[PATCH 0/3] RFC: Implement MemoryWorkingSetExInformation.
Paul Gofman
gofmanp at gmail.com
Wed Dec 18 02:33:11 CST 2019
On 12/18/19 05:07, Ken Thomases wrote:
> On Dec 17, 2019, at 6:34 PM, Andrew Wesie <awesie at gmail.com> wrote:
>> A stub for bug 45667 has been sitting in staging for a while. It is sufficient
>> for League of Legends, but it is not correct by any definition.
>>
>> The challenge with MemoryWorkingSetExInformation is that it requires
>> information that is not exposed by the Linux kernel.
> Are the semantics of the fields of MEMORY_WORKING_SET_EX_BLOCK documented or explained somewhere? It's hard to comment intelligently without that.
>
> -Ken
>
>
> .
There is some basic description of the fields here in MS docs:
https://docs.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-psapi_working_set_ex_block
It is referenced from QueryWorkingSetEx description:
https://docs.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-queryworkingsetex
The patchset is also related for
https://bugs.winehq.org/show_bug.cgi?id=48268, but the thing in that bug
is not going to work anyway, working set info is just a minor issue for
that rootkit (the bigger include, but not limited to, minifilter FS
driver and exhaustive execution environment check / intervention; the
thing is not going to work even under VMs or in any sane native Windows
installation which does not disable every possible malware protection).
More information about the wine-devel
mailing list