KiServiceLimit .eq. 1BF
понедельник, 22 июня 2015 г.
четверг, 11 июня 2015 г.
is vtguard slow ?
Saw some strange code in fresh mshtml.dll (version 11.00.9600.17842) after jun 2015 security update:
.text:635F4700 ?ReleaseInterface@@YGXPAUIUnknown@@@Z proc near
.text:635F4700 mov edi, edi
.text:635F4702 push esi
.text:635F4703 push edi
.text:635F4704 test ecx, ecx
.text:635F4706 jnz short loc_635F470B
.text:635F4708 loc_635F4708:
.text:635F4708 pop edi
.text:635F4709 pop esi
.text:635F470A retn
.text:635F470B loc_635F470B:
.text:635F470B mov eax, [ecx]
.text:635F470D mov edi, [eax+8]
.text:635F4710 cmp edi, offset ?PrivateRelease@CElement@@UAGKXZ ; CElement::PrivateRelease(void)
.text:635F4716 jz loc_6362BE29
.text:635F471C cmp edi, offset ?PlainRelease@@YGKPAUTEAROFF_THUNK@@@Z ; PlainRelease(TEAROFF_THUNK *)
.text:635F4722 jz loc_6362B928
.text:635F4728 mov esi, esp
.text:635F472A push ecx
.text:635F472B mov ecx, edi
.text:635F472D call ds:___guard_check_icall_fptr
.text:635F4733 call edi
.text:635F4735 cmp esi, esp
.text:635F4737 jz short loc_635F4708
.text:635F4739 jmp loc_63CA3FDD
.text:635F4739 ?ReleaseInterface@@YGXPAUIUnknown@@@Z endp
.text:6362BE29 loc_6362BE29:
.text:6362BE29 push ecx
.text:6362BE2A call ?PrivateRelease@CElement@@UAGKXZ ; CElement::PrivateRelease(void)
.text:6362BE2F jmp loc_635F4708
.text:6362B928 loc_6362B928:
.text:6362B928 push ecx ; struct TEAROFF_THUNK *
.text:6362B929 call ?PlainRelease@@YGKPAUTEAROFF_THUNK@@@Z ; PlainRelease(TEAROFF_THUNK *)
.text:6362B92E jmp loc_635F4708
It seems that compiler added checking for some (most frequently called) methods and calls them directly with no vtguard. I wonder why may be needed such optimization ?