[1/3] ntdll: Mimic Windows behaviour when calling debug service.
Sebastian Lackner
sebastian at fds-team.de
Thu Feb 18 02:58:13 CST 2016
Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---
This behaviour is well-documented and used for various anti-debugging tricks.
I would propose, if we want to be compatible with Windows, then fully, not just for one game.
Trap exceptions are handled separately and should not be affected by this code.
dlls/ntdll/signal_i386.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/dlls/ntdll/signal_i386.c b/dlls/ntdll/signal_i386.c
index 10235fe..5708aae 100644
--- a/dlls/ntdll/signal_i386.c
+++ b/dlls/ntdll/signal_i386.c
@@ -1940,6 +1940,21 @@ static void WINAPI raise_segv_exception( EXCEPTION_RECORD *rec, CONTEXT *context
goto done;
}
break;
+ case EXCEPTION_BREAKPOINT:
+ if (!is_wow64)
+ {
+ /* On Wow64, the upper DWORD of Rax contains garbage, and the debug
+ * service is usually not recognized when called from usermode. */
+ switch (rec->ExceptionInformation[0])
+ {
+ case 1: /* BREAKPOINT_PRINT */
+ case 3: /* BREAKPOINT_LOAD_SYMBOLS */
+ case 4: /* BREAKPOINT_UNLOAD_SYMBOLS */
+ case 5: /* BREAKPOINT_COMMAND_STRING (>= Win2003) */
+ goto done;
+ }
+ }
+ break;
}
status = NtRaiseException( rec, context, TRUE );
raise_status( status, rec );
--
2.7.1
More information about the wine-patches
mailing list