__text:00000000000E79B2 ; __int64 __fastcall IntelFBClientControl::vendor_doDeviceAttribute(__int64, int, __int64, __int64, __int64, __int64, __int64) __text:00000000000E79B2 __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments proc near __text:00000000000E79B2 ; DATA XREF: __const:0000000000142128↓o __text:00000000000E79B2 ; __llvm_prf_data:00000000001894C8↓o __text:00000000000E79B2 __text:00000000000E79B2 var_40 = qword ptr -40h __text:00000000000E79B2 var_30 = dword ptr -30h __text:00000000000E79B2 var_28 = qword ptr -28h __text:00000000000E79B2 var_20 = qword ptr -20h __text:00000000000E79B2 var_18 = qword ptr -18h __text:00000000000E79B2 var_10 = qword ptr -10h __text:00000000000E79B2 var_8 = qword ptr -8 __text:00000000000E79B2 arg_0 = qword ptr 10h __text:00000000000E79B2 __text:00000000000E79B2 ; __unwind { __text:00000000000E79B2 push rbp __text:00000000000E79B3 mov rbp, rsp __text:00000000000E79B6 sub rsp, 40h __text:00000000000E79BA mov rax, rdi __text:00000000000E79BD mov r10, [rbp+arg_0] __text:00000000000E79C1 inc cs:qword_16DEE0 __text:00000000000E79C8 test r10, r10 __text:00000000000E79CB jz short loc_E7A2D __text:00000000000E79CD mov rdi, [rax+88h] __text:00000000000E79D4 mov [rbp+var_30], esi __text:00000000000E79D7 mov [rbp+var_28], rdx __text:00000000000E79DB mov [rbp+var_20], rcx __text:00000000000E79DF mov [rbp+var_18], r8 __text:00000000000E79E3 mov [rbp+var_10], r9 __text:00000000000E79E7 mov [rbp+var_8], r10 __text:00000000000E79EB mov rdi, [rdi+0E00h] __text:00000000000E79F2 test rdi, rdi __text:00000000000E79F5 jz short loc_E7A3E __text:00000000000E79F7 inc cs:qword_16DEF0 __text:00000000000E79FE inc cs:qword_16DEF8 __text:00000000000E7A05 mov r10, [rdi] __text:00000000000E7A08 mov [rsp+40h+var_40], 0 __text:00000000000E7A10 lea rsi, __ZN20IntelFBClientControl13actionWrapperEPvS0_S0_S0_ ; IntelFBClientControl::actionWrapper(void *,void *,void *,void *) __text:00000000000E7A17 lea rcx, [rbp+var_30] __text:00000000000E7A1B mov rdx, rax __text:00000000000E7A1E xor r8d, r8d __text:00000000000E7A21 xor r9d, r9d __text:00000000000E7A24 call qword ptr [r10+1A0h] __text:00000000000E7A2B jmp short loc_E7A51 __text:00000000000E7A2D ; --------------------------------------------------------------------------- __text:00000000000E7A2D __text:00000000000E7A2D loc_E7A2D: ; CODE XREF: IntelFBClientControl::vendor_doDeviceAttribute(uint,ulong *,ulong,ulong *,ulong *,IOExternalMethodArguments *)+19↑j __text:00000000000E7A2D inc cs:qword_16DEE8 __text:00000000000E7A34 mov [rsp+40h+var_40], 0 __text:00000000000E7A3C jmp short loc_E7A49 __text:00000000000E7A3E ; --------------------------------------------------------------------------- __text:00000000000E7A3E __text:00000000000E7A3E loc_E7A3E: ; CODE XREF: IntelFBClientControl::vendor_doDeviceAttribute(uint,ulong *,ulong,ulong *,ulong *,IOExternalMethodArguments *)+43↑j __text:00000000000E7A3E inc cs:qword_16DED8 __text:00000000000E7A45 mov [rsp+40h+var_40], r10 __text:00000000000E7A49 __text:00000000000E7A49 loc_E7A49: ; CODE XREF: IntelFBClientControl::vendor_doDeviceAttribute(uint,ulong *,ulong,ulong *,ulong *,IOExternalMethodArguments *)+8A↑j __text:00000000000E7A49 mov rdi, rax __text:00000000000E7A4C call __ZN20IntelFBClientControl11doAttributeEjPmmS0_S0_P25IOExternalMethodArguments This is the cause, but, it is recursive because I don't understand this part test r10, r10 jz short loc_E7A2D Method __ZN20IntelFBClientControl13actionWrapperEPvS0_S0_S0_ always recall ZN20IntelFBClientControl11doAttributeEjPmmS0_S0_P25IOExternalMethodArguments with could be called also from the two statement above going forward so.. Tryed to remove this two statements with ending zero filling but the patch goes in panic!! //static const uint8_t f13c[]= {0x4D, 0x85, 0xD2, 0x74, 0x60, 0x48, 0x8B, 0xB8, 0x88, 0x00, 0x00, 0x00, 0x89, 0x75, 0xD0, 0x48, 0x89, 0x55, 0xD8, 0x48, 0x89, 0x4D, 0xE0, 0x4C, 0x89, 0x45, 0xE8, 0x4C, 0x89, 0x4D, 0xF0, 0x4C, 0x89, 0x55, 0xF8, 0x48, 0x8B, 0xBF, 0x00, 0x0E, 0x00, 0x00, 0x48, 0x85, 0xFF, 0x74, 0x47, 0x48, 0xFF, 0x05, 0xF2, 0x64, 0x08, 0x00, 0x48, 0xFF, 0x05, 0xF3, 0x64, 0x08, 0x00, 0x4C, 0x8B, 0x17, 0x48, 0xC7, 0x04, 0x24, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8D, 0x35, 0x65, 0xFF, 0xFF, 0xFF, 0x48, 0x8D, 0x4D, 0xD0, 0x48, 0x89, 0xC2, 0x45, 0x31, 0xC0, 0x45, 0x31, 0xC9, 0x41, 0xFF, 0x92, 0xA0, 0x01, 0x00, 0x00, 0xEB, 0x24}; //static const uint8_t r13c[]= {0x48, 0x8B, 0xB8, 0x88, 0x00, 0x00, 0x00, 0x89, 0x75, 0xD0, 0x48, 0x89, 0x55, 0xD8, 0x48, 0x89, 0x4D, 0xE0, 0x4C, 0x89, 0x45, 0xE8, 0x4C, 0x89, 0x4D, 0xF0, 0x4C, 0x89, 0x55, 0xF8, 0x48, 0x8B, 0xBF, 0x00, 0x0E, 0x00, 0x00, 0x48, 0x85, 0xFF, 0x74, 0x47, 0x48, 0xFF, 0x05, 0xF2, 0x64, 0x08, 0x00, 0x48, 0xFF, 0x05, 0xF3, 0x64, 0x08, 0x00, 0x4C, 0x8B, 0x17, 0x48, 0xC7, 0x04, 0x24, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8D, 0x35, 0x65, 0xFF, 0xFF, 0xFF, 0x48, 0x8D, 0x4D, 0xD0, 0x48, 0x89, 0xC2, 0x45, 0x31, 0xC0, 0x45, 0x31, 0xC9, 0x41, 0xFF, 0x92, 0xA0, 0x01, 0x00, 0x00, 0xEB, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00};
Author:
[source]
Post a Comment