Bug 951827 - Part 2: Decode more instructions so that we can use longer jumps. r=ehsan
authorDavid Major <dmajor@mozilla.com>
Fri, 14 Feb 2014 14:55:26 -0800
changeset 170031 236ed76eea8b854cb572dfc9e3e9bb076ec29af0
parent 170030 96cf7c13a8cbcc760d438ee02027e5d29edb0e3b
child 170032 1109dba48e6bb0a5db97a54833a6e38b064b0337
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewersehsan
bugs951827
milestone30.0a1
Bug 951827 - Part 2: Decode more instructions so that we can use longer jumps. r=ehsan
toolkit/xre/nsWindowsDllInterceptor.h
--- a/toolkit/xre/nsWindowsDllInterceptor.h
+++ b/toolkit/xre/nsWindowsDllInterceptor.h
@@ -408,20 +408,32 @@ protected:
         // PUSH with 4-byte operand
         nBytes += 5;
       } else if ((origBytes[nBytes] & 0xf0) == 0x50) {
         // 1-byte PUSH/POP
         nBytes++;
       } else if (origBytes[nBytes] == 0x6A) {
         // PUSH imm8
         nBytes += 2;
+      } else if (origBytes[nBytes] == 0xa1) {
+        // MOV EAX, dword ptr [m32]
+        nBytes += 5;
       } else if (origBytes[nBytes] == 0xe9) {
         pJmp32 = nBytes;
         // jmp 32bit offset
         nBytes += 5;
+      } else if (origBytes[nBytes] == 0xf6 &&
+                 origBytes[nBytes+1] == 0x05) {
+        // TEST byte ptr [m32], imm8
+        nBytes += 7;
+      } else if (origBytes[nBytes] == 0xff &&
+                 origBytes[nBytes+1] == 0x25) {
+        // JMP dword ptr [m32]
+        // This is an indirect absolute jump; don't set pJmp32
+        nBytes += 6;
       } else {
         //printf ("Unknown x86 instruction byte 0x%02x, aborting trampoline\n", origBytes[nBytes]);
         return;
       }
     }
 #elif defined(_M_X64)
     byteptr_t directJmpAddr;