[Bug 37585] 64-bit Chromium browser engine with native API sandboxing/hooking scheme fails if 64-bit ntdll.dll.so is not mapped at desired fixed address (Google Chrome 38+ crashes)

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=37585

--- Comment #12 from Anastasius Focht <focht at gmx.net> ---
Hello Erich,

--- quote ---
It looks like chrome is expecting the 64-bit ntdll to be mapped into the
address space of the 32-bit app
--- quote ---

MSDN details:
https://msdn.microsoft.com/en-us/library/aa384274%28v=vs.85%29.aspx

--- quote ---
The WOW64 emulator runs in user mode. It provides an interface between the
32-bit version of Ntdll.dll and the kernel of the processor, and it intercepts
kernel calls. The WOW64 emulator consists of the following DLLs:

* Wow64.dll provides the core emulation infrastructure and the thunks for the
Ntoskrnl.exe entry-point functions.
* Wow64Win.dll provides thunks for the Win32k.sys entry-point functions.
* Wow64Cpu.dll is an interface library that abstracts characteristics of the
host processor.
...

These DLLs, along with the 64-bit version of Ntdll.dll, are the only 64-bit
binaries that can be loaded into a 32-bit process.

At startup, Wow64.dll loads the x86 version of Ntdll.dll and runs its
initialization code, which loads all necessary 32-bit DLLs. Almost all 32-bit
DLLs are unmodified copies of 32-bit Windows binaries. However, some of these
DLLs are written to behave differently on WOW64 than they do on 32-bit Windows,
usually because they share memory with 64-bit system components. All user-mode
address space above the 32-bit limit is reserved by the system. For more
information, see Performance and Memory Consumption under WOW64.

Instead of using the x86 system-service call sequence, 32-bit binaries that
make system calls are rebuilt to use a custom calling sequence. This calling
sequence is inexpensive for WOW64 to intercept because it remains entirely in
user mode. When the custom calling sequence is detected, the WOW64 CPU
transitions back to native 64-bit mode and calls into Wow64.dll. Thunking is
done in user mode to reduce the impact on the 64-bit kernel and to reduce the
risk of a bug in the thunk that might cause a kernel-mode crash, data
corruption, or a security hole. The thunks extract arguments from the 32-bit
stack, extend them to 64 bits, then make the native system call.
--- quote ---

Reading the Chromium project change history it seems the WoW helper process
mechanism is only supported/implemented for OS <= Windows Vista anyway.

--- quote ---
fixing this is looking like a real mess.
--- quote ---

I tend to say "not worth the damage".
At one point Wine will default to Winver "Windows 7" anyway and the sandboxing
schemes employ different methods then.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.