debugger detection in newbin.
Marcus Meissner
meissner at suse.de
Thu Jan 23 03:24:33 CST 2003
On Thu, Jan 23, 2003 at 10:12:32AM +0100, Rein Klazes wrote:
> Hi,
>
> The latest version of newsbin 4.1B5 refuses to run, displaying
> "debugger or monitoring tool detected".
>
> The detection code is very simple, immedeately at the program entry
> point 0x516000 it does (intel syntax):
>
> | Disassembly of 0x00516000
> | 0x51600D: 64A023000000 mov al,fs:[0x23]
> | 0x516013: EB03 jmp 0x516018
> | ;***************************************************
> | 0x516018: 84C0 test al,al
> | 0x51601A: EB03 jmp 0x51601f
> | ;***************************************************
> | 0x51601F: 7567 jnz 0x516088
>
> This jump is taken and leads immedeatly to the messagebox displaying the
> message above.
>
> Any idea's and/or explanation?
Well, we store the thread pid there, see thread.h:
DWORD pid; /* !2- 20 Process id (win95: debug context) */
Try to move the pid somewhere else and mark this field as unused.
Ciao, Marcus
More information about the wine-devel
mailing list