base addresses of kernel32

James McKenzie jjmckenzie51 at
Sun Jul 4 14:49:24 CDT 2010

Andrey Turkin wrote:
> On Sunday 04 July 2010 22:31:49 Dan Kegel wrote:
>>>> the Makefile has:
>>>> EXTRADLLFLAGS = -Wb,-F,KERNEL32.dll -Wl,--image-base,0x7b800000
>>> Is there a good reason for this?  Otherwise, this opens a security
>>> vulnerability in Wine that does not exist in Windows....
>> This is the way Windows worked before Vista.
>> (Does Vista actually randomize where even ntdll is?)
>> BTW our CreateRemoteThread conformance test checks whether
>> the module has been loaded at a different address, and skips if it
>> has...
> has a pretty good explanation why certain DLLs 
> must be loaded at same address; one example why Wine should care is to satisfy 
> programs injecting code in different processes.
Code injection is considered a vulnerability if 'bad' code cannot be 
detected.  I don't know if Windows does this or not....

However, if this is displayed functionality with Windows, we should 
duplicate it....

James McKenzie

More information about the wine-devel mailing list