Adding protections in map_image

Robert Baruch autophile at starband.net
Fri Dec 14 11:42:16 CST 2001 

Hi all,

Uwe and I have been working on several executables which have been 
compressed by Shrinker. Basically, under win98 it tries to load a VXD 
which is disallowed. The prospects are better under nt40 mode, but it 
looks like Shrinker purposely causes read and write exceptions.

After looking at this for a little over a week, I've found that there 
are two problems which need to be solved.

The first is that the exception handler installed by Shrinker under Wine 
causes another fault and then a spin. Under WinDbg (in W2K/VMWare) the 
exception handler does not cause another fault, and execution continues 
nicely.

The second is that WinDbg finds a write fault where Wine does not. To 
fix this, Wine must set protections on the executable's image map. I 
came up with a patch to do this, and it worked for my Shrinkered exe, 
but not for Uwe's.

Uwe's exe loads MSVCRT20.DLL, and then Wine calls PE_fixup_imports, 
which attempts to write to that DLL's .idata section, which had been set 
read-only. Clearly Wine needs to write to that section to set up imports 
which haven't been implemented.

Now, my patch put the protections on the mapped image right at the end 
of map_image. This works when map_image is called (eventually) from 
PROCESS_InitWine, so that the initial executable gets its protections 
set right.

However, it doesn't work for PE_LoadLibraryExA (called by 
LoadLibraryExA) because it first checks to see if the library has 
already been loaded. If it has been loaded, it calls PE_fixup_imports. 
If it has not been loaded, it calls (eventually) map_image.

So if the library has already been loaded, it has already had its 
protections set up by map_image at some point in the past. Then when 
PE_fixup_imports is called, a protection violation occurs.

My current idea is to go into PE_fixup_imports, unprotect the .idata 
section, do the fixups, and reprotect the section.

The bad thing is that if someone else in the future writes some code 
that does additional fixups to other sections, they are also going to 
have to unprotect and reprotect. This might turn out to be a good thing, 
though, if it forces you to do that.

What does everyone think?

Thanks,

--Rob

More information about the wine-devel mailing list