From 0a46366c22318652e8871bd1ef94a23860a3ddc0 Mon Sep 17 00:00:00 2001 From: Silent Date: Mon, 5 Oct 2020 21:44:56 +0200 Subject: [PATCH] Add an rdtsc false positive check for Group S Challenge [CC-005] [1.05] --- src/core/kernel/init/CxbxKrnl.cpp | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/core/kernel/init/CxbxKrnl.cpp b/src/core/kernel/init/CxbxKrnl.cpp index f5eec0556..fcc275b9b 100644 --- a/src/core/kernel/init/CxbxKrnl.cpp +++ b/src/core/kernel/init/CxbxKrnl.cpp @@ -492,7 +492,7 @@ const uint8_t rdtsc_pattern[] = { 0xEB, 0xF6, 0xA1, - 0x01 + 0x01 // one false positive in Group S Challenge [1.05] .text E8 0F 31 01 00 }; const int sizeof_rdtsc_pattern = sizeof(rdtsc_pattern); @@ -550,6 +550,15 @@ void PatchRdtscInstructions() continue; } + } + if (next_byte == 0x01) + { + if (*(uint8_t*)(addr - 1) == 0xE8 && *(uint8_t*)(addr + 3) == 0x00) + { + EmuLogInit(LOG_LEVEL::INFO, "Skipped false positive: rdtsc pattern 0x%.2X, @ 0x%.8X", next_byte, (DWORD)addr); + continue; + } + } PatchRdtsc(addr); //the first for loop already increment addr per loop. we only increment one more time so the addr will point to the byte next to the found rdtsc instruction. this is important since there is at least one case that two rdtsc instructions are next to each other.