[Bug 10273] satisfy SafeDisc 2.x heuristic API analyzer by "adjusting" API exports/entry statistics of wine builtins
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Nov 1 20:03:42 CDT 2007
http://bugs.winehq.org/show_bug.cgi?id=10273
--- Comment #3 from Anastasius Focht <focht at gmx.net> 2007-11-01 20:03:41 ---
Hello,
--- quote ---
I don't know if this is related, but Ivan Leo talked about some hook testing
done by safedisk 2. Appart of other things, it checks if all CALLs have a RET.
It started at the exported functions, but eventually dived into Linux
libraries. GCC generated code which broke these checks, e.g.
...
Could this be the statistical heuristic you see?
--- quote ---
Well Micro$oft compilers seem to generate such code sequences on occasion too
but probably not many to have such significance.
The tests for hooked/detoured code (jump trampolines) are likely part of that
"behavioral analysis".
They probably used some sort of disassembler/tracer.
But this is probably only a part of that analysis. I experimented with various
opcode sequences, covering standard entry code but even a large number of them
had no real significance (> of all gcc generated entries).
--- quote ---
The patch does seem to help at least one other app get further.
--- quote ---
I am missing the application name ;-)
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list