ntdll-Syscall_Wrappers: Added patches to call the implementation instead of the syscall wrapper when possible.

patches/ntdll-Syscall_Wrappers/0002-ntdll-APCs-should-call-the-implementation-instead-of.patch

@@ -0,0 +1,124 @@
+From bf52a59d8a964fd0e79c684b61513c0ec5c78ccb Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 16 Oct 2015 05:17:26 +0200
+Subject: ntdll: APCs should call the implementation instead of the syscall
+ thunk.
+
+---
+ dlls/ntdll/ntdll_misc.h | 14 ++++++++++++++
+ dlls/ntdll/server.c     | 18 +++++++++---------
+ 2 files changed, 23 insertions(+), 9 deletions(-)
+
+diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
+index a33b1ea..b63005e 100644
+--- a/dlls/ntdll/ntdll_misc.h
++++ b/dlls/ntdll/ntdll_misc.h
+@@ -268,6 +268,20 @@ extern HANDLE keyed_event DECLSPEC_HIDDEN;
+                        "movl $" __ASM_NAME("call_syscall_func") ",%edx\n\t" \
+                        "call *%edx\n\t"                                     \
+                        "ret $(4*" #args ")" )
++
++#define DECLARE_SYSCALL_ENTRYPOINT( name ) \
++    extern typeof( name ) __syscall_ ## name
++
++DECLARE_SYSCALL_ENTRYPOINT( NtAllocateVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtFlushVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtFreeVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtLockVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtMapViewOfSection );
++DECLARE_SYSCALL_ENTRYPOINT( NtProtectVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtQueryVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtUnlockVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtUnmapViewOfSection );
++
+ #else /* __i386__ */
+ 
+ #define SYSCALL( name ) name
+diff --git a/dlls/ntdll/server.c b/dlls/ntdll/server.c
+index 95111ad..d2b15cb 100644
+--- a/dlls/ntdll/server.c
++++ b/dlls/ntdll/server.c
+@@ -424,7 +424,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         size = call->virtual_alloc.size;
+         if ((ULONG_PTR)addr == call->virtual_alloc.addr && size == call->virtual_alloc.size)
+         {
+-            result->virtual_alloc.status = NtAllocateVirtualMemory( NtCurrentProcess(), &addr,
++            result->virtual_alloc.status = SYSCALL(NtAllocateVirtualMemory)( NtCurrentProcess(), &addr,
+                                                                     call->virtual_alloc.zero_bits, &size,
+                                                                     call->virtual_alloc.op_type,
+                                                                     call->virtual_alloc.prot );
+@@ -439,7 +439,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         size = call->virtual_free.size;
+         if ((ULONG_PTR)addr == call->virtual_free.addr && size == call->virtual_free.size)
+         {
+-            result->virtual_free.status = NtFreeVirtualMemory( NtCurrentProcess(), &addr, &size,
++            result->virtual_free.status = SYSCALL(NtFreeVirtualMemory)( NtCurrentProcess(), &addr, &size,
+                                                                call->virtual_free.op_type );
+             result->virtual_free.addr = wine_server_client_ptr( addr );
+             result->virtual_free.size = size;
+@@ -452,7 +452,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         result->type = call->type;
+         addr = wine_server_get_ptr( call->virtual_query.addr );
+         if ((ULONG_PTR)addr == call->virtual_query.addr)
+-            result->virtual_query.status = NtQueryVirtualMemory( NtCurrentProcess(),
++            result->virtual_query.status = SYSCALL(NtQueryVirtualMemory)( NtCurrentProcess(),
+                                                                  addr, MemoryBasicInformation, &info,
+                                                                  sizeof(info), NULL );
+         else
+@@ -476,7 +476,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         size = call->virtual_protect.size;
+         if ((ULONG_PTR)addr == call->virtual_protect.addr && size == call->virtual_protect.size)
+         {
+-            result->virtual_protect.status = NtProtectVirtualMemory( NtCurrentProcess(), &addr, &size,
++            result->virtual_protect.status = SYSCALL(NtProtectVirtualMemory)( NtCurrentProcess(), &addr, &size,
+                                                                      call->virtual_protect.prot,
+                                                                      &result->virtual_protect.prot );
+             result->virtual_protect.addr = wine_server_client_ptr( addr );
+@@ -490,7 +490,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         size = call->virtual_flush.size;
+         if ((ULONG_PTR)addr == call->virtual_flush.addr && size == call->virtual_flush.size)
+         {
+-            result->virtual_flush.status = NtFlushVirtualMemory( NtCurrentProcess(),
++            result->virtual_flush.status = SYSCALL(NtFlushVirtualMemory)( NtCurrentProcess(),
+                                                                  (const void **)&addr, &size, 0 );
+             result->virtual_flush.addr = wine_server_client_ptr( addr );
+             result->virtual_flush.size = size;
+@@ -503,7 +503,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         size = call->virtual_lock.size;
+         if ((ULONG_PTR)addr == call->virtual_lock.addr && size == call->virtual_lock.size)
+         {
+-            result->virtual_lock.status = NtLockVirtualMemory( NtCurrentProcess(), &addr, &size, 0 );
++            result->virtual_lock.status = SYSCALL(NtLockVirtualMemory)( NtCurrentProcess(), &addr, &size, 0 );
+             result->virtual_lock.addr = wine_server_client_ptr( addr );
+             result->virtual_lock.size = size;
+         }
+@@ -515,7 +515,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         size = call->virtual_unlock.size;
+         if ((ULONG_PTR)addr == call->virtual_unlock.addr && size == call->virtual_unlock.size)
+         {
+-            result->virtual_unlock.status = NtUnlockVirtualMemory( NtCurrentProcess(), &addr, &size, 0 );
++            result->virtual_unlock.status = SYSCALL(NtUnlockVirtualMemory)( NtCurrentProcess(), &addr, &size, 0 );
+             result->virtual_unlock.addr = wine_server_client_ptr( addr );
+             result->virtual_unlock.size = size;
+         }
+@@ -529,7 +529,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         {
+             LARGE_INTEGER offset;
+             offset.QuadPart = call->map_view.offset;
+-            result->map_view.status = NtMapViewOfSection( wine_server_ptr_handle(call->map_view.handle),
++            result->map_view.status = SYSCALL(NtMapViewOfSection)( wine_server_ptr_handle(call->map_view.handle),
+                                                           NtCurrentProcess(), &addr,
+                                                           call->map_view.zero_bits, 0,
+                                                           &offset, &size, ViewShare,
+@@ -544,7 +544,7 @@ static BOOL invoke_apc( const apc_call_t *call, apc_result_t *result )
+         result->type = call->type;
+         addr = wine_server_get_ptr( call->unmap_view.addr );
+         if ((ULONG_PTR)addr == call->unmap_view.addr)
+-            result->unmap_view.status = NtUnmapViewOfSection( NtCurrentProcess(), addr );
++            result->unmap_view.status = SYSCALL(NtUnmapViewOfSection)( NtCurrentProcess(), addr );
+         else
+             result->unmap_view.status = STATUS_INVALID_PARAMETER;
+         break;
+-- 
+2.6.1
+

patches/ntdll-Syscall_Wrappers/0003-ntdll-Syscalls-should-not-call-Nt-Ex-thunk-wrappers.patch

@@ -0,0 +1,48 @@
+From f98d759df530437f92f75be55917bec366ece883 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 16 Oct 2015 05:31:11 +0200
+Subject: ntdll: Syscalls should not call Nt*Ex thunk wrappers.
+
+---
+ dlls/ntdll/nt.c         | 4 ++--
+ dlls/ntdll/ntdll_misc.h | 2 ++
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
+index e48e6d4..ace7196 100644
+--- a/dlls/ntdll/nt.c
++++ b/dlls/ntdll/nt.c
+@@ -124,7 +124,7 @@ NTSTATUS WINAPI SYSCALL(NtOpenProcessToken)(
+ 	DWORD DesiredAccess,
+ 	HANDLE *TokenHandle)
+ {
+-    return NtOpenProcessTokenEx( ProcessHandle, DesiredAccess, 0, TokenHandle );
++    return SYSCALL(NtOpenProcessTokenEx)( ProcessHandle, DesiredAccess, 0, TokenHandle );
+ }
+ 
+ /******************************************************************************
+@@ -163,7 +163,7 @@ NTSTATUS WINAPI SYSCALL(NtOpenThreadToken)(
+ 	BOOLEAN OpenAsSelf,
+ 	HANDLE *TokenHandle)
+ {
+-    return NtOpenThreadTokenEx( ThreadHandle, DesiredAccess, OpenAsSelf, 0, TokenHandle );
++    return SYSCALL(NtOpenThreadTokenEx)( ThreadHandle, DesiredAccess, OpenAsSelf, 0, TokenHandle );
+ }
+ 
+ /******************************************************************************
+diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
+index b63005e..11099c5 100644
+--- a/dlls/ntdll/ntdll_misc.h
++++ b/dlls/ntdll/ntdll_misc.h
+@@ -277,6 +277,8 @@ DECLARE_SYSCALL_ENTRYPOINT( NtFlushVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtFreeVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtLockVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtMapViewOfSection );
++DECLARE_SYSCALL_ENTRYPOINT( NtOpenProcessTokenEx );
++DECLARE_SYSCALL_ENTRYPOINT( NtOpenThreadTokenEx );
+ DECLARE_SYSCALL_ENTRYPOINT( NtProtectVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtQueryVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtUnlockVirtualMemory );
+-- 
+2.6.1
+

patches/ntdll-Syscall_Wrappers/0004-ntdll-Call-implementation-instead-of-thunk-wrappers-.patch

@@ -0,0 +1,57 @@
+From dd80beb72d31aa4cb1713e669e0030cfbc246a71 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 16 Oct 2015 05:54:08 +0200
+Subject: ntdll: Call implementation instead of thunk wrappers in init_options.
+
+---
+ dlls/ntdll/directory.c  | 6 +++---
+ dlls/ntdll/ntdll_misc.h | 3 +++
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/ntdll/directory.c b/dlls/ntdll/directory.c
+index 770cd3f..5c595c8 100644
+--- a/dlls/ntdll/directory.c
++++ b/dlls/ntdll/directory.c
+@@ -1188,15 +1188,15 @@ static DWORD WINAPI init_options( RTL_RUN_ONCE *once, void *param, void **contex
+     RtlInitUnicodeString( &nameW, WineW );
+ 
+     /* @@ Wine registry key: HKCU\Software\Wine */
+-    if (!NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr ))
++    if (!SYSCALL(NtOpenKey)( &hkey, KEY_ALL_ACCESS, &attr ))
+     {
+         RtlInitUnicodeString( &nameW, ShowDotFilesW );
+-        if (!NtQueryValueKey( hkey, &nameW, KeyValuePartialInformation, tmp, sizeof(tmp), &dummy ))
++        if (!SYSCALL(NtQueryValueKey)( hkey, &nameW, KeyValuePartialInformation, tmp, sizeof(tmp), &dummy ))
+         {
+             WCHAR *str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)tmp)->Data;
+             show_dot_files = IS_OPTION_TRUE( str[0] );
+         }
+-        NtClose( hkey );
++        SYSCALL(NtClose)( hkey );
+     }
+     NtClose( root );
+ 
+diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
+index 11099c5..cf2b33b 100644
+--- a/dlls/ntdll/ntdll_misc.h
++++ b/dlls/ntdll/ntdll_misc.h
+@@ -273,13 +273,16 @@ extern HANDLE keyed_event DECLSPEC_HIDDEN;
+     extern typeof( name ) __syscall_ ## name
+ 
+ DECLARE_SYSCALL_ENTRYPOINT( NtAllocateVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtClose );
+ DECLARE_SYSCALL_ENTRYPOINT( NtFlushVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtFreeVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtLockVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtMapViewOfSection );
++DECLARE_SYSCALL_ENTRYPOINT( NtOpenKey );
+ DECLARE_SYSCALL_ENTRYPOINT( NtOpenProcessTokenEx );
+ DECLARE_SYSCALL_ENTRYPOINT( NtOpenThreadTokenEx );
+ DECLARE_SYSCALL_ENTRYPOINT( NtProtectVirtualMemory );
++DECLARE_SYSCALL_ENTRYPOINT( NtQueryValueKey );
+ DECLARE_SYSCALL_ENTRYPOINT( NtQueryVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtUnlockVirtualMemory );
+ DECLARE_SYSCALL_ENTRYPOINT( NtUnmapViewOfSection );
+-- 
+2.6.1
+

patches/patchinstall.sh

@@ -4053,14 +4053,20 @@ fi
 # | Modified files:
 # |   *	dlls/ntdll/atom.c, dlls/ntdll/directory.c, dlls/ntdll/env.c, dlls/ntdll/error.c, dlls/ntdll/file.c, dlls/ntdll/loader.c,
 # | 	dlls/ntdll/nt.c, dlls/ntdll/ntdll_misc.h, dlls/ntdll/om.c, dlls/ntdll/process.c, dlls/ntdll/reg.c,
-# | 	dlls/ntdll/resource.c, dlls/ntdll/sec.c, dlls/ntdll/signal_arm.c, dlls/ntdll/signal_arm64.c, dlls/ntdll/signal_i386.c,
-# | 	dlls/ntdll/signal_powerpc.c, dlls/ntdll/signal_x86_64.c, dlls/ntdll/sync.c, dlls/ntdll/thread.c, dlls/ntdll/time.c,
-# | 	dlls/ntdll/virtual.c
+# | 	dlls/ntdll/resource.c, dlls/ntdll/sec.c, dlls/ntdll/server.c, dlls/ntdll/signal_arm.c, dlls/ntdll/signal_arm64.c,
+# | 	dlls/ntdll/signal_i386.c, dlls/ntdll/signal_powerpc.c, dlls/ntdll/signal_x86_64.c, dlls/ntdll/sync.c,
+# | 	dlls/ntdll/thread.c, dlls/ntdll/time.c, dlls/ntdll/virtual.c
 # |
 if test "$enable_ntdll_Syscall_Wrappers" -eq 1; then
 	patch_apply ntdll-Syscall_Wrappers/0001-ntdll-Use-wrapper-functions-for-syscalls.patch
+	patch_apply ntdll-Syscall_Wrappers/0002-ntdll-APCs-should-call-the-implementation-instead-of.patch
+	patch_apply ntdll-Syscall_Wrappers/0003-ntdll-Syscalls-should-not-call-Nt-Ex-thunk-wrappers.patch
+	patch_apply ntdll-Syscall_Wrappers/0004-ntdll-Call-implementation-instead-of-thunk-wrappers-.patch
 	(
 		echo '+    { "Sebastian Lackner", "ntdll: Use wrapper functions for syscalls.", 1 },';
+		echo '+    { "Sebastian Lackner", "ntdll: APCs should call the implementation instead of the syscall thunk.", 1 },';
+		echo '+    { "Sebastian Lackner", "ntdll: Syscalls should not call Nt*Ex thunk wrappers.", 1 },';
+		echo '+    { "Sebastian Lackner", "ntdll: Call implementation instead of thunk wrappers in init_options.", 1 },';
 	) >> "$patchlist"
 fi