From 5e1851fcad68917b4847c54ee1f96eb963c5b723 Mon Sep 17 00:00:00 2001
From: Anthony Miles <a.miles.nz@gmail.com>
Date: Sat, 20 Jul 2019 18:49:24 +1200
Subject: [PATCH] Preserve caller esp value

---
 src/core/kernel/support/EmuFS.cpp | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/core/kernel/support/EmuFS.cpp b/src/core/kernel/support/EmuFS.cpp
index 2c56d4b61..44326d6f5 100644
--- a/src/core/kernel/support/EmuFS.cpp
+++ b/src/core/kernel/support/EmuFS.cpp
@@ -364,7 +364,7 @@ __declspec(naked) void EmuFS_MovzxEaxBytePtrFs24()
 		movzx eax, byte ptr[eax + 24h]
 		call UnlockFS
 		ret
-	}
+	}
 	UnlockFS();
 }
 
@@ -420,14 +420,17 @@ __declspec(naked) void EmuFS_MovFs00Esp()
 {
 	// Note : eax must be preserved here, hence the push/pop
 	__asm
-	{
+	{
+		pushfd
 		call LockFS
 		call EmuFS_RefreshKPCR
-		push eax
-		mov eax, fs : [TIB_ArbitraryDataSlot]
-		mov [eax], esp
+		push eax
+		mov eax, fs : [TIB_ArbitraryDataSlot]
+		mov [eax], esp
+		add [eax], 12 // account for esp changes from pushed registers and return address
 		pop eax
-		call UnlockFS
+		call UnlockFS
+		popfd
 		ret
 	}
 }