From aa3bb00f946ecdb89008c07760098089b09f8bca Mon Sep 17 00:00:00 2001
From: Drahflow <drahflow@gmx.de>
Date: Sat, 20 Jun 2015 21:38:52 +0200
Subject: Correctly parse patched FUNCTIONCREATEs

---
 elymas/lib/sys/opt.ey | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/elymas/lib/sys/opt.ey b/elymas/lib/sys/opt.ey
index d24d111..ef5cdd4 100644
--- a/elymas/lib/sys/opt.ey
+++ b/elymas/lib/sys/opt.ey
@@ -147,6 +147,13 @@
     %48 16 /rdi :cmpbImmMemDisp8
   ] ==:customFunctionObjectCreationHeaderPattern
 
+  [
+    8 /r15 :subqImm8Reg
+    /r15 :popqMem
+    0 /rdi :movqImmReg
+    0 :jmpRel8
+  ] ==:customFunctionObjectCreationHeaderPatternPatched
+
   [
     8 /r15 :subqImm8Reg
     /r15 :popqMem
@@ -1832,7 +1839,6 @@
             canRewrite {
               arrayStart i range { ==j [ NOP ] j logic =[] } each
               [ RAWCONSTCONDSTHISSCOPE collectedFunctions ] i logic =[]
-              /RAWCONSTCONDSTHISSCOPE dump
             }' rep
           }
         ] conds
@@ -2240,6 +2246,13 @@
               functionBody ::rawObject protectReference
             }
 
+            { customFunctionObjectCreationHeaderPatternPatched callTargetMatch }' {
+              [ calledAddress 9 add _ 8 add range peek each ] 256 math .unbase ==functionBody # function code object address
+
+              [ FUNCTIONCREATE calledAddress functionBody ] emitLogic
+              functionBody ::rawObject protectReference
+            }
+
             { customFunctionHeaderPattern callTargetMatch }' {
               [ CALL calledAddress ] emitLogic
             }
@@ -2820,7 +2833,7 @@
         }
 
         { action RAWCONSTCONDSTHISSCOPE eq }' {
-          1 entry _ dump ==functions
+          1 entry ==functions
 
           { =*function
             [
-- 
cgit v1.2.3