[PATCH] ntdll: Avoid reading TEB in NtCreateThreadEx.
Myah Caron
qsniyg at protonmail.com
Tue Sep 29 13:56:55 CDT 2020
Thanks for the reply! I'll take a closer look into trap_handler.
The DRM is wine-aware, but for an older wine version (before ntdll's move to PE). It appears to specifically create hooks around the creation of a thread, likely hooking NtCreateThreadEx itself (according to correspondence with the developers).
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, September 29, 2020 5:58 AM, Paul Gofman <pgofman at codeweavers.com> wrote:
> I am not sure if this is acceptable either way, but wouldn't it be less
> of an application specific hack if to try to handle hardware breakpoints
> for the Unix part in a universal way in trap_handler()? As the DRM may
> apparently want to breakpoint any other TEB or PEB location the same way
> and ntdll.so is unlikely to avoid touching PEB completely.
>
More information about the wine-devel
mailing list