hooks don't handle unreachable rip-rel in displaced code

[derekbruening]

From [email protected] on September 19, 2012 10:42:16

DR's landing pads only store jmps and the displaced code is still in the
main trampoline. thus displaced rip-rel code may not reach. it is
re-relativized but we hit an assert if it doesn't reach, which is hit every
time on win8 x64 b/c ntdll is up high:

        ASSERT_NOT_IMPLEMENTED
            ((!instr_has_rel_addr_reference(instr) ||
              REL32_REACHABLE(buf, target)) &&
             "PR 250294: displaced code too far from rip-rel target");

05 000000d526f2e8f0 00000000153bd679 dynamorio!internal_error+0x19d [c:\derek\dr\git\src\core\utils.c @ 188]
06 000000d526f2ea70 00000000153c1514 dynamorio!copy_app_code+0x259 [c:\derek\dr\git\src\core\win32\callback.c @ 787]
07 000000d526f2eae0 00000000153b4c89 dynamorio!intercept_call+0x814 [c:\derek\dr\git\src\core\win32\callback.c @ 1573]
08 000000d526f2ec10 000000001508e743 dynamorio!callback_interception_init_start+0x4b9 [c:\derek\dr\git\src\core\win32\callback.c @ 6895]
09 000000d526f2ecd0 000000001534854e dynamorio!dynamorio_app_init+0x5d3 [c:\derek\dr\git\src\core\dynamo.c @ 630]
0a 000000d526f2f640 000000001541a410 dynamorio!auto_setup+0x2e [c:\derek\dr\git\src\core\x86\x86_code.c @ 141]
0b 000000d526f2f730 000000d526f2f750 dynamorio!dynamo_auto_start+0x10 [C:\derek\dr\git\build_x64_dbg_tests\core\x86_core.s @ 930]

0:000> U @@(tgt_pc)
ntdll!KiUserExceptionDispatch:
000007f907444b6c fc cld 000007f907444b6d 488b05c4841300 mov rax,qword ptr [ntdll!Wow64PrepareForException (000007f9`0757d038)]

=> so we need to put the displaced app code in the landing pad, not the
main trampoline memory

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=902

[derekbruening]

From [email protected] on October 04, 2012 12:02:35

This issue was closed by revision r1629 .

Status: Fixed