Added patch to save rdi and rsi in raise_func_trampoline on x86_64.

patches/ntdll-raise_func_trampoline/0001-ntdll-Save-rdi-and-rsi-in-raise_func_trampoline.patch

@@ -0,0 +1,54 @@
+From 7a4b334d01cc105418fb29baa6662ab566c06a42 Mon Sep 17 00:00:00 2001
+From: Andrew Wesie <awesie@gmail.com>
+Date: Sun, 12 Feb 2017 16:41:22 -0600
+Subject: ntdll: Save rdi and rsi in raise_func_trampoline.
+
+On Windows, RDI and RSI are callee-saved registers, but on Linux
+they are caller-saved registers. As such, raise_func_trampoline
+needs to explicitly unwind them.
+
+Signed-off-by: Andrew Wesie <awesie@gmail.com>
+---
+ dlls/ntdll/signal_x86_64.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/ntdll/signal_x86_64.c b/dlls/ntdll/signal_x86_64.c
+index f33fe4cbfd6..61bb2ddce6f 100644
+--- a/dlls/ntdll/signal_x86_64.c
++++ b/dlls/ntdll/signal_x86_64.c
+@@ -2066,9 +2066,11 @@ NTSTATUS context_from_server( CONTEXT *to, const context_t *from )
+ extern void raise_func_trampoline( EXCEPTION_RECORD *rec, CONTEXT *context, raise_func func );
+ __ASM_GLOBAL_FUNC( raise_func_trampoline,
+                    __ASM_CFI(".cfi_signal_frame\n\t")
+-                   __ASM_CFI(".cfi_def_cfa %rbp,144\n\t")  /* red zone + rip + rbp */
+-                   __ASM_CFI(".cfi_rel_offset %rip,8\n\t")
+-                   __ASM_CFI(".cfi_rel_offset %rbp,0\n\t")
++                   __ASM_CFI(".cfi_def_cfa %rbp,160\n\t")  /* red zone + rip + rbp + rdi + rsi */
++                   __ASM_CFI(".cfi_rel_offset %rip,24\n\t")
++                   __ASM_CFI(".cfi_rel_offset %rbp,16\n\t")
++                   __ASM_CFI(".cfi_rel_offset %rdi,8\n\t")
++                   __ASM_CFI(".cfi_rel_offset %rsi,0\n\t")
+                    "call *%rdx\n\t"
+                    "int $3")
+ 
+@@ -2085,6 +2087,8 @@ static EXCEPTION_RECORD *setup_exception( ucontext_t *sigcontext, raise_func fun
+     {
+         CONTEXT           context;
+         EXCEPTION_RECORD  rec;
++        ULONG64           rsi;
++        ULONG64           rdi;
+         ULONG64           rbp;
+         ULONG64           rip;
+         ULONG64           red_zone[16];
+@@ -2154,6 +2158,8 @@ static EXCEPTION_RECORD *setup_exception( ucontext_t *sigcontext, raise_func fun
+     rsp_ptr = (ULONG64 *)RSP_sig(sigcontext) - 16;
+     *(--rsp_ptr) = RIP_sig(sigcontext);
+     *(--rsp_ptr) = RBP_sig(sigcontext);
++    *(--rsp_ptr) = RDI_sig(sigcontext);
++    *(--rsp_ptr) = RSI_sig(sigcontext);
+ 
+     /* now modify the sigcontext to return to the raise function */
+     RIP_sig(sigcontext) = (ULONG_PTR)raise_func_trampoline;
+-- 
+2.11.0
+

patches/ntdll-raise_func_trampoline/definition

@@ -0,0 +1 @@
+Fixes: Save rdi and rsi in raise_func_trampoline on x86_64

patches/patchinstall.sh

@@ -269,6 +269,7 @@ patch_enable_all ()
 	enable_ntdll_Zero_mod_name="$1"
 	enable_ntdll__aulldvrm="$1"
 	enable_ntdll_call_thread_func_wrapper="$1"
+	enable_ntdll_raise_func_trampoline="$1"
 	enable_ntoskrnl_DriverTest="$1"
 	enable_ntoskrnl_Stubs="$1"
 	enable_nvapi_Stub_DLL="$1"
@@ -1024,6 +1025,9 @@ patch_enable ()
 		ntdll-call_thread_func_wrapper)
 			enable_ntdll_call_thread_func_wrapper="$2"
 			;;
+		ntdll-raise_func_trampoline)
+			enable_ntdll_raise_func_trampoline="$2"
+			;;
 		ntoskrnl-DriverTest)
 			enable_ntoskrnl_DriverTest="$2"
 			;;
@@ -5939,6 +5943,18 @@ if test "$enable_ntdll_call_thread_func_wrapper" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset ntdll-raise_func_trampoline
+# |
+# | Modified files:
+# |   *	dlls/ntdll/signal_x86_64.c
+# |
+if test "$enable_ntdll_raise_func_trampoline" -eq 1; then
+	patch_apply ntdll-raise_func_trampoline/0001-ntdll-Save-rdi-and-rsi-in-raise_func_trampoline.patch
+	(
+		printf '%s\n' '+    { "Andrew Wesie", "ntdll: Save rdi and rsi in raise_func_trampoline.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset ntoskrnl-DriverTest
 # |
 # | Modified files: