Bug 1666571 - Part 2. Support CALL [disp32] for Avast. r=handyman

The last Avast Antivirus's hook function contains `CALL [disp32]` instruction.
Our detour needs to be able to handle that pattern.

Differential Revision: https://phabricator.services.mozilla.com/D91155

mozglue/misc/interceptor/PatcherDetour.h

@@ -1470,6 +1470,14 @@ class WindowsDllDetourPatcher final
         if (mod == kModReg && (reg == 0 || reg == 1 || reg == 2 || reg == 6)) {
           // INC|DEC|CALL|PUSH r64
           COPY_CODES(2);
+        } else if (mod == kModNoRegDisp && reg == 2 &&
+                   rm == kRmNoRegDispDisp32) {
+          // FF 15    CALL [disp32]
+          origBytes += 2;
+          if (!GenerateJump(tramp, origBytes.ChasePointerFromDisp(),
+                            JumpType::Call)) {
+            return;
+          }
         } else if (reg == 4) {
           // FF /4 (Opcode=ff, REG=4): JMP r/m
           if (mod == kModNoRegDisp && rm == kRmNoRegDispDisp32) {

mozglue/tests/interceptor/AssemblyPayloads.h

@@ -99,6 +99,13 @@ __declspec(dllexport) __attribute__((naked)) void OpcodeFF() {
       "int $3;int $3;int $3;int $3;"
       "int $3;int $3;int $3;int $3;");
 }
+
+__declspec(dllexport) __attribute__((naked)) void IndirectCall() {
+  asm volatile(
+      "call *(%rip);"  // Indirect call to 0x90909090`90909090
+      "nop;nop;nop;nop;nop;nop;nop;nop;"
+      "ret;");
+}
 #  elif defined(_M_IX86)
 constexpr uintptr_t JumpDestination = 0x7fff0000;
 

mozglue/tests/interceptor/TestDllInterceptor.cpp

@@ -731,6 +731,7 @@ struct TestCase {
     // a trampoline address instead of the original destination.
     TestCase("NearJump", NoStubAddressCheck),
     TestCase("OpcodeFF", NoStubAddressCheck),
+    TestCase("IndirectCall", NoStubAddressCheck),
 #    elif defined(_M_IX86)
     // Skip the stub address check as we always generate a trampoline for x86.
     TestCase("PushRet", NoStubAddressCheck),