SNOOP: How to find out if an DLL entry is a DATA reference?

Uwe Bonnes bon at
Mon Aug 13 14:54:19 CDT 2001


e.g. with the MFC libraries the snoop option crashes quite often, while
without snoop the programm proceeds some more. Digging deeper for the crash in
msdev.exe, I saw that a library has exported DATA entries mixed into the
codesegment. Our snoop loader only checks for DATA entries in the PE DATA
section and so happyly overwrites data. It seems that most exported DATA
entries have a decorated name ending in @A or @B and by handling entries with
that ending as DATA, the crash with msdev.exe happens at the same place with
or without snoop.

Appended patch does this hacky search for DATA entries.

However I like to ask if there are other methods of distinguishing DATA and
function references? Could the PE loader perhaps know? Or can we perhaps
protect our snoop entries from being read as data and catch those exceptions?
Any other idea? 


	relay32/snoop.c: SNOOP_GetProcAddress
	Don't snoop on names ending in "@A" and "@B", they
	seem to be DATA entries.
Uwe Bonnes                bon at

Free Software: If you contribute nothing, expect nothing
Index: wine/relay32/snoop.c
RCS file: /home/wine/wine/relay32/snoop.c,v
retrieving revision 1.45
diff -u -r1.45 snoop.c
--- wine/relay32/snoop.c	24 Jul 2001 21:45:24 -0000	1.45
+++ wine/relay32/snoop.c	13 Aug 2001 19:51:42 -0000
@@ -158,7 +158,7 @@
 SNOOP_GetProcAddress(HMODULE hmod,LPCSTR name,DWORD ordinal,FARPROC origfun) {
 	SNOOP_DLL			*dll = firstdll;
 	SNOOP_FUN			*fun;
-	int				j;
+	int				j,len;
 	if (!TRACE_ON(snoop)) return origfun;
@@ -182,7 +182,14 @@
 		!(pe_seg[j].Characteristics & IMAGE_SCN_CNT_CODE)
 		return origfun;
+	/* some heuristic to filter out DATA objects 
+	   decorated names end like "@A" and "@B" and some more */
+	len=strlen(name);
+	if ((name [len-2] == '@') && ((name[len-1] == 'A') || (name[len-1] == 'B')))
+	  {
+	    return origfun;
+	  }
 	while (dll) {
 		if (hmod == dll->hmod)

More information about the wine-devel mailing list