Brutkey

Petr TesaΕ™Γ­k
@ptesarik@infosec.exchange

@amonakov@mastodon.gamedev.place Oh, and yes, I do see a lot of hits in its_return_thunk:

Samples β”‚        ffffffff81d940e0 :
        β”‚        .skip 32, 0xcc
        β”‚        SYM_CODE_START(its_return_thunk)
        β”‚        UNWIND_HINT_FUNC
        β”‚        ANNOTATE_NOENDBR
        β”‚        ANNOTATE_UNRET_SAFE
        β”‚        ret
   6088 β”‚ffffffff81d940e0: ← ret
        β”‚        int3
        β”‚ffffffff81d940e1:   int3

Alexander Monakov
@amonakov@mastodon.gamedev.place

@ptesarik@infosec.exchange ah, this its_return_thunk is new, it doesn't desync the return address prediction stack!

Petr TesaΕ™Γ­k
@ptesarik@infosec.exchange

@amonakov@mastodon.gamedev.place Oh, right, I thought I made it clear that this is a jmp to a ret, nothing more.