Hi Takashi,
On May 28 21:52, Takashi Yano wrote:
> +#ifdef __x86_64__
> + /* When the Rip points to an instruction that causes an exception,
> + modifying Rip and calling ResumeThread() may sometimes result in
> + a crash. To prevent this, advance execution by a single instruction
> + by setting the trap flag (TF) before calling ResumeThread(). This
> + will trigger either STATUS_SINGLE_STEP or the exception caused by
> + the instruction that Rip originally pointed to. By suspending the
> + targeted thread within exception::handle(), Rip no longer points
> + to the problematic instruction, allowing safe handling of the
> + interrupt. As a result, Rip can be adjusted appropriately, and the
> + thread can resume execution without unexpected crashes. */
> + if (!inside_kernel (cx, true))
> + {
> + cx->EFlags |= 0x100; /* Set TF (setup single step execution) */
> + SetThreadContext (*this, cx);
> + suspend_on_exception = true;
> + ResumeThread (*this);
> + ULONG cnt = 0;
> + NTSTATUS status;
> + do
> + {
> + yield ();
> + status = NtQueryInformationThread (*this, ThreadSuspendCount,
> + &cnt, sizeof (cnt), NULL);
> + }
> + while (NT_SUCCESS (status) && cnt == 0);
> + GetThreadContext (*this, cx);
Doesn't this return cx->EFlags with the single step flag set? Otherwise
this looks ok.
Thanks,
Corinna
