diff --git a/Sandboxie/core/drv/syscall.c b/Sandboxie/core/drv/syscall.c index 85b32b5a..b455a656 100644 --- a/Sandboxie/core/drv/syscall.c +++ b/Sandboxie/core/drv/syscall.c @@ -604,19 +604,11 @@ _FX void Syscall_ErrorForAsciiName(const UCHAR *name_a) extern unsigned int g_TrapFrameOffset; #ifdef _WIN64 -//NTSTATUS Sbie_InvokeSyscall_jmp( -// ULONG_PTR arg01, ULONG_PTR arg02, ULONG_PTR arg03, ULONG_PTR arg04, -// ULONG_PTR arg05, ULONG_PTR arg06, ULONG_PTR arg07, ULONG_PTR arg08, -// ULONG_PTR arg09, ULONG_PTR arg10, ULONG_PTR arg11, ULONG_PTR arg12, -// ULONG_PTR arg13, ULONG_PTR arg14, ULONG_PTR arg15, ULONG_PTR arg16, -// ULONG_PTR arg17, ULONG_PTR arg18, ULONG_PTR arg19, void* func); - -NTSTATUS Sbie_InvokeSyscall_hack(void* func, int count, void* args, ULONG_PTR arg04, +NTSTATUS Sbie_InvokeSyscall_hack(void* func, ULONG_PTR count, void* args, ULONG_PTR arg04, ULONG_PTR arg05, ULONG_PTR arg06, ULONG_PTR arg07, ULONG_PTR arg08, ULONG_PTR arg09, ULONG_PTR arg10, ULONG_PTR arg11, ULONG_PTR arg12, ULONG_PTR arg13, ULONG_PTR arg14, ULONG_PTR arg15, ULONG_PTR arg16, ULONG_PTR arg17, ULONG_PTR arg18, ULONG_PTR arg19); - #else NTSTATUS Sbie_InvokeSyscall_asm(void* func, int count, void* args); #endif @@ -643,17 +635,9 @@ _FX NTSTATUS Syscall_Invoke(SYSCALL_ENTRY *entry, ULONG_PTR *stack) // while working for 64 bit apps, makes 32 bit apps crash under wow64, // this should not be possible yet it happens, hence we use a hacky workaround // where our sys call invoker does not do a call but a jmp that seams to be fine. - // Ther for that we need to use this functions stack, hence those many 0 args. + // Therefore we need to re-use this functions stack, hence those many 0 args passed. // - // this also works but is less efficient - //#define ARG(idx) (entry->param_count > idx ? stack[idx] : 0) - //status = Sbie_InvokeSyscall_jmp( - // ARG(0), ARG(1), ARG(2), ARG(3), ARG(4), ARG(5), ARG(6), ARG(7), ARG(8), ARG(9), - // ARG(10), ARG(11), ARG(12), ARG(13), ARG(14), ARG(15), ARG(16), ARG(17), ARG(18), - // entry->ntos_func); - //#undef ARG - status = Sbie_InvokeSyscall_hack(entry->ntos_func, entry->param_count, stack, 0, // args 1-4 shadow space 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); // reserve stack for args 5-19 #else diff --git a/Sandboxie/core/drv/util_asm.asm b/Sandboxie/core/drv/util_asm.asm index bdfa93c1..48c2ec87 100644 --- a/Sandboxie/core/drv/util_asm.asm +++ b/Sandboxie/core/drv/util_asm.asm @@ -271,17 +271,17 @@ endif ifdef _WIN64 +; NTSTATUS Sbie_InvokeSyscall_hack(ULONG_PTR arg01, ... , ULONG_PTR arg19, void* func); Sbie_InvokeSyscall_jmp PROC jmp qword ptr [rsp+0A0h] ; 20th argument Sbie_InvokeSyscall_jmp ENDP +; NTSTATUS Sbie_InvokeSyscall_asm(void* func, ULONG_PTR count, void* args, ULONG_PTR dummy1, ..., ULONG_PTR dummy16); Sbie_InvokeSyscall_hack PROC - ;mov qword ptr [rsp+20h], r9 - ;mov qword ptr [rsp+18h], r8 - ;mov qword ptr [rsp+10h], rdx - ;mov qword ptr [rsp+8], rcx + ; WARNING: when calling this function after the 3 used arguments 16 more dummy's must be passed + ; to reserve the required stack space at the caller's stack which we will use ; note: (count & 0x0F) + 4 = 19 arguments are the absolute maximum @@ -300,11 +300,11 @@ arg_count_ok: ; check if we have higher arguments and if not skip cmp r10, 4 jle copy_reg_args - ; copy arguments 5-19 push rsi push rdi + ; copy arguments 5-19 mov rsi, r11 ; source add rsi, 20h mov rdi, rsp ; destination @@ -329,13 +329,9 @@ copy_reg_args: Sbie_InvokeSyscall_hack ENDP +; NTSTATUS Sbie_InvokeSyscall_asm(void* func, int count, void* args); Sbie_InvokeSyscall_asm PROC - ;mov qword ptr [rsp+20h], r9 - ;mov qword ptr [rsp+18h], r8 - ;mov qword ptr [rsp+10h], rdx - ;mov qword ptr [rsp+8], rcx - ; note: (count & 0x0F) + 4 = 19 arguments are the absolute maximum ; quick sanity check @@ -388,6 +384,7 @@ Sbie_InvokeSyscall_asm ENDP else +; NTSTATUS Sbie_InvokeSyscall_asm(void* func, int count, void* args); _Sbie_InvokeSyscall_asm@12 PROC ; NTSTATUS Sbie_InvokeSyscall_asm(void* func, int count, void* args);