[Bug 12859] HideThreadFromDebugger in NtSetInformationThread
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri May 2 04:45:28 CDT 2008
http://bugs.winehq.org/show_bug.cgi?id=12859
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |focht at gmx.net
--- Comment #4 from Anastasius Focht <focht at gmx.net> 2008-05-02 04:45:28 ---
Hello,
this blog entry gives a possible "use case":
http://nsylvain.blogspot.com/2007/08/threadhidefromdebugger-but-why.html
--- quote blog ---
Alex_Ionescu said...
It's actually used by RtlQueryProcessDebugInformation when you're querying
remote information... the routine creates a remote thread and hides it from the
debugger, supposedly to stop the deadlock that would otherwise happen once the
debugger receives the thread start routine.
--- quote blog ---
Sounds plausible.
--- quote ---
This allows programs which employ a common anti-debugging technique under
windows to run under wine.
--- quote ---
I'm curious ... do you have any example apps?
I have yet to see the use of this information class in commercial protections
because it's actually easy to "fix" = pretty useless.
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list