[Wine] Re: WineLib app error

hellork wineforum-user at winehq.org
Fri Apr 2 03:38:11 CDT 2010 

I've heard that LD_PRELOAD doesn't work with wine, but after reading the man page for dlopen() it started working for me, although I'm not sure why. :)

As a test, I'll use the simple password challenge from  http://neworder.box.sk/newsread.php?newsid=13857

To make things more readable for my tired eyes, I'll use the C code "pythonizer" from http://thenerdshow.com/pysces.html 
Code:
/*
 * pass.p.c password challenge
 */
#include <stdio.h>
#include <string.h>

int main  int argc, char **argv
    char passwd[] = "wine"
    if  argc < 2
        printf  "usage: %s <password>\n", argv[0]
        return 0
    if  !strcmp(passwd, argv[1])
        printf  "PASS\n"
        return 1
    printf  "FAIL\n"
    return 0




Code:
#hijack.spec
@ stdcall strcmp(str str)




Code:
/* 
 * hijack.p.c ALL YOUR STRING ARE BELONG TO US!
 */
#include <stdio.h>
#include <string.h>
#include <limits.h>
int strcmp  const char *s1, const char *s2
/* The if statement suppresses a lot of output for this test */
/* Remove it and see how often Wine uses this function! */
    if  !strncmp(s1,"wine",5)
        printf  "S1 = '%s'\n", s1
        printf  "S2 = '%s'\n", s2
    return strncmp  s1,s2,UINT_MAX



Compiling for both Winelib and Linux
 (-m32 produces 32 bit binaries on 64 bit linux):
Code:
pycc gcc pass.p.c -o pass -m32
pycc gcc -fPIC -shared -m32 hijack.p.c -o hijack.so
pycc winegcc pass.p.c -o pass -m32
pycc winegcc -fPIC -shared -m32 hijack.p.c -o hijack.dll.so hijack.spec


And testing...
Code:
wine pass.exe.so
usage: pass.exe.so <password>
./pass huh???
FAIL

Notice that there is no difference between hijack.so and hijack.dll.so. Both behave like and are loaded like Linux shared objects because they are Linux shared objects! As far as ld is concerned, they are interchangeable! The only apparent difference is the "Winelib" shared object compiled with winegcc is 75K in size...
So what's so special about the Winelib shared object? Somebody help me out here. I'm guessing it has extra code so wine can treat it like a regular windows DLL within the wine environment.

Code:
# Preloading Wine shared object with wine binary
LD_PRELOAD=$(pwd)/hijack.dll.so wine pass.exe.so wrongpassword
S1 = 'wine'
S2 = 'wrongpassword'
FAIL
# Preloading Linux shared object works with wine binary!
LD_PRELOAD=$(pwd)/hijack.so wine pass.exe.so wrongpassword
S1 = 'wine'
S2 = 'wrongpassword'
FAIL


Since we hijacked strcmp to tell us the password, we can now gain entry.
Code:
./pass wine
PASS

More information about the wine-users mailing list