I think this is caused by bug 1642626. After that change, our detour applies a hook onto `KERNELBASE!CloseHandle`, where `JAE rel16` is not supported. No problem on Win10 because `KERNELBASE!CloseHandle` on Win10 uses `JAE rel8` which is supported. ``` KERNEL32!CloseHandle: 00007ffc`07671270 ff25ca311200 jmp qword ptr [KERNEL32!_imp_CloseHandle (00007ffc`07794440)] --> KERNELBASE!CloseHandle KERNELBASE!CloseHandle: 00007ffc`04ac14c0 fff3 push rbx 00007ffc`04ac14c2 4883ec20 sub rsp,20h 00007ffc`04ac14c6 488bd9 mov rbx,rcx 00007ffc`04ac14c9 83f9f4 cmp ecx,0FFFFFFF4h 00007ffc`04ac14cc 0f83b93a0000 jae KERNELBASE!CloseHandle+0x35 (00007ffc`04ac4f8b) <<<< 00007ffc`04ac14d2 488bcb mov rcx,rbx ```
Bug 1655680 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I think this is caused by bug 1642626. After that change, our detour applies a hook onto `KERNELBASE!CloseHandle`, where `JAE rel32` is not supported. No problem on Win10 because `KERNELBASE!CloseHandle` on Win10 uses `JAE rel8` which is supported. ``` KERNEL32!CloseHandle: 00007ffc`07671270 ff25ca311200 jmp qword ptr [KERNEL32!_imp_CloseHandle (00007ffc`07794440)] --> KERNELBASE!CloseHandle KERNELBASE!CloseHandle: 00007ffc`04ac14c0 fff3 push rbx 00007ffc`04ac14c2 4883ec20 sub rsp,20h 00007ffc`04ac14c6 488bd9 mov rbx,rcx 00007ffc`04ac14c9 83f9f4 cmp ecx,0FFFFFFF4h 00007ffc`04ac14cc 0f83b93a0000 jae KERNELBASE!CloseHandle+0x35 (00007ffc`04ac4f8b) <<<< 00007ffc`04ac14d2 488bcb mov rcx,rbx ```