[Bug 12859] HideThreadFromDebugger in NtSetInformationThread
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Dec 11 15:22:58 CST 2008
http://bugs.winehq.org/show_bug.cgi?id=12859
--- Comment #6 from Anastasius Focht <focht at gmx.net> 2008-12-11 15:22:58 ---
Hello,
--- quote ---
Is this still an issue in current (1.1.7 or newer) wine?
--- quote ---
Obviously yes.
I just remembered a problem/bug where having such facility could be useful -
but not as the bug reporter initially intended (common anti-debugging
technique).
In bug 14697, I described a situation where a debugger implicitly triggered an
APC (by using VirtualQueryEx) which failed invocation on remote process because
all of the debuggee's threads were suspended in non alertable state due to
pending (dll load) debug event and the debugger got stuck in synchronous wait
on that APC to complete in its debug event handling loop.
A possible use case would be to create a special remote helper thread for
carrying out certain APCs and hiding it from debugger, not relying on hijacking
any debuggee threads to serve the APCs (like in comment #4 where I cited the
blog entry)
But for the original bug reporter the question still remains: is there a
commercial app which relies on this "feature"?
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list