WriteProcessMemory and friends in Wine?

Ryan Underwood nemesis-lists at icequake.net
Sat Feb 14 05:32:13 CST 2004


As a matter of convenience, I have created various loaders to programs
that I use that either remove the requirement for the program CD at
runtime, or perform other modifications to the program to make it more
desirable to use (i.e. redirect audio cd access to WAV files on HDD).

My general approach is to figure out what I want to do first; then patch
a copy of the executable, test it and get it working, then, diff the
patched copy with the original executable, and create a loader program
that runs the original (unpatched) executable.  The loader uses
CreateProcess to invoke the executable as a suspended process, and then
WriteProcessMemory to patch the new process in memory, causing the
memory image to be identical to the disk-patched version.  Then I
ResumeThread to kick off the program.

This sounds like a lot of work for little gain.  It does one important
thing however, which is to bypass integrity checks on the executable.
The modified version is running in memory, but usually virus/hack
checks are being made versus the executable on disk.

The question is, does this type of approach work in WINE or not (It
works in win98).  I have so far been unable to get any of my
loader-stubbed programs to work.  The loader runs and starts the
process, but no modification is made to the process, and then I get the
original problems that I set out to fix in the first place.  I am mainly
curious if there is some type of memory protection in WINE that is
preventing this from working or if any of the above functionality is yet
unavailable in WINE.  Surely the owner of a process should be able to
write to it, no?

thanks for any help.

Ryan Underwood, <nemesis at icequake.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.winehq.org/pipermail/wine-users/attachments/20040214/88412312/attachment.pgp

More information about the wine-users mailing list