Hi, I was trying to determine how Wine captures syscalls, and I found this thread: http://www.winehq.org/pipermail/wine-users/2002-October/009077.html The answer was that Wine *doesn't* deal with syscalls, and relies on the application never directly making a syscall, but instead calling into the standard system libraries (Win32). Is this still true today? I'm surprised that Wine can run all the applications it does without interposing on syscalls (suggesting that all these applications never directly make syscalls and instead *always* go through standard system libraries). Thanks! -- Yang Zhang http://www.mit.edu/~y_z/
Yang Zhang wrote:> Wine *doesn't* deal with syscalls, and relies on > the application never directly making a syscall, but instead calling > into the standard system libraries (Win32). > > Is this still true today?Still the same. Wine does not rely on applications not calling syscall directly. It's up to the system to take care of that. Wine can't (and won't ) do anything about it anyway, since Wine is 100% user space app. Anything user app can do, Wine can do, so can win32 apps.
Yang Zhang wrote:> Being a userspace process doesn't mean you can't prevent a process from making syscalls.And how do you propose to do that? What can stop "int 0x80" from appearing in the app's code?
Yang Zhang wrote:> You can stop "int 0x80" from appearing in the code by using a technique known as binary rewriting.Wine is not a virtual machine. And won't be, one. And what will you do with self modifying code that rewrites itself? Like lots of copy / anti-cheat / anti-debugger protections? Same technique can be used to make syscalls. Anyway this is pointless. You don't get the idea of what Wine is and how it works, and I'm tiered explaining.
Yang Zhang wrote:> My original email was simply asking what Wine does, and in a subsequent email I was just pointing out that it's not impossible to > block syscalls from userspace.Academically speaking - everything is possible. The question is - do we really need it? The answer is - no Wine doesn't need to be yet another virtual machine.