KTL icon indicating copy to clipboard operation
KTL copied to clipboard
verified publisher icon DymOK93

Add support for chained UNWIND_INFO

Open DymOK93 opened this issue 3 years ago • 0 comments

When building with optimizations, the compiler can chain RUNTIME_FUNCTION and UNWIND_INFO structures. Also see:

  • https://docs.microsoft.com/en-us/cpp/build/exception-handling-x64?view=msvc-160#chained-unwind-info-structures
  • https://habr.com/ru/company/aladdinrd/blog/322956/
  • https://stackoverflow.com/questions/19808172/struct-runtime-function

If this isn't taken into account, the RIP update won't be read from the return address, but from an arbitrary place on the stack.

DymOK93 avatar Jan 13 '22 18:01 DymOK93