base addresses of kernel32
jjmckenzie51 at earthlink.net
Sun Jul 4 14:49:24 CDT 2010
Andrey Turkin wrote:
> On Sunday 04 July 2010 22:31:49 Dan Kegel wrote:
>>>> the Makefile has:
>>>> EXTRADLLFLAGS = -Wb,-F,KERNEL32.dll -Wl,--image-base,0x7b800000
>>> Is there a good reason for this? Otherwise, this opens a security
>>> vulnerability in Wine that does not exist in Windows....
>> This is the way Windows worked before Vista.
>> (Does Vista actually randomize where even ntdll is?)
>> BTW our CreateRemoteThread conformance test checks whether
>> the module has been loaded at a different address, and skips if it
> http://www.nynaeve.net/?p=198 has a pretty good explanation why certain DLLs
> must be loaded at same address; one example why Wine should care is to satisfy
> programs injecting code in different processes.
Code injection is considered a vulnerability if 'bad' code cannot be
detected. I don't know if Windows does this or not....
However, if this is displayed functionality with Windows, we should
More information about the wine-devel