[Bug 48817] New: Module_InitDLL fails if LDR_MODULE.Flags was modified

[WineHQ Bugzilla]

https://bugs.winehq.org/show_bug.cgi?id=48817

            Bug ID: 48817
           Summary: Module_InitDLL fails if LDR_MODULE.Flags was modified
           Product: Wine
           Version: 5.4
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ntdll
          Assignee: wine-bugs at winehq.org
          Reporter: qsniyg at mail.com
      Distribution: ---

I've created a test case here: https://github.com/qsniyg/wine_dll_load_test. I
would have made a patch to add this in wine's test suite, but it's rather
complex (requiring multiple DLLs), so I'm not sure how to do this.

dll1.dll depends on dll2.dll, which therefore will have its DllMain run before
dll1's. dll2.dll looks for dll1's LDR_MODULE, then blanks out the Flags
attribute, alongside a few others.

Since MODULE_InitDLL reads the flags from dll1's now-modified LDR_MODULE, it
fails to find the LDR_IMAGE_IS_DLL flag, which prevents dll1's DllMain from
being run.

The test case runs fine under Windows 10, but not under wine.

This is used by certain code protection systems in order to confuse debuggers.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.