xref: /reactos/sdk/lib/rtl/amd64/unwind.c (revision 3a49e26f)
1 /*
2  * COPYRIGHT:       See COPYING in the top level directory
3  * PROJECT:         ReactOS system libraries
4  * PURPOSE:         Unwinding related functions
5  * PROGRAMMER:      Timo Kreuzer (timo.kreuzer@reactos.org)
6  */
7 
8 /* INCLUDES *****************************************************************/
9 
10 #include <rtl.h>
11 
12 #define NDEBUG
13 #include <debug.h>
14 
15 #define UNWIND_HISTORY_TABLE_NONE 0
16 #define UNWIND_HISTORY_TABLE_GLOBAL 1
17 #define UNWIND_HISTORY_TABLE_LOCAL 2
18 
19 #define UWOP_PUSH_NONVOL 0
20 #define UWOP_ALLOC_LARGE 1
21 #define UWOP_ALLOC_SMALL 2
22 #define UWOP_SET_FPREG 3
23 #define UWOP_SAVE_NONVOL 4
24 #define UWOP_SAVE_NONVOL_FAR 5
25 #if 0 // These are deprecated / not for x64
26 #define UWOP_SAVE_XMM 6
27 #define UWOP_SAVE_XMM_FAR 7
28 #else
29 #define UWOP_EPILOG 6
30 #define UWOP_SPARE_CODE 7
31 #endif
32 #define UWOP_SAVE_XMM128 8
33 #define UWOP_SAVE_XMM128_FAR 9
34 #define UWOP_PUSH_MACHFRAME 10
35 
36 
37 typedef unsigned char UBYTE;
38 
39 typedef union _UNWIND_CODE
40 {
41     struct
42     {
43         UBYTE CodeOffset;
44         UBYTE UnwindOp:4;
45         UBYTE OpInfo:4;
46     };
47     USHORT FrameOffset;
48 } UNWIND_CODE, *PUNWIND_CODE;
49 
50 typedef struct _UNWIND_INFO
51 {
52     UBYTE Version:3;
53     UBYTE Flags:5;
54     UBYTE SizeOfProlog;
55     UBYTE CountOfCodes;
56     UBYTE FrameRegister:4;
57     UBYTE FrameOffset:4;
58     UNWIND_CODE UnwindCode[1];
59 /*    union {
60         OPTIONAL ULONG ExceptionHandler;
61         OPTIONAL ULONG FunctionEntry;
62     };
63     OPTIONAL ULONG ExceptionData[];
64 */
65 } UNWIND_INFO, *PUNWIND_INFO;
66 
67 /* FUNCTIONS *****************************************************************/
68 
69 /*! RtlLookupFunctionTable
70  * \brief Locates the table of RUNTIME_FUNCTION entries for a code address.
71  * \param ControlPc
72  *            Address of the code, for which the table should be searched.
73  * \param ImageBase
74  *            Pointer to a DWORD64 that receives the base address of the
75  *            corresponding executable image.
76  * \param Length
77  *            Pointer to an ULONG that receives the number of table entries
78  *            present in the table.
79  */
80 PRUNTIME_FUNCTION
81 NTAPI
82 RtlLookupFunctionTable(
83     IN DWORD64 ControlPc,
84     OUT PDWORD64 ImageBase,
85     OUT PULONG Length)
86 {
87     PVOID Table;
88     ULONG Size;
89 
90     /* Find corresponding file header from code address */
91     if (!RtlPcToFileHeader((PVOID)ControlPc, (PVOID*)ImageBase))
92     {
93         /* Nothing found */
94         return NULL;
95     }
96 
97     /* Locate the exception directory */
98     Table = RtlImageDirectoryEntryToData((PVOID)*ImageBase,
99                                          TRUE,
100                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION,
101                                          &Size);
102 
103     /* Return the number of entries */
104     *Length = Size / sizeof(RUNTIME_FUNCTION);
105 
106     /* Return the address of the table */
107     return Table;
108 }
109 
110 PRUNTIME_FUNCTION
111 NTAPI
112 RtlpLookupDynamicFunctionEntry(
113     _In_ DWORD64 ControlPc,
114     _Out_ PDWORD64 ImageBase,
115     _In_ PUNWIND_HISTORY_TABLE HistoryTable);
116 
117 /*! RtlLookupFunctionEntry
118  * \brief Locates the RUNTIME_FUNCTION entry corresponding to a code address.
119  * \ref http://msdn.microsoft.com/en-us/library/ms680597(VS.85).aspx
120  * \todo Implement HistoryTable
121  */
122 PRUNTIME_FUNCTION
123 NTAPI
124 RtlLookupFunctionEntry(
125     IN DWORD64 ControlPc,
126     OUT PDWORD64 ImageBase,
127     OUT PUNWIND_HISTORY_TABLE HistoryTable)
128 {
129     PRUNTIME_FUNCTION FunctionTable, FunctionEntry;
130     ULONG TableLength;
131     ULONG IndexLo, IndexHi, IndexMid;
132 
133     /* Find the corresponding table */
134     FunctionTable = RtlLookupFunctionTable(ControlPc, ImageBase, &TableLength);
135 
136     /* If no table is found, try dynamic function tables */
137     if (!FunctionTable)
138     {
139         return RtlpLookupDynamicFunctionEntry(ControlPc, ImageBase, HistoryTable);
140     }
141 
142     /* Use relative virtual address */
143     ControlPc -= *ImageBase;
144 
145     /* Do a binary search */
146     IndexLo = 0;
147     IndexHi = TableLength;
148     while (IndexHi > IndexLo)
149     {
150         IndexMid = (IndexLo + IndexHi) / 2;
151         FunctionEntry = &FunctionTable[IndexMid];
152 
153         if (ControlPc < FunctionEntry->BeginAddress)
154         {
155             /* Continue search in lower half */
156             IndexHi = IndexMid;
157         }
158         else if (ControlPc >= FunctionEntry->EndAddress)
159         {
160             /* Continue search in upper half */
161             IndexLo = IndexMid + 1;
162         }
163         else
164         {
165             /* ControlPc is within limits, return entry */
166             return FunctionEntry;
167         }
168     }
169 
170     /* Nothing found, return NULL */
171     return NULL;
172 }
173 
174 static
175 __inline
176 ULONG
177 UnwindOpSlots(
178     _In_ UNWIND_CODE UnwindCode)
179 {
180     static const UCHAR UnwindOpExtraSlotTable[] =
181     {
182         0, // UWOP_PUSH_NONVOL
183         1, // UWOP_ALLOC_LARGE (or 3, special cased in lookup code)
184         0, // UWOP_ALLOC_SMALL
185         0, // UWOP_SET_FPREG
186         1, // UWOP_SAVE_NONVOL
187         2, // UWOP_SAVE_NONVOL_FAR
188         1, // UWOP_EPILOG // previously UWOP_SAVE_XMM
189         2, // UWOP_SPARE_CODE // previously UWOP_SAVE_XMM_FAR
190         1, // UWOP_SAVE_XMM128
191         2, // UWOP_SAVE_XMM128_FAR
192         0, // UWOP_PUSH_MACHFRAME
193         2, // UWOP_SET_FPREG_LARGE
194     };
195 
196     if ((UnwindCode.UnwindOp == UWOP_ALLOC_LARGE) &&
197         (UnwindCode.OpInfo != 0))
198     {
199         return 3;
200     }
201     else
202     {
203         return UnwindOpExtraSlotTable[UnwindCode.UnwindOp] + 1;
204     }
205 }
206 
207 static
208 __inline
209 void
210 SetReg(
211     _Inout_ PCONTEXT Context,
212     _In_ BYTE Reg,
213     _In_ DWORD64 Value)
214 {
215     ((DWORD64*)(&Context->Rax))[Reg] = Value;
216 }
217 
218 static
219 __inline
220 void
221 SetRegFromStackValue(
222     _Inout_ PCONTEXT Context,
223     _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers,
224     _In_ BYTE Reg,
225     _In_ PDWORD64 ValuePointer)
226 {
227     SetReg(Context, Reg, *ValuePointer);
228     if (ContextPointers != NULL)
229     {
230         ContextPointers->IntegerContext[Reg] = ValuePointer;
231     }
232 }
233 
234 static
235 __inline
236 DWORD64
237 GetReg(
238     _In_ PCONTEXT Context,
239     _In_ BYTE Reg)
240 {
241     return ((DWORD64*)(&Context->Rax))[Reg];
242 }
243 
244 static
245 __inline
246 void
247 PopReg(
248     _Inout_ PCONTEXT Context,
249     _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers,
250     _In_ BYTE Reg)
251 {
252     SetRegFromStackValue(Context, ContextPointers, Reg, (PDWORD64)Context->Rsp);
253     Context->Rsp += sizeof(DWORD64);
254 }
255 
256 static
257 __inline
258 void
259 SetXmmReg(
260     _Inout_ PCONTEXT Context,
261     _In_ BYTE Reg,
262     _In_ M128A Value)
263 {
264     ((M128A*)(&Context->Xmm0))[Reg] = Value;
265 }
266 
267 static
268 __inline
269 void
270 SetXmmRegFromStackValue(
271     _Out_ PCONTEXT Context,
272     _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers,
273     _In_ BYTE Reg,
274     _In_ M128A *ValuePointer)
275 {
276     SetXmmReg(Context, Reg, *ValuePointer);
277     if (ContextPointers != NULL)
278     {
279         ContextPointers->FloatingContext[Reg] = ValuePointer;
280     }
281 }
282 
283 static
284 __inline
285 M128A
286 GetXmmReg(PCONTEXT Context, BYTE Reg)
287 {
288     return ((M128A*)(&Context->Xmm0))[Reg];
289 }
290 
291 /*! RtlpTryToUnwindEpilog
292  * \brief Helper function that tries to unwind epilog instructions.
293  * \return TRUE if we have been in an epilog and it could be unwound.
294  *         FALSE if the instructions were not allowed for an epilog.
295  * \ref
296  *  https://docs.microsoft.com/en-us/cpp/build/unwind-procedure
297  *  https://docs.microsoft.com/en-us/cpp/build/prolog-and-epilog
298  * \todo
299  *  - Test and compare with Windows behaviour
300  */
301 static
302 __inline
303 BOOLEAN
304 RtlpTryToUnwindEpilog(
305     _Inout_ PCONTEXT Context,
306     _In_ ULONG64 ControlPc,
307     _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers,
308     _In_ ULONG64 ImageBase,
309     _In_ PRUNTIME_FUNCTION FunctionEntry)
310 {
311     CONTEXT LocalContext;
312     BYTE *InstrPtr;
313     DWORD Instr;
314     BYTE Reg, Mod;
315     ULONG64 EndAddress;
316 
317     /* Make a local copy of the context */
318     LocalContext = *Context;
319 
320     InstrPtr = (BYTE*)ControlPc;
321 
322     /* Check if first instruction of epilog is "add rsp, x" */
323     Instr = *(DWORD*)InstrPtr;
324     if ( (Instr & 0x00fffdff) == 0x00c48148 )
325     {
326         if ( (Instr & 0x0000ff00) == 0x8300 )
327         {
328             /* This is "add rsp, 0x??" */
329             LocalContext.Rsp += Instr >> 24;
330             InstrPtr += 4;
331         }
332         else
333         {
334             /* This is "add rsp, 0x???????? */
335             LocalContext.Rsp += *(DWORD*)(InstrPtr + 3);
336             InstrPtr += 7;
337         }
338     }
339     /* Check if first instruction of epilog is "lea rsp, ..." */
340     else if ( (Instr & 0x38fffe) == 0x208d48 )
341     {
342         /* Get the register */
343         Reg = (Instr >> 16) & 0x7;
344 
345         /* REX.R */
346         Reg += (Instr & 1) * 8;
347 
348         LocalContext.Rsp = GetReg(&LocalContext, Reg);
349 
350         /* Get addressing mode */
351         Mod = (Instr >> 22) & 0x3;
352         if (Mod == 0)
353         {
354             /* No displacement */
355             InstrPtr += 3;
356         }
357         else if (Mod == 1)
358         {
359             /* 1 byte displacement */
360             LocalContext.Rsp += (LONG)(CHAR)(Instr >> 24);
361             InstrPtr += 4;
362         }
363         else if (Mod == 2)
364         {
365             /* 4 bytes displacement */
366             LocalContext.Rsp += *(LONG*)(InstrPtr + 3);
367             InstrPtr += 7;
368         }
369     }
370 
371     /* Loop the following instructions before the ret */
372     EndAddress = FunctionEntry->EndAddress + ImageBase - 1;
373     while ((DWORD64)InstrPtr < EndAddress)
374     {
375         Instr = *(DWORD*)InstrPtr;
376 
377         /* Check for a simple pop */
378         if ( (Instr & 0xf8) == 0x58 )
379         {
380             /* Opcode pops a basic register from stack */
381             Reg = Instr & 0x7;
382             PopReg(&LocalContext, ContextPointers, Reg);
383             InstrPtr++;
384             continue;
385         }
386 
387         /* Check for REX + pop */
388         if ( (Instr & 0xf8fb) == 0x5841 )
389         {
390             /* Opcode is pop r8 .. r15 */
391             Reg = ((Instr >> 8) & 0x7) + 8;
392             PopReg(&LocalContext, ContextPointers, Reg);
393             InstrPtr += 2;
394             continue;
395         }
396 
397         /* Opcode not allowed for Epilog */
398         return FALSE;
399     }
400 
401     // check for popfq
402 
403     // also allow end with jmp imm, jmp [target], iretq
404 
405     /* Check if we are at the ret instruction */
406     if ((DWORD64)InstrPtr != EndAddress)
407     {
408         /* If we went past the end of the function, something is broken! */
409         ASSERT((DWORD64)InstrPtr <= EndAddress);
410         return FALSE;
411     }
412 
413     /* Make sure this is really a ret instruction */
414     if (*InstrPtr != 0xc3)
415     {
416         ASSERT(FALSE);
417         return FALSE;
418     }
419 
420     /* Unwind is finished, pop new Rip from Stack */
421     LocalContext.Rip = *(DWORD64*)LocalContext.Rsp;
422     LocalContext.Rsp += sizeof(DWORD64);
423 
424     *Context = LocalContext;
425     return TRUE;
426 }
427 
428 /*!
429 
430     \ref https://docs.microsoft.com/en-us/cpp/build/unwind-data-definitions-in-c
431 */
432 static
433 ULONG64
434 GetEstablisherFrame(
435     _In_ PCONTEXT Context,
436     _In_ PUNWIND_INFO UnwindInfo,
437     _In_ ULONG_PTR CodeOffset)
438 {
439     ULONG i;
440 
441     /* Check if we have a frame register */
442     if (UnwindInfo->FrameRegister == 0)
443     {
444         /* No frame register means we use Rsp */
445         return Context->Rsp;
446     }
447 
448     if ((CodeOffset >= UnwindInfo->SizeOfProlog) ||
449         ((UnwindInfo->Flags & UNW_FLAG_CHAININFO) != 0))
450     {
451         return GetReg(Context, UnwindInfo->FrameRegister) -
452                UnwindInfo->FrameOffset * 16;
453     }
454 
455     /* Loop all unwind ops */
456     for (i = 0;
457          i < UnwindInfo->CountOfCodes;
458          i += UnwindOpSlots(UnwindInfo->UnwindCode[i]))
459     {
460         /* Skip codes past our code offset */
461         if (UnwindInfo->UnwindCode[i].CodeOffset > CodeOffset)
462         {
463             continue;
464         }
465 
466         /* Check for SET_FPREG */
467         if (UnwindInfo->UnwindCode[i].UnwindOp == UWOP_SET_FPREG)
468         {
469             return GetReg(Context, UnwindInfo->FrameRegister) -
470                        UnwindInfo->FrameOffset * 16;
471         }
472     }
473 
474     return Context->Rsp;
475 }
476 
477 PEXCEPTION_ROUTINE
478 NTAPI
479 RtlVirtualUnwind(
480     _In_ ULONG HandlerType,
481     _In_ ULONG64 ImageBase,
482     _In_ ULONG64 ControlPc,
483     _In_ PRUNTIME_FUNCTION FunctionEntry,
484     _Inout_ PCONTEXT Context,
485     _Outptr_ PVOID *HandlerData,
486     _Out_ PULONG64 EstablisherFrame,
487     _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers)
488 {
489     PUNWIND_INFO UnwindInfo;
490     ULONG_PTR ControlRva, CodeOffset;
491     ULONG i, Offset;
492     UNWIND_CODE UnwindCode;
493     BYTE Reg;
494     PULONG LanguageHandler;
495 
496     /* Get relative virtual address */
497     ControlRva = ControlPc - ImageBase;
498 
499     /* Sanity checks */
500     if ( (ControlRva < FunctionEntry->BeginAddress) ||
501          (ControlRva >= FunctionEntry->EndAddress) )
502     {
503         return NULL;
504     }
505 
506     /* Get a pointer to the unwind info */
507     UnwindInfo = RVA(ImageBase, FunctionEntry->UnwindData);
508 
509     /* The language specific handler data follows the unwind info */
510     LanguageHandler = ALIGN_UP_POINTER_BY(&UnwindInfo->UnwindCode[UnwindInfo->CountOfCodes], sizeof(ULONG));
511 
512     /* Calculate relative offset to function start */
513     CodeOffset = ControlRva - FunctionEntry->BeginAddress;
514 
515     *EstablisherFrame = GetEstablisherFrame(Context, UnwindInfo, CodeOffset);
516 
517     /* Check if we are in the function epilog and try to finish it */
518     if ((CodeOffset > UnwindInfo->SizeOfProlog) && (UnwindInfo->CountOfCodes > 0))
519     {
520         if (RtlpTryToUnwindEpilog(Context, ControlPc, ContextPointers, ImageBase, FunctionEntry))
521         {
522             /* There's no exception routine */
523             return NULL;
524         }
525     }
526 
527     /* Skip all Ops with an offset greater than the current Offset */
528     i = 0;
529     while ((i < UnwindInfo->CountOfCodes) &&
530            (UnwindInfo->UnwindCode[i].CodeOffset > CodeOffset))
531     {
532         i += UnwindOpSlots(UnwindInfo->UnwindCode[i]);
533     }
534 
535 RepeatChainedInfo:
536 
537     /* Process the remaining unwind ops */
538     while (i < UnwindInfo->CountOfCodes)
539     {
540         UnwindCode = UnwindInfo->UnwindCode[i];
541         switch (UnwindCode.UnwindOp)
542         {
543             case UWOP_PUSH_NONVOL:
544                 Reg = UnwindCode.OpInfo;
545                 PopReg(Context, ContextPointers, Reg);
546                 i++;
547                 break;
548 
549             case UWOP_ALLOC_LARGE:
550                 if (UnwindCode.OpInfo)
551                 {
552                     Offset = *(ULONG*)(&UnwindInfo->UnwindCode[i+1]);
553                     Context->Rsp += Offset;
554                     i += 3;
555                 }
556                 else
557                 {
558                     Offset = UnwindInfo->UnwindCode[i+1].FrameOffset;
559                     Context->Rsp += Offset * 8;
560                     i += 2;
561                 }
562                 break;
563 
564             case UWOP_ALLOC_SMALL:
565                 Context->Rsp += (UnwindCode.OpInfo + 1) * 8;
566                 i++;
567                 break;
568 
569             case UWOP_SET_FPREG:
570                 Reg = UnwindInfo->FrameRegister;
571                 Context->Rsp = GetReg(Context, Reg) - UnwindInfo->FrameOffset * 16;
572                 i++;
573                 break;
574 
575             case UWOP_SAVE_NONVOL:
576                 Reg = UnwindCode.OpInfo;
577                 Offset = UnwindInfo->UnwindCode[i + 1].FrameOffset;
578                 SetRegFromStackValue(Context, ContextPointers, Reg, (DWORD64*)Context->Rsp + Offset);
579                 i += 2;
580                 break;
581 
582             case UWOP_SAVE_NONVOL_FAR:
583                 Reg = UnwindCode.OpInfo;
584                 Offset = *(ULONG*)(&UnwindInfo->UnwindCode[i + 1]);
585                 SetRegFromStackValue(Context, ContextPointers, Reg, (DWORD64*)Context->Rsp + Offset);
586                 i += 3;
587                 break;
588 
589             case UWOP_EPILOG:
590                 i += 1;
591                 break;
592 
593             case UWOP_SPARE_CODE:
594                 ASSERT(FALSE);
595                 i += 2;
596                 break;
597 
598             case UWOP_SAVE_XMM128:
599                 Reg = UnwindCode.OpInfo;
600                 Offset = UnwindInfo->UnwindCode[i + 1].FrameOffset;
601                 SetXmmRegFromStackValue(Context, ContextPointers, Reg, (M128A*)Context->Rsp + Offset);
602                 i += 2;
603                 break;
604 
605             case UWOP_SAVE_XMM128_FAR:
606                 Reg = UnwindCode.OpInfo;
607                 Offset = *(ULONG*)(&UnwindInfo->UnwindCode[i + 1]);
608                 SetXmmRegFromStackValue(Context, ContextPointers, Reg, (M128A*)Context->Rsp + Offset);
609                 i += 3;
610                 break;
611 
612             case UWOP_PUSH_MACHFRAME:
613                 /* OpInfo is 1, when an error code was pushed, otherwise 0. */
614                 Context->Rsp += UnwindCode.OpInfo * sizeof(DWORD64);
615 
616                 /* Now pop the MACHINE_FRAME (RIP/RSP only. And yes, "magic numbers", deal with it) */
617                 Context->Rip = *(PDWORD64)(Context->Rsp + 0x00);
618                 Context->Rsp = *(PDWORD64)(Context->Rsp + 0x18);
619                 ASSERT((i + 1) == UnwindInfo->CountOfCodes);
620                 goto Exit;
621         }
622     }
623 
624     /* Check for chained info */
625     if (UnwindInfo->Flags & UNW_FLAG_CHAININFO)
626     {
627         /* See https://docs.microsoft.com/en-us/cpp/build/exception-handling-x64?view=msvc-160#chained-unwind-info-structures */
628         FunctionEntry = (PRUNTIME_FUNCTION)&(UnwindInfo->UnwindCode[(UnwindInfo->CountOfCodes + 1) & ~1]);
629         UnwindInfo = RVA(ImageBase, FunctionEntry->UnwindData);
630         i = 0;
631         goto RepeatChainedInfo;
632     }
633 
634     /* Unwind is finished, pop new Rip from Stack */
635     if (Context->Rsp != 0)
636     {
637         Context->Rip = *(DWORD64*)Context->Rsp;
638         Context->Rsp += sizeof(DWORD64);
639     }
640 
641 Exit:
642 
643     /* Check if we have a handler and return it */
644     if (UnwindInfo->Flags & (HandlerType & (UNW_FLAG_EHANDLER | UNW_FLAG_UHANDLER)))
645     {
646         *HandlerData = (LanguageHandler + 1);
647         return RVA(ImageBase, *LanguageHandler);
648     }
649 
650     return NULL;
651 }
652 
653 /*!
654     \remark The implementation is based on the description in this blog: http://www.nynaeve.net/?p=106
655 
656         Differences to the desciption:
657         - Instead of using 2 pointers to the unwind context and previous context,
658           that are being swapped and the context copied, the unwind context is
659           kept in the local context and copied back into the context passed in
660           by the caller.
661 
662     \see http://www.nynaeve.net/?p=106
663 */
664 BOOLEAN
665 NTAPI
666 RtlpUnwindInternal(
667     _In_opt_ PVOID TargetFrame,
668     _In_opt_ PVOID TargetIp,
669     _In_ PEXCEPTION_RECORD ExceptionRecord,
670     _In_ PVOID ReturnValue,
671     _In_ PCONTEXT ContextRecord,
672     _In_opt_ struct _UNWIND_HISTORY_TABLE *HistoryTable,
673     _In_ ULONG HandlerType)
674 {
675     DISPATCHER_CONTEXT DispatcherContext;
676     PEXCEPTION_ROUTINE ExceptionRoutine;
677     EXCEPTION_DISPOSITION Disposition;
678     PRUNTIME_FUNCTION FunctionEntry;
679     ULONG_PTR StackLow, StackHigh;
680     ULONG64 ImageBase, EstablisherFrame;
681     CONTEXT UnwindContext;
682 
683     /* Get the current stack limits and registration frame */
684     RtlpGetStackLimits(&StackLow, &StackHigh);
685 
686     /* If we have a target frame, then this is our high limit */
687     if (TargetFrame != NULL)
688     {
689         StackHigh = (ULONG64)TargetFrame + 1;
690     }
691 
692     /* Copy the context */
693     UnwindContext = *ContextRecord;
694 
695     /* Set up the constant fields of the dispatcher context */
696     DispatcherContext.ContextRecord = &UnwindContext;
697     DispatcherContext.HistoryTable = HistoryTable;
698     DispatcherContext.TargetIp = (ULONG64)TargetIp;
699 
700     /* Start looping */
701     while (TRUE)
702     {
703         /* Lookup the FunctionEntry for the current RIP */
704         FunctionEntry = RtlLookupFunctionEntry(UnwindContext.Rip, &ImageBase, NULL);
705         if (FunctionEntry == NULL)
706         {
707             /* No function entry, so this must be a leaf function. Pop the return address from the stack.
708                Note: this can happen after the first frame as the result of an exception */
709             UnwindContext.Rip = *(DWORD64*)UnwindContext.Rsp;
710             UnwindContext.Rsp += sizeof(DWORD64);
711 
712             /* Copy the context back for the next iteration */
713             *ContextRecord = UnwindContext;
714             continue;
715         }
716 
717         /* Save Rip before the virtual unwind */
718         DispatcherContext.ControlPc = UnwindContext.Rip;
719 
720         /* Do a virtual unwind to get the next frame */
721         ExceptionRoutine = RtlVirtualUnwind(HandlerType,
722                                             ImageBase,
723                                             UnwindContext.Rip,
724                                             FunctionEntry,
725                                             &UnwindContext,
726                                             &DispatcherContext.HandlerData,
727                                             &EstablisherFrame,
728                                             NULL);
729 
730         /* Check, if we are still within the stack boundaries */
731         if ((EstablisherFrame < StackLow) ||
732             (EstablisherFrame >= StackHigh) ||
733             (EstablisherFrame & 7))
734         {
735             /// TODO: Handle DPC stack
736 
737             /* If we are handling an exception, we are done here. */
738             if (HandlerType == UNW_FLAG_EHANDLER)
739             {
740                 ExceptionRecord->ExceptionFlags |= EXCEPTION_STACK_INVALID;
741                 return FALSE;
742             }
743 
744             __debugbreak();
745             RtlRaiseStatus(STATUS_BAD_STACK);
746         }
747 
748         /* Check if we have an exception routine */
749         if (ExceptionRoutine != NULL)
750         {
751             /* Check if this is the target frame */
752             if (EstablisherFrame == (ULONG64)TargetFrame)
753             {
754                 /* Set flag to inform the language handler */
755                 ExceptionRecord->ExceptionFlags |= EXCEPTION_TARGET_UNWIND;
756             }
757 
758             /* Log the exception if it's enabled */
759             RtlpCheckLogException(ExceptionRecord,
760                                   ContextRecord,
761                                   &DispatcherContext,
762                                   sizeof(DispatcherContext));
763 
764             /* Set up the variable fields of the dispatcher context */
765             DispatcherContext.ImageBase = ImageBase;
766             DispatcherContext.FunctionEntry = FunctionEntry;
767             DispatcherContext.LanguageHandler = ExceptionRoutine;
768             DispatcherContext.EstablisherFrame = EstablisherFrame;
769             DispatcherContext.ScopeIndex = 0;
770 
771             /* Store the return value in the unwind context */
772             UnwindContext.Rax = (ULONG64)ReturnValue;
773 
774              /* Loop all nested handlers */
775             do
776             {
777                 /// TODO: call RtlpExecuteHandlerForUnwind instead
778                 /* Call the language specific handler */
779                 Disposition = ExceptionRoutine(ExceptionRecord,
780                                                (PVOID)EstablisherFrame,
781                                                ContextRecord,
782                                                &DispatcherContext);
783 
784                 /* Clear exception flags for the next iteration */
785                 ExceptionRecord->ExceptionFlags &= ~(EXCEPTION_TARGET_UNWIND |
786                                                      EXCEPTION_COLLIDED_UNWIND);
787 
788                 /* Check if we do exception handling */
789                 if (HandlerType == UNW_FLAG_EHANDLER)
790                 {
791                     if (Disposition == ExceptionContinueExecution)
792                     {
793                         /* Check if it was non-continuable */
794                         if (ExceptionRecord->ExceptionFlags & EXCEPTION_NONCONTINUABLE)
795                         {
796                             __debugbreak();
797                             RtlRaiseStatus(EXCEPTION_NONCONTINUABLE_EXCEPTION);
798                         }
799 
800                         /* Execution continues */
801                         return TRUE;
802                     }
803                     else if (Disposition == ExceptionNestedException)
804                     {
805                         /// TODO
806                         __debugbreak();
807                     }
808                 }
809 
810                 if (Disposition == ExceptionCollidedUnwind)
811                 {
812                     /// TODO
813                     __debugbreak();
814                 }
815 
816                 /* This must be ExceptionContinueSearch now */
817                 if (Disposition != ExceptionContinueSearch)
818                 {
819                     __debugbreak();
820                     RtlRaiseStatus(STATUS_INVALID_DISPOSITION);
821                 }
822             } while (ExceptionRecord->ExceptionFlags & EXCEPTION_COLLIDED_UNWIND);
823         }
824 
825         /* Check, if we have left our stack (8.) */
826         if ((EstablisherFrame < StackLow) ||
827             (EstablisherFrame > StackHigh) ||
828             (EstablisherFrame & 7))
829         {
830             /// TODO: Check for DPC stack
831             __debugbreak();
832 
833             if (UnwindContext.Rip == ContextRecord->Rip)
834             {
835                 RtlRaiseStatus(STATUS_BAD_FUNCTION_TABLE);
836             }
837             else
838             {
839                 ZwRaiseException(ExceptionRecord, ContextRecord, FALSE);
840             }
841         }
842 
843         if (EstablisherFrame == (ULONG64)TargetFrame)
844         {
845             break;
846         }
847 
848         /* We have successfully unwound a frame. Copy the unwind context back. */
849         *ContextRecord = UnwindContext;
850     }
851 
852     if (ExceptionRecord->ExceptionCode != STATUS_UNWIND_CONSOLIDATE)
853     {
854         ContextRecord->Rip = (ULONG64)TargetIp;
855     }
856 
857     /* Set the return value */
858     ContextRecord->Rax = (ULONG64)ReturnValue;
859 
860     /* Restore the context */
861     RtlRestoreContext(ContextRecord, ExceptionRecord);
862 
863     /* Should never get here! */
864     ASSERT(FALSE);
865     return FALSE;
866 }
867 
868 VOID
869 NTAPI
870 RtlUnwindEx(
871     _In_opt_ PVOID TargetFrame,
872     _In_opt_ PVOID TargetIp,
873     _In_opt_ PEXCEPTION_RECORD ExceptionRecord,
874     _In_ PVOID ReturnValue,
875     _In_ PCONTEXT ContextRecord,
876     _In_opt_ struct _UNWIND_HISTORY_TABLE *HistoryTable)
877 {
878     EXCEPTION_RECORD LocalExceptionRecord;
879 
880     /* Capture the current context */
881     RtlCaptureContext(ContextRecord);
882 
883     /* Check if we have an exception record */
884     if (ExceptionRecord == NULL)
885     {
886         /* No exception record was passed, so set up a local one */
887         LocalExceptionRecord.ExceptionCode = STATUS_UNWIND;
888         LocalExceptionRecord.ExceptionAddress = (PVOID)ContextRecord->Rip;
889         LocalExceptionRecord.ExceptionRecord = NULL;
890         LocalExceptionRecord.NumberParameters = 0;
891         ExceptionRecord = &LocalExceptionRecord;
892     }
893 
894     /* Set unwind flags */
895     ExceptionRecord->ExceptionFlags = EXCEPTION_UNWINDING;
896     if (TargetFrame == NULL)
897     {
898         ExceptionRecord->ExceptionFlags |= EXCEPTION_EXIT_UNWIND;
899     }
900 
901     /* Call the internal function */
902     RtlpUnwindInternal(TargetFrame,
903                        TargetIp,
904                        ExceptionRecord,
905                        ReturnValue,
906                        ContextRecord,
907                        HistoryTable,
908                        UNW_FLAG_UHANDLER);
909 }
910 
911 VOID
912 NTAPI
913 RtlUnwind(
914     _In_opt_ PVOID TargetFrame,
915     _In_opt_ PVOID TargetIp,
916     _In_opt_ PEXCEPTION_RECORD ExceptionRecord,
917     _In_ PVOID ReturnValue)
918 {
919     CONTEXT Context;
920 
921     RtlUnwindEx(TargetFrame,
922                 TargetIp,
923                 ExceptionRecord,
924                 ReturnValue,
925                 &Context,
926                 NULL);
927 }
928 
929 ULONG
930 NTAPI
931 RtlWalkFrameChain(OUT PVOID *Callers,
932                   IN ULONG Count,
933                   IN ULONG Flags)
934 {
935     CONTEXT Context;
936     ULONG64 ControlPc, ImageBase, EstablisherFrame;
937     ULONG64 StackLow, StackHigh;
938     PVOID HandlerData;
939     ULONG i, FramesToSkip;
940     PRUNTIME_FUNCTION FunctionEntry;
941 
942     DPRINT("Enter RtlWalkFrameChain\n");
943 
944     /* The upper bits in Flags define how many frames to skip */
945     FramesToSkip = Flags >> 8;
946 
947     /* Capture the current Context */
948     RtlCaptureContext(&Context);
949     ControlPc = Context.Rip;
950 
951     /* Get the stack limits */
952     RtlpGetStackLimits(&StackLow, &StackHigh);
953 
954     /* Check if we want the user-mode stack frame */
955     if (Flags & 1)
956     {
957     }
958 
959     _SEH2_TRY
960     {
961         /* Loop the frames */
962         for (i = 0; i < FramesToSkip + Count; i++)
963         {
964             /* Lookup the FunctionEntry for the current ControlPc */
965             FunctionEntry = RtlLookupFunctionEntry(ControlPc, &ImageBase, NULL);
966 
967             /* Is this a leaf function? */
968             if (!FunctionEntry)
969             {
970                 Context.Rip = *(DWORD64*)Context.Rsp;
971                 Context.Rsp += sizeof(DWORD64);
972                 DPRINT("leaf funtion, new Rip = %p, new Rsp = %p\n", (PVOID)Context.Rip, (PVOID)Context.Rsp);
973             }
974             else
975             {
976                 RtlVirtualUnwind(UNW_FLAG_NHANDLER,
977                                  ImageBase,
978                                  ControlPc,
979                                  FunctionEntry,
980                                  &Context,
981                                  &HandlerData,
982                                  &EstablisherFrame,
983                                  NULL);
984                 DPRINT("normal funtion, new Rip = %p, new Rsp = %p\n", (PVOID)Context.Rip, (PVOID)Context.Rsp);
985             }
986 
987             /* Check if we are in kernel mode */
988             if (RtlpGetMode() == KernelMode)
989             {
990                 /* Check if we left the kernel range */
991                 if (!(Flags & 1) && (Context.Rip < 0xFFFF800000000000ULL))
992                 {
993                     break;
994                 }
995             }
996             else
997             {
998                 /* Check if we left the user range */
999                 if ((Context.Rip < 0x10000) ||
1000                     (Context.Rip > 0x000007FFFFFEFFFFULL))
1001                 {
1002                     break;
1003                 }
1004             }
1005 
1006             /* Check, if we have left our stack */
1007             if ((Context.Rsp <= StackLow) || (Context.Rsp >= StackHigh))
1008             {
1009                 break;
1010             }
1011 
1012             /* Continue with new Rip */
1013             ControlPc = Context.Rip;
1014 
1015             /* Save value, if we are past the frames to skip */
1016             if (i >= FramesToSkip)
1017             {
1018                 Callers[i - FramesToSkip] = (PVOID)ControlPc;
1019             }
1020         }
1021     }
1022     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1023     {
1024         DPRINT1("Exception while getting callers!\n");
1025         i = 0;
1026     }
1027     _SEH2_END;
1028 
1029     DPRINT("RtlWalkFrameChain returns %ld\n", i);
1030     return i;
1031 }
1032 
1033 /*! RtlGetCallersAddress
1034  * \ref http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Debug/RtlGetCallersAddress.html
1035  */
1036 #undef RtlGetCallersAddress
1037 VOID
1038 NTAPI
1039 RtlGetCallersAddress(
1040     OUT PVOID *CallersAddress,
1041     OUT PVOID *CallersCaller )
1042 {
1043     PVOID Callers[4];
1044     ULONG Number;
1045 
1046     /* Get callers:
1047      * RtlWalkFrameChain -> RtlGetCallersAddress -> x -> y */
1048     Number = RtlWalkFrameChain(Callers, 4, 0);
1049 
1050     *CallersAddress = (Number >= 3) ? Callers[2] : NULL;
1051     *CallersCaller = (Number == 4) ? Callers[3] : NULL;
1052 
1053     return;
1054 }
1055 
1056 static
1057 VOID
1058 RtlpCaptureNonVolatileContextPointers(
1059     _Out_ PKNONVOLATILE_CONTEXT_POINTERS NonvolatileContextPointers,
1060     _In_ ULONG64 TargetFrame)
1061 {
1062     CONTEXT Context;
1063     PRUNTIME_FUNCTION FunctionEntry;
1064     ULONG64 ImageBase;
1065     PVOID HandlerData;
1066     ULONG64 EstablisherFrame;
1067 
1068     /* Zero out the nonvolatile context pointers */
1069     RtlZeroMemory(NonvolatileContextPointers, sizeof(*NonvolatileContextPointers));
1070 
1071     /* Capture the current context */
1072     RtlCaptureContext(&Context);
1073 
1074     do
1075     {
1076         /* Make sure nothing fishy is going on. Currently this is for kernel mode only. */
1077         ASSERT((LONG64)Context.Rip < 0);
1078         ASSERT((LONG64)Context.Rsp < 0);
1079 
1080         /* Look up the function entry */
1081         FunctionEntry = RtlLookupFunctionEntry(Context.Rip, &ImageBase, NULL);
1082         if (FunctionEntry != NULL)
1083         {
1084             /* Do a virtual unwind to the caller and capture saved non-volatiles */
1085             RtlVirtualUnwind(UNW_FLAG_EHANDLER,
1086                              ImageBase,
1087                              Context.Rip,
1088                              FunctionEntry,
1089                              &Context,
1090                              &HandlerData,
1091                              &EstablisherFrame,
1092                              NonvolatileContextPointers);
1093 
1094             ASSERT(EstablisherFrame != 0);
1095         }
1096         else
1097         {
1098             Context.Rip = *(PULONG64)Context.Rsp;
1099             Context.Rsp += 8;
1100         }
1101 
1102         /* Continue until we reach user mode */
1103     } while ((LONG64)Context.Rip < 0);
1104 
1105     /* If the caller did the right thing, we should get past the target frame */
1106     ASSERT(EstablisherFrame >= TargetFrame);
1107 }
1108 
1109 VOID
1110 RtlSetUnwindContext(
1111     _In_ PCONTEXT Context,
1112     _In_ DWORD64 TargetFrame)
1113 {
1114     KNONVOLATILE_CONTEXT_POINTERS ContextPointers;
1115 
1116     /* Capture pointers to the non-volatiles up to the target frame */
1117     RtlpCaptureNonVolatileContextPointers(&ContextPointers, TargetFrame);
1118 
1119     /* Copy the nonvolatiles to the captured locations */
1120     *ContextPointers.R12 = Context->R12;
1121     *ContextPointers.R13 = Context->R13;
1122     *ContextPointers.R14 = Context->R14;
1123     *ContextPointers.R15 = Context->R15;
1124     *ContextPointers.Xmm6 = Context->Xmm6;
1125     *ContextPointers.Xmm7 = Context->Xmm7;
1126     *ContextPointers.Xmm8 = Context->Xmm8;
1127     *ContextPointers.Xmm9 = Context->Xmm9;
1128     *ContextPointers.Xmm10 = Context->Xmm10;
1129     *ContextPointers.Xmm11 = Context->Xmm11;
1130     *ContextPointers.Xmm12 = Context->Xmm12;
1131     *ContextPointers.Xmm13 = Context->Xmm13;
1132     *ContextPointers.Xmm14 = Context->Xmm14;
1133     *ContextPointers.Xmm15 = Context->Xmm15;
1134 }
1135