From 27573b6629b66456721fa1372c936e0c3022d90b Mon Sep 17 00:00:00 2001 From: Fisherman166 Date: Sat, 2 Feb 2019 22:19:35 -0800 Subject: [PATCH] Implement RtlCaptureContext using knowledge from reverse engineering an official kernel. --- src/core/kernel/exports/EmuKrnlRtl.cpp | 29 +++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/src/core/kernel/exports/EmuKrnlRtl.cpp b/src/core/kernel/exports/EmuKrnlRtl.cpp index efd127dd8..4b8797aa1 100644 --- a/src/core/kernel/exports/EmuKrnlRtl.cpp +++ b/src/core/kernel/exports/EmuKrnlRtl.cpp @@ -251,16 +251,39 @@ XBSYSAPI EXPORTNUM(264) xboxkrnl::VOID NTAPI xboxkrnl::RtlAssert // ****************************************************************** // * 0x0109 - RtlCaptureContext() // ****************************************************************** +__declspec(naked) // REQUIRED - No registers can be touched by the compiler or the state will be corrupted. XBSYSAPI EXPORTNUM(265) xboxkrnl::VOID NTAPI xboxkrnl::RtlCaptureContext ( IN PCONTEXT ContextRecord ) { - LOG_FUNC_ONE_ARG(ContextRecord); - // NOTE: this function expects the caller to be __cdecl, or else it fails + __asm { + push ebx + mov ebx, [esp + 8] // ebx = ContextRecord; - LOG_UNIMPLEMENTED(); + mov [ebx + CONTEXT.Eax], eax // ContextRecord->Eax = eax; + mov eax, [esp] // eax = original value of ebx + mov [ebx + CONTEXT.Ebx], eax // ContextRecord->Ebx = original value of ebx + mov [ebx + CONTEXT.Ecx], ecx // ContextRecord->Ecx = ecx; + mov [ebx + CONTEXT.Edx], edx // ContextRecord->Edx = edx; + mov [ebx + CONTEXT.Esi], esi // ContextRecord->Esi = esi; + mov [ebx + CONTEXT.Edi], edi // ContextRecord->Edi = edi; + + mov word ptr [ebx + CONTEXT.SegCs], cs // ContextRecord->SegCs = cs; + mov word ptr [ebx + CONTEXT.SegSs], ss // ContextRecord->SegSs = ss; + pushfd + pop [ebx + CONTEXT.EFlags] // ContextRecord->EFlags = flags; + + mov[ebx + CONTEXT.Ebp], ebp // ContextRecord->Ebp = ebp; + mov eax, [ebp + 4] // eax = return address; + mov [ebx + CONTEXT.Eip], eax // ContextRecord->Eip = return address; + lea eax, [ebp + 8] + mov [ebx + CONTEXT.Esp], eax // ContextRecord->Esp = original esp value; + + pop ebx + ret 4 + } } // ******************************************************************