+static int resolve_origin(int i, const struct parsed_opr *opr,
+ int magic, int *op_i, int *is_caller);
+
+static void eliminate_seh_writes(int opcnt)
+{
+ const struct parsed_opr *opr;
+ char ofs_reg[16];
+ int offset;
+ int i;
+
+ // assume all sf writes above g_seh_size to be seh related
+ // (probably unsafe but oh well)
+ for (i = 0; i < opcnt; i++) {
+ if (ops[i].op != OP_MOV)
+ continue;
+ opr = &ops[i].operand[0];
+ if (opr->type != OPT_REGMEM)
+ continue;
+ if (!is_stack_access(&ops[i], opr))
+ continue;
+
+ offset = 0;
+ parse_stack_access(&ops[i], opr->name, ofs_reg, &offset,
+ NULL, NULL, 0);
+ if (offset < 0 && offset >= -g_seh_size)
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ }
+}
+
+static void eliminate_seh(int opcnt)
+{
+ int i, j, k, ret;
+
+ for (i = 0; i < opcnt; i++) {
+ if (ops[i].op != OP_MOV)
+ continue;
+ if (ops[i].operand[0].segment != SEG_FS)
+ continue;
+ if (!IS(opr_name(&ops[i], 0), "0"))
+ continue;
+
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ if (ops[i].operand[1].reg == xSP) {
+ for (j = i - 1; j >= 0; j--) {
+ if (ops[j].op != OP_PUSH)
+ continue;
+ ops[j].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ g_seh_size += 4;
+ if (ops[j].operand[0].val == ~0)
+ break;
+ if (ops[j].operand[0].type == OPT_REG) {
+ k = -1;
+ ret = resolve_origin(j, &ops[j].operand[0],
+ j + opcnt * 22, &k, NULL);
+ if (ret == 1)
+ ops[k].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ }
+ }
+ if (j < 0)
+ ferr(ops, "missing seh terminator\n");
+ }
+ else {
+ k = -1;
+ ret = resolve_origin(i, &ops[i].operand[1],
+ i + opcnt * 23, &k, NULL);
+ if (ret == 1)
+ ops[k].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ }
+ }
+
+ eliminate_seh_writes(opcnt);
+}
+
+static void eliminate_seh_calls(int opcnt)
+{
+ int epilog_found = 0;
+ int i;
+
+ g_bp_frame = 1;
+ g_seh_size = 0x10;
+
+ i = 0;
+ ferr_assert(&ops[i], ops[i].op == OP_PUSH
+ && ops[i].operand[0].type == OPT_CONST);
+ g_stack_fsz = g_seh_size + ops[i].operand[0].val;
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+
+ i++;
+ ferr_assert(&ops[i], ops[i].op == OP_PUSH
+ && ops[i].operand[0].type == OPT_OFFSET);
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+
+ i++;
+ ferr_assert(&ops[i], ops[i].op == OP_CALL
+ && IS(opr_name(&ops[i], 0), "__SEH_prolog"));
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+
+ for (i++; i < opcnt; i++) {
+ if (ops[i].op != OP_CALL)
+ continue;
+ if (!IS(opr_name(&ops[i], 0), "__SEH_epilog"))
+ continue;
+
+ ops[i].flags |= OPF_RMD | OPF_DONE | OPF_NOREGS;
+ epilog_found = 1;
+ }
+ ferr_assert(ops, epilog_found);
+
+ eliminate_seh_writes(opcnt);
+}
+
+static int scan_prologue(int i, int opcnt, int *ecx_push, int *esp_sub)