Correction: We shouldn't eliminate the
patched_LdrLoadDll could be called from different places.
Note about calculating the # of frames to skip. First, the theoretical real stack trace at this site (with 0 skip frames) is:
Our current code skips 1 frame, and with this we are seeing:
It seems the optimizer is eliminating one stack frame, likely the static call to
OnAfterModuleLoad. On my local builds this frame is not optimized out.
Ideally we could search the stack for
patched_LdrLoadDll, but the address in the stack trace doesn't point to the top of the function, so there's no reliable way to know which stack frame actually points to that function without something fuzzy like searching the first
N frames for the closest address to
Another idea is to determine the return address within
OnAfterModuleLoad (not sure if compilers support this). I'll have to dig into this.
I'm going to do more research and get back with a solution on this.