jan/rrt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ground acquisition loader tuple owner field

Browse source
This commit is contained in:
Jan Petykiewicz 2026-04-18 22:46:09 -07:00
commit b937654ffa
2 changed files with 43 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/rehost-queue.md
View file

@ -123,9 +123,13 @@ Working rule:
copied name bytes, `[site+0x276]`, `[site+0x3d4/+0x3d5]`, and cleared local caches, and the
shared finalize helper `0x0040ef10` has both create-side callers `0x00403ef3 / 0x00404489`
and data-driven loader callers `0x0046f073 / 0x004707ff`
- one persisted tuple path is grounded too now:
the data-driven loader callers `0x0046f073 / 0x004707ff` push tuple fields
`[+0x00/+0x04/+0x0c]` into `0x0040ef10`, and inside that helper arg3 becomes `ebx` and then
`[site+0x276]` at `0x0040f5d4`
- the remaining owner-company question is therefore narrower than “find any replay seam”:
identify which persisted tuple fields and later restore/finalize calls are sufficient to
repopulate `[site+0x276]` for shellless acquisition
identify which persisted source family feeds that tuple and which companion restore/finalize
calls are sufficient to repopulate `[site+0x276]` for shellless acquisition
- the second is narrower in the same way:
the checked-in `0x36b1/0x36b2/0x36b3` triplet seam and the
`0x4a9d/0x4a3a/0x4a3b` side-buffer seam still do not serialize `[site+0x310/+0x338/+0x360]`