[PATCH] ntdll: round section parameters on 0x200
Andrey Turkin
pancha at Mail.nnov.ru
Sun Nov 12 11:19:29 CST 2006
Dmitry Timoshkov wrote:
> "Andrey Turkin" <pancha at mail.nnov.ru> wrote:
>
>>>> if (map_file_into_view( view, fd, 0, header_size, 0,
>>>> VPROT_COMMITTED | VPROT_READ,
>>>> - removable ) != STATUS_SUCCESS) goto
>>>> error;
>>>> + TRUE ) != STATUS_SUCCESS) goto error;
>>>
>>> This chunk has nothin to do with the patch description and simply is
>>> wrong.
>>
>> I've hardcoded removevable as TRUE here to force map_file_into_view
>> to read data and not mmap it (because mmap will map whole 4k page).
>> Why is it wrong? Some packers depend on this. As I said in patch
>> description, an alternative would be memset of area beyond header
>> (which would lead to mmap, then COW a page and then memset of almost
>> 4k).
>
> I reread your explanations and I see now that somehow I misinterpreted
> your
> reasoning. What is the file alignment of the problematic PE file? Is
> it 512
> (0x200) by any chance?
>
Yep. However, I've made some quick tests (that is, I've used PE tools to
rebuild some apps with larger file alignment and then tried to change
physical offset) and it seems that align cutoff is hard-coded as 0x200.
More information about the wine-devel
mailing list