[Bug 50077] New: .NET 3.5SP1 installer depends on PEB->Reserved[1] / AtlThunkSListPtr32 being 0 or 1
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Oct 29 13:47:16 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=50077
Bug ID: 50077
Summary: .NET 3.5SP1 installer depends on PEB->Reserved[1] /
AtlThunkSListPtr32 being 0 or 1
Product: Wine
Version: 5.20
Hardware: x86-64
OS: Mac OS X
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ntdll
Assignee: wine-bugs at winehq.org
Reporter: bshanks at codeweavers.com
The .NET 3.5SP1 installer contains the 32-bit SITSetup.dll, which does the
following:
- if IsProcessorFeatureEnabled(PF_NX_ENABLED) is true,
- retrieve PEB[0x34]. In Wine this is currently 'Reserved[1]', Geoff Chappell
documents it as 'AtlThunkSListPtr32'.
- if the value is 0, allocate 8 bytes, zero them, and set PEB[0x34] to point to
it.
if the value is 1, this is coincidentally a flag value used by the code when
DEP/NX is not supported/disabled.
otherwise, the value is assumed to be a valid SLIST_HEADER pointer.
Wine uses PEB->Reserved for the image address, referenced by dbghelp
check_live_target().
In limited testing on Linux (and Windows 10), I found PEB->Reserved[1] was set
to 0, makes sense for a 32-bit EXE.
On macOS (32on64), it was set to 0x1. On certain macOS versions, it was set to
0x2, causing the DLL to execute InterlockedPopEntrySList(2), which crashes.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list