[Bug 27349] SafeDisc v2.x API entry analyzer flags Wine's user32.dll as "bad" (too many exports with PIC loads in prolog code) (SimCity 4, IL-2 FB, NFSU)

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Jul 11 16:36:26 CDT 2011 

http://bugs.winehq.org/show_bug.cgi?id=27349

--- Comment #14 from Anastasius Focht <focht at gmx.net> 2011-07-11 16:36:25 CDT ---
Hello,

--- quote ---
the attached patch might work if used for more functions, the question is if
it's clean enough.
--- quote ---

well I used the clever hint from Morten Welinder
(http://bugs.winehq.org/show_bug.cgi?id=10273#c35) to modify user32 makefile
rule, force NOP-padding where needed:

Examples:

--- snip ---
user32.WaitForInputIdle:
6878869A     89E5            MOV EBP,ESP
6878869C     53              PUSH EBX
6878869D     81EC E4000000   SUB ESP,0E4
687886A3     90              NOP
687886A4     90              NOP
687886A5     90              NOP
687886A6     90              NOP
687886A7     E8 8B10F9FF     CALL 68719737
687886AC     81C3 48590600   ADD EBX,65948
...
--- snip ---

--- snip ---
user32.SetKeyboardState:
6875F2E0     55              PUSH EBP
6875F2E1     89E5            MOV EBP,ESP
6875F2E3     56              PUSH ESI
6875F2E4     53              PUSH EBX
6875F2E5     81EC B0000000   SUB ESP,0B0
6875F2EB     90              NOP
6875F2EC     90              NOP
6875F2ED     90              NOP
6875F2EE     E8 44A4FBFF     CALL 68719737
6875F2F3     81C3 01ED0800   ADD EBX,8ED01
...
--- snip ---

Already hotpatch entry, remainder filled up with NOP:

--- snip ---
user32.GetKeyboardState:
6875F176     8BFF            MOV EDI,EDI
6875F178     55              PUSH EBP
6875F179     8BEC            MOV EBP,ESP
6875F17B     56              PUSH ESI
6875F17C     53              PUSH EBX
6875F17D     81EC C0000000   SUB ESP,0C0
6875F183     90              NOP
6875F184     90              NOP
6875F185     E8 ADA5FBFF     CALL 68719737
6875F18A     81C3 6AEE0800   ADD EBX,8EE6A
...
--- snip ---

--- quote ---
btw. you said safedisc checks the first 8 instructions, so i inserted 8 nops,
but why do we use 9 nops in winebuild for stubs?
--- quote ---

After having some drinks (I'm still investigating bug 27162 in my spare time) I
came up with the following theory:

I already posted a snippet for 8 NOP sequence in bug 10273 - though only for
relay thunks (stats gathering).
I first intended to use 8 LOLs for illustration but somehow forgot about it.
Later I realized my mistake - but it was too late.
Now it would be difficult to reuse this ingenious sequence - which took many
hours to develop - elsewhere (originating author).
You know the rules... Don't talk about the club ... err, that was something
different ;-)

AJ gave it a thought and came up with a solution: creating stub entry points
with 9 NOPs gives a whole new meaning.
More space is used in the resulting binary, the compile time increases, the
entropy is different, the shape of the space-time continuum is bent and
distorted even more by the mere presence of this additional NOP ... did I
forgot something?

Oh well I forgot ... you wanted new user32 stats with the padding ... here you
go:

    kernel32   user32      gdi32       condition (cx < threshold)
--------------------------------------------------------------------
c1:  0x44       0x03        0x50        0x5F
c2:  0x2B       0x00        0x39        0x3C
c3:  0x00       0x00        0x00        0x5A

Lovely, isn't it? ;-)

$ wine --version
wine-1.3.24-42-g4ebbd0e

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list