3d2925b9de
Since we may copy code (see CopyInstructions) to the trampoline which could reference data inside the original module, we really want the trampoline to be within 2 GB of not just the original function, but within anything that function may have rip-relative accesses to, i.e. within 2 GB of that function's whole module. This fixes interception failures like the following scenario: 1. Intercept `CreateProcess` in kernel32.dll, allocating a trampoline region right after 2. Start intercepting `memcpy` in the main executable, which is loaded at a lower address than kernel32.dll, but still within 2 GB of the trampoline region so we keep using it. 3. Try to copy instructions from `memcpy` to the trampoline. Turns out one instruction references data that is more than 2GB away from the trampoline, so it can't be relocated. 4. The process exits due to a CHECK failure (Full story at https://crbug.com/341936875#comment45 and following.)
40 KiB
40 KiB