Windows stack limit checking retrospective: x86-32 also known as i386
a day ago
- #x86-32
- #stack
- #assembly
- The Windows stack limit checker on x86-32 (i386) has been revised.
- The new version of _chkstk avoids desynchronizing the return address predictor by copying the caller’s address to the top of the stack and performing a 'ret'.
- The code over-allocates the stack by 4 bytes to compensate for the 'ret' instruction.
- This version remains a drop-in replacement for the old chkstk function, ensuring compatibility with existing code.
- The function's calling convention is incompatible with shadow stacks (Intel's CET) due to its unconventional return method.
- The label 'cs20' should be renamed to 'probe' for clarity.