base addresses of kernel32

James McKenzie jjmckenzie51 at earthlink.net
Sun Jul 4 14:49:24 CDT 2010


Andrey Turkin wrote:
> On Sunday 04 July 2010 22:31:49 Dan Kegel wrote:
>   
>>>> the Makefile has:
>>>> EXTRADLLFLAGS = -Wb,-F,KERNEL32.dll -Wl,--image-base,0x7b800000
>>>>         
>>> Is there a good reason for this?  Otherwise, this opens a security
>>> vulnerability in Wine that does not exist in Windows....
>>>       
>> This is the way Windows worked before Vista.
>> (Does Vista actually randomize where even ntdll is?)
>>
>> BTW our CreateRemoteThread conformance test checks whether
>> the module has been loaded at a different address, and skips if it
>> has...
>>     
>
> http://www.nynaeve.net/?p=198 has a pretty good explanation why certain DLLs 
> must be loaded at same address; one example why Wine should care is to satisfy 
> programs injecting code in different processes.
>
>   
Code injection is considered a vulnerability if 'bad' code cannot be 
detected.  I don't know if Windows does this or not....

However, if this is displayed functionality with Windows, we should 
duplicate it....

James McKenzie




More information about the wine-devel mailing list