[PATCH 0/3] RFC: Implement MemoryWorkingSetExInformation.

Paul Gofman gofmanp at gmail.com
Wed Dec 18 02:33:11 CST 2019

On 12/18/19 05:07, Ken Thomases wrote:
> On Dec 17, 2019, at 6:34 PM, Andrew Wesie <awesie at gmail.com> wrote:
>> A stub for bug 45667 has been sitting in staging for a while. It is sufficient
>> for League of Legends, but it is not correct by any definition.
>> The challenge with MemoryWorkingSetExInformation is that it requires
>> information that is not exposed by the Linux kernel.
> Are the semantics of the fields of MEMORY_WORKING_SET_EX_BLOCK documented or explained somewhere?  It's hard to comment intelligently without that.
> -Ken
> .

There is some basic description of the fields here in MS docs:

It is referenced from QueryWorkingSetEx description:

The patchset is also related for
https://bugs.winehq.org/show_bug.cgi?id=48268, but the thing in that bug
is not going to work anyway, working set info is just a minor issue for
that rootkit (the bigger include, but not limited to, minifilter FS
driver and exhaustive execution environment check / intervention; the
thing is not going to work even under VMs or in any sane native Windows
installation which does not disable every possible malware protection).

More information about the wine-devel mailing list