+static int resolve_origin(int i, const struct parsed_opr *opr,
+ int magic, int *op_i, int *is_caller);
+
+static void eliminate_seh_writes(int opcnt)
+{
+ const struct parsed_opr *opr;
+ char ofs_reg[16];
+ int offset;
+ int i;
+
+ // assume all sf writes above g_seh_size to be seh related
+ // (probably unsafe but oh well)
+ for (i = 0; i < opcnt; i++) {
+ if (ops[i].op != OP_MOV)
+ continue;
+ opr = &ops[i].operand[0];
+ if (opr->type != OPT_REGMEM)
+ continue;
+ if (!is_stack_access(&ops[i], opr))
+ continue;
+
+ offset = 0;
+ parse_stack_access(&ops[i], opr->name, ofs_reg, &offset,
+ NULL, NULL, 0);
+ if (offset < 0 && offset >= -g_seh_size)
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ }
+}
+
+static void eliminate_seh(int opcnt)
+{
+ int i, j, k, ret;
+
+ for (i = 0; i < opcnt; i++) {
+ if (ops[i].op != OP_MOV)
+ continue;
+ if (ops[i].operand[0].segment != SEG_FS)
+ continue;
+ if (!IS(opr_name(&ops[i], 0), "0"))
+ continue;
+
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ if (ops[i].operand[1].reg == xSP) {
+ for (j = i - 1; j >= 0; j--) {
+ if (ops[j].op != OP_PUSH)
+ continue;
+ ops[j].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ g_seh_size += 4;
+ if (ops[j].operand[0].val == ~0)
+ break;
+ if (ops[j].operand[0].type == OPT_REG) {
+ k = -1;
+ ret = resolve_origin(j, &ops[j].operand[0],
+ j + opcnt * 22, &k, NULL);
+ if (ret == 1)
+ ops[k].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ }
+ }
+ if (j < 0)
+ ferr(ops, "missing seh terminator\n");
+ }
+ else {
+ k = -1;
+ ret = resolve_origin(i, &ops[i].operand[1],
+ i + opcnt * 23, &k, NULL);
+ if (ret == 1)
+ ops[k].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ }
+ }
+
+ eliminate_seh_writes(opcnt);
+}
+
+static void eliminate_seh_calls(int opcnt)
+{
+ int epilog_found = 0;
+ int i;
+
+ g_bp_frame = 1;
+ g_seh_size = 0x10;
+
+ i = 0;
+ ferr_assert(&ops[i], ops[i].op == OP_PUSH
+ && ops[i].operand[0].type == OPT_CONST);
+ g_stack_fsz = g_seh_size + ops[i].operand[0].val;
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+
+ i++;
+ ferr_assert(&ops[i], ops[i].op == OP_PUSH
+ && ops[i].operand[0].type == OPT_OFFSET);
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+
+ i++;
+ ferr_assert(&ops[i], ops[i].op == OP_CALL
+ && IS(opr_name(&ops[i], 0), "__SEH_prolog"));
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+
+ for (i++; i < opcnt; i++) {
+ if (ops[i].op != OP_CALL)
+ continue;
+ if (!IS(opr_name(&ops[i], 0), "__SEH_epilog"))
+ continue;
+
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ epilog_found = 1;
+ }
+ ferr_assert(ops, epilog_found);
+
+ eliminate_seh_writes(opcnt);
+}
+
+static int scan_prologue(int i, int opcnt, int *ecx_push, int *esp_sub)
+{
+ int j;
+
+ for (; i < opcnt; i++)
+ if (!(ops[i].flags & OPF_DONE))
+ break;
+
+ while (ops[i].op == OP_PUSH && IS(opr_name(&ops[i], 0), "ecx")) {
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ g_stack_fsz += 4;
+ (*ecx_push)++;
+ i++;
+ }
+
+ for (; i < opcnt; i++) {
+ if (i > 0 && g_labels[i] != NULL)
+ break;
+ if (ops[i].op == OP_PUSH || (ops[i].flags & (OPF_JMP|OPF_TAIL)))
+ break;
+ if (ops[i].op == OP_SUB && ops[i].operand[0].reg == xSP
+ && ops[i].operand[1].type == OPT_CONST)
+ {
+ g_stack_fsz += opr_const(&ops[i], 1);
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ i++;
+ *esp_sub = 1;
+ break;
+ }
+ if (ops[i].op == OP_MOV && ops[i].operand[0].reg == xAX
+ && ops[i].operand[1].type == OPT_CONST)
+ {
+ for (j = i + 1; j < opcnt; j++)
+ if (!(ops[j].flags & OPF_DONE))
+ break;
+ if (ops[j].op == OP_CALL
+ && IS(opr_name(&ops[j], 0), "__alloca_probe"))
+ {
+ g_stack_fsz += opr_const(&ops[i], 1);
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ ops[j].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ i = j + 1;
+ *esp_sub = 1;
+ }
+ break;
+ }
+ }
+
+ return i;
+}
+