[Bug 44658] New: Custom Win7+ APIset lookup/ resolver tool relies on presence of 'ApiSetMap' field in PEB
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Mar 4 14:01:14 CST 2018
https://bugs.winehq.org/show_bug.cgi?id=44658
Bug ID: 44658
Summary: Custom Win7+ APIset lookup/resolver tool relies on
presence of 'ApiSetMap' field in PEB
Product: Wine
Version: 3.3
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntdll
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
to track the following Wine-Staging patchset just for the memes ;-)
https://github.com/wine-staging/wine-staging/tree/master/patches/ntdll-ApiSetMap
Tracing the origin to Wine-Staging issue tracker:
https://dev.wine-staging.com/patches/91/
--- quote ---
I found an application which tries to enumerate the loaded apisets by using the
PEB. This patch adds a dummy struct so that the application does no longer
crash. The definition should match the one for Win 7/8. As usual Microsoft
changed the format in newer windows versions again ;-).
--- quote ---
Ohhhh-kay?
I found some useful information at Geoff Chappell's site:
https://www.geoffchappell.com/studies/windows/win32/apisetschema/index.htm
https://www.geoffchappell.com/studies/windows/win32/ntdll/structs/peb/index.htm
Nice illustration:
https://www.cylance.com/en_us/blog/universal-unhooking-blinding-security-software.html
(in 'API Set Schema' section)
An example application which makes use of this (source only):
https://gist.github.com/lucasg/9aa464b95b4b7344cb0cddbdb4214b25#file-apisetlookup-c
It also has a small test suite.
$ wine --version
wine-3.3
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list