debugging longman dictionary

Eric Pouech eric.pouech at
Mon Mar 25 14:44:53 CST 2002

> 1 - NtQueryInformationProcess is a stub, except when called with
> ProcessInformationClass set to ProcessDebugPort, which is exactly what the
> copy protection does :-), so this is not really a problem. BTW, I found this
> link on the MSDN website while searching for some doc about
> NtQueryInformationProcess
> Files/ntdll_cpp.asp
hmm I think NtQueryInformationProcess should set the length of the
data (4 for a DWORD)

> Unfortunately the server returns an error, but it might be worth
> investigating :-)
> 2 - int 0x01 is called from within a try{} block (if I read the assembly code
> correctly), and the copy protection code seems to be looking for a side
> effect: the debugger detection returns false (no debugger present) if some
> memory location (0x00435b90), which has been initialized with the value -1,
> contains 0xc0000005 upon completion of int 0x01. Does this ring a bell to
> someone ?
sounds like the code that has been caught in the exception handler

> 3 - fixme:win32:DEVICE_Open Unknown/unsupported VxD Secdrv. Try --winver nt40
> or win31 !
> I haven't been ablt to find any Secdrv.vxd, but there's a secdrv.sys on the
> CD... Should I disassembly it and add the code to wine ? :-)
of course not ;-)
perhaps in that case (true in step 2) it tries to look for further
wrt debuggers


More information about the wine-devel mailing list