mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-02 10:00:54 +00:00
b80c6d24b1
AVG AntiVirus hooks ntdll!NtMapViewOfSection by planting two JMP instructions, jumping to a trampoline area first, then jumping to aswhook.dll. ``` ntdll!NtMapViewOfSection: 00007ffa`6d77c560 e9d33cfebf jmp 00007ffa`2d760238 00007ffa`2d760238 ff25f2ffffff jmp qword ptr [00007ffa`2d760230] --> 00007ffa`541e2ad0 aswhook+0x2ad0: 00007ffa`541e2ad0 4055 push rbp 00007ffa`541e2ad2 53 push rbx 00007ffa`541e2ad3 56 push rsi ``` With this patch, our detour can detour on top of that pattern. The first part is to remove the MEM_IMAGE check from IsPageAccessible. The second part is to introduce a loop in ResolveRedirectedAddress to resolve a chain of jumps. Differential Revision: https://phabricator.services.mozilla.com/D81582 |
||
---|---|---|
.. | ||
android | ||
baseprofiler | ||
build | ||
dllservices | ||
linker | ||
misc | ||
static | ||
tests | ||
moz.build |