ntdll: try to not raise exceptions when checking for atl thunks
Markus Amsler
markus.amsler at oribi.org
Wed Jun 16 05:32:36 CDT 2010
Am 16.06.2010 11:37, schrieb Alexandre Julliard:
> Markus Amsler<markus.amsler at oribi.org> writes:
>
>
>> + * Windows checks the following conditions before emulating an ATL thunk:
>> + * - DEP policy allows emulating
>> + * - thunk has memory type MEM_PRIVATE and is readable
>> + * - jmp func is executable
>> + * - thunk signature (movl, jmp) matches
>> + * - a "secret" flag is set:
>> + * The flag gets set before calling WndProc and cleared after WndProc
>> + * or a thunk was emulated.
>> + * In Windows XP SP 3 this flag is located at TEB+0xfb4.
>> */
>>
> Where does that information come from?
>
>
From my attemp to write a test for atl thunks. I had a hard time to get
windows to emulate an atl thunk, so I worked my way backward from a
working atl thunk example. I knew there had to be some secret flag,
because in the WndProc atl thunks worked, outside not. So I took a hard
look at the TEB and found it.
It was clean reverse engineered. I put it into to patch, to document it
somewhere.
Markus
More information about the wine-devel
mailing list