Mov AX, 0xDEAD Posted June 30, 2022 Author Share Posted June 30, 2022 8 hours ago, Dibya said: Anyway to add FPU space? 1) struct _CONTEXT has unused 1a0 bytes, it is enough to store high part of ymm0-ymm15 (low part of ymm* is xmm* and stored by kernel itself) struct _M128A VectorRegister;// Offset=0x300 Size=0x1a0 2) struct _KERNEL_STACK_CONTROL has embeded _XMM_SAVE_AREA32 union, no enough space to store high part of ymm0-ymm15 regs I dont sure what struct used on x64 to store FPU context, if _XMM_SAVE_AREA32 - need to expand struct (200h->300h) and change all related size/offsets in kernel, finding these places may be very hard, see KxContextToKframes(), KiInitializeKernel(), KiInitializeContextThread(), PspGetSetContextInternal(), RtlInitializeContext(), KeSaveLegacyFloatingPointState(), ... 1 Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now