[Bug 44658] Multiple Win7+ APIset lookup/resolver tools need 'ApiSetMap' field in PEB (ApiSetView, Dependencies)
WineHQ Bugzilla
wine-bugs at winehq.org
Mon May 4 17:56:03 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=44658
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |download
URL| |https://github.com/zodiacon
| |/ApiSetView/releases/downlo
| |ad/v0.8/ApiSetView.exe
Summary|Custom Win7+ APIset |Multiple Win7+ APIset
|lookup/resolver tool relies |lookup/resolver tools need
|on presence of 'ApiSetMap' |'ApiSetMap' field in PEB
|field in PEB |(ApiSetView, Dependencies)
--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
revisiting. I've found a couple of projects on Github making use of 'ApiSetMap'
field in PEB.
https://github.com/lucasg/Dependencies ("Dependencies - An open-source modern
Dependency Walker") -> .NET 4.0
https://github.com/zodiacon/ApiSetView ("Api Set Viewer")
https://github.com/zodiacon/ApiSetView/releases/download/v0.8/ApiSetView.exe
--- snip ---
$ WINEDEBUG=+seh,+relay wine ./ApiSetView.exe >>log.txt 2>&1
...
00b4:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4031f1 ip=004031f1
tid=00b4
00b4:trace:seh:raise_exception info[0]=00000000
00b4:trace:seh:raise_exception info[1]=00000010
00b4:trace:seh:raise_exception eax=00000000 ebx=7e840e68 ecx=0031fafc
edx=0031fafc esi=0031fb10 edi=00000000
00b4:trace:seh:raise_exception ebp=0031f9cc esp=0031f96c cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
00b4:trace:seh:call_stack_handlers calling handler at 0x46a853 code=c0000005
flags=0
...
wine: Unhandled page fault on read access to 00000010 at address 004031F1
(thread 00b4), starting debugger...
--- snip ---
Disassembly of crash site:
--- snip ---
004031B0 | push ebp |
004031B1 | mov ebp,esp |
004031B3 | push FFFFFFFF |
004031B5 | push apisetview.46A853 |
004031BA | mov eax,dword ptr fs:[0] |
004031C0 | push eax |
004031C1 | sub esp,44 |
004031C4 | push ebx |
004031C5 | push esi |
004031C6 | push edi |
004031C7 | mov eax,dword ptr ds:[47B320] |
004031CC | xor eax,ebp |
004031CE | push eax |
004031CF | lea eax,dword ptr ss:[ebp-C] |
004031D2 | mov dword ptr fs:[0],eax |
004031D8 | mov edx,ecx |
004031DA | mov dword ptr ss:[ebp-28],edx |
004031DD | mov eax,dword ptr fs:[18] |
004031E3 | mov eax,dword ptr ds:[eax+30] | PEB
004031E6 | mov edi,dword ptr ds:[eax+38] | PEB->ApiSetMap
004031E9 | mov eax,dword ptr ds:[edx+8] |
004031EC | sub eax,dword ptr ds:[edx] |
004031EE | sar eax,5 |
004031F1 | mov ebx,dword ptr ds:[edi+10] | *boom*
...
--- snip ---
Corresponding source code:
https://github.com/zodiacon/ApiSetView/blob/master/ApiSetView/ApiSets.cpp#L59
--- snip ---
void ApiSets::Build() {
auto peb = NtCurrentTeb()->ProcessEnvironmentBlock;
auto apiSetMap = static_cast<PAPI_SET_NAMESPACE>(peb->Reserved9[0]);
auto apiSetMapAsNumber = reinterpret_cast<ULONG_PTR>(apiSetMap);
auto nsEntry =
reinterpret_cast<PAPI_SET_NAMESPACE_ENTRY>((apiSetMap->EntryOffset +
apiSetMapAsNumber));
_entries.reserve(apiSetMap->Count);
for (ULONG i = 0; i < apiSetMap->Count; i++) {
ApiSetEntry entry;
entry.Name = CString(reinterpret_cast<PWCHAR>(apiSetMapAsNumber +
nsEntry->NameOffset), static_cast<int>(nsEntry->NameLength / sizeof(WCHAR)));
entry.Sealed = (nsEntry->Flags & API_SET_SCHEMA_ENTRY_FLAGS_SEALED) !=
0;
auto valueEntry =
reinterpret_cast<PAPI_SET_VALUE_ENTRY>(apiSetMapAsNumber +
nsEntry->ValueOffset);
for (ULONG j = 0; j < nsEntry->ValueCount; j++) {
CString value(reinterpret_cast<PWCHAR>(apiSetMapAsNumber +
valueEntry->ValueOffset), valueEntry->ValueLength / sizeof(WCHAR));
entry.Values.push_back(value);
if (valueEntry->NameLength != 0) {
CString alias(reinterpret_cast<PWCHAR>(apiSetMapAsNumber +
valueEntry->NameOffset), valueEntry->NameLength / sizeof(WCHAR));
entry.Aliases.push_back(alias);
}
valueEntry++;
}
nsEntry++;
_entries.push_back(entry);
}
}
--- snip ---
$ sha1sum ApiSetView.exe
9cc5f8d2c3008ee956fa1a2ea24f39eed8cc4b73 ApiSetView.exe
$ du -sh ApiSetView.exe
620K ApiSetView.exe
$ sha1sum Dependencies_x86_Release.zip
b8ab5292100e11e009acf9289d27478c6b9413ac Dependencies_x86_Release.zip
$ du -sh Dependencies_x86_Release.zip
3.9M Dependencies_x86_Release.zip
$ wine --version
wine-5.7-209-g4e2ad334b5
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list