 22) == validFunc<0>(11, 22));
unhook(original);
hk_assert(func<0>(11, 22) == validFunc<0>(11, 22)); // <-- Fails here
}The function above in the release mode looks as follows:
void testHookOnce()
{
const auto original = static_cast<decltype(func<0>)*>(hook(func<0>, handler<0>));
const auto cachedFuncResult = func<0>(11, 22);
hk_assert(cachedFuncResult == validHandler<0>(11, 22));
hk_assert(original(11, 22) == validFunc<0>(11, 22));
unhook(original);
hk_assert(cachedFuncResult == validFunc<0>(11, 22)); // Boom!
}So, the solution is to make func "volatile": call any external function to prevent a compiler to make an assumption that the function doesn't change internal state of an app.
@den7ba, please, check it again.
den7ba
commented
1 year ago Excellent. So, is this the expected result?
HoShiMin
commented
1 year ago @den7ba, yep, looks good.
Run test with kernel mode, get bsod. compiled with sdk 22621 and wdk 10
022023-9437-01.zip