wine users - Dec 2001 - Bug in PE_LoadImage/map_image? [Was: VirtualProtect and app crash]

I used WinDbg to show the memory protections that were placed on the 
executable image just after it was loaded, and just before the app starts.

Here is what wine shows:

View: 0x400000 - 0x765fff 28
       0x400000 - 0x765fff c-rw-

Here is what WinDbg shows (manually edited to look like the wine view):

0x400000 - 0x400fff c-r-- (PAGE_READONLY)
0x401000 - 0x454fff c--W- (PAGE_WRITECOPY)
0x455000 - 0x455fff c-rw- (PAGE_READWRITE)
0x456000 - 0x457fff c--W- (PAGE_WRITECOPY)
0x458000 - 0x458fff c-rw- (PAGE_READWRITE)
0x459000 - 0x459fff c-r-- (PAGE_READONLY)
0x45a000 - 0x758fff c--W- (PAGE_WRITECOPY)
0x759000 - 0x75afff c-r-- (PAGE_READONLY)
0x75b000 - 0x75dfff c--W- (PAGE_WRITECOPY)
0x75e000 - 0x75efff c-rw- (PAGE_READWRITE)
0x75f000 - 0x762fff c-r-x (PAGE_EXECUTE_READ)
0x763000 - 0x765fff c-r-- (PAGE_READONLY)

Remember, this is *before* the app even starts.

You can see from this that there is a difference between how Windows 
loads an executable image and how Wine does it. This is why trying to 
write to 0x75F07E throws an exception under W2K but succeeds under Wine. 
I guess the W2K exception is the right one.

Wine developers: Should I attempt a patch, or am I going in the wrong 
direction?

Thanks,

--Rob

Robert Baruch <autophile@starband.net> wrote:
> I used WinDbg to show the memory protections that were placed on the 
> executable image just after it was loaded, and just before the app starts.
> Here is what wine shows:
> View: 0x400000 - 0x765fff 28
>        0x400000 - 0x765fff c-rw-
> Here is what WinDbg shows (manually edited to look like the wine view):
> 0x400000 - 0x400fff c-r-- (PAGE_READONLY)
> 0x401000 - 0x454fff c--W- (PAGE_WRITECOPY)
> 0x455000 - 0x455fff c-rw- (PAGE_READWRITE)
> 0x456000 - 0x457fff c--W- (PAGE_WRITECOPY)
> 0x458000 - 0x458fff c-rw- (PAGE_READWRITE)
> 0x459000 - 0x459fff c-r-- (PAGE_READONLY)
> 0x45a000 - 0x758fff c--W- (PAGE_WRITECOPY)
> 0x759000 - 0x75afff c-r-- (PAGE_READONLY)
> 0x75b000 - 0x75dfff c--W- (PAGE_WRITECOPY)
> 0x75e000 - 0x75efff c-rw- (PAGE_READWRITE)
> 0x75f000 - 0x762fff c-r-x (PAGE_EXECUTE_READ)
> 0x763000 - 0x765fff c-r-- (PAGE_READONLY)
> Remember, this is *before* the app even starts.
> You can see from this that there is a difference between how Windows 
> loads an executable image and how Wine does it. This is why trying to 
> write to 0x75F07E throws an exception under W2K but succeeds under Wine. 
> I guess the W2K exception is the right one.
> Wine developers: Should I attempt a patch, or am I going in the wrong 
> direction?
No, you're entirely correct.
Wine doesn't properly set memory protections of the executable file
in the loader yet.
IMHO this is a pretty damn grave omission.
I'd be rather happy if you actually fixed that :-)
(I once had another program which stumbled on this)

-- 
Andreas Mohr, Renningen, Germany
In case you need to contact me after expiry of temporary email address:
my eternal (hopefully) email address is frqr2001 at the domain sneakemail.com

Andreas:

 > No, you're entirely correct.
 > Wine doesn't properly set memory protections of the executable file
 > in the loader yet.
 > IMHO this is a pretty damn grave omission.
 > I'd be rather happy if you actually fixed that :-)
 > (I once had another program which stumbled on this)

OK, I'm working on a patch to the current CVS. Once I test it against a 
few executables, I'll submit it to wine-patches. I tested it against 
20011108 with no problems, and this time the app throws a protection 
violation where it's supposed to. It still doesn't solve the main 
problem, but it's a step in the right direction, I hope!

Gerard:

 > What about
 > http://www.winehq.com/hypermail/wine-patches/2001/11/0123.html

No, that sets the original mmap to read-only. After you create the view 
of the mmap (as read-only!) you have to go through each section in the 
image, look at its protections, and modify the view of the mmap to 
correspond to those protections.

--Rob

> No, that sets the original mmap to read-only. After you create the view
 > of the mmap (as read-only!) you have to go through each section in the
 > image, look at its protections, and modify the view of the mmap to
 > correspond to those protections.

I meant, that patch sets the mmap to the executable image *header* to 
read-only.

--Rob