Re: ntdll: try to not raise exceptions when checking for atl thunks
Markus Amsler <markus.amsler(a)oribi.org> writes:
+ * Windows checks the following conditions before emulating an ATL thunk: + * - DEP policy allows emulating + * - thunk has memory type MEM_PRIVATE and is readable + * - jmp func is executable + * - thunk signature (movl, jmp) matches + * - a "secret" flag is set: + * The flag gets set before calling WndProc and cleared after WndProc + * or a thunk was emulated. + * In Windows XP SP 3 this flag is located at TEB+0xfb4. */
Where does that information come from? -- Alexandre Julliard julliard(a)winehq.org
Am 16.06.2010 11:37, schrieb Alexandre Julliard:
Markus Amsler<markus.amsler(a)oribi.org> writes:
+ * Windows checks the following conditions before emulating an ATL thunk: + * - DEP policy allows emulating + * - thunk has memory type MEM_PRIVATE and is readable + * - jmp func is executable + * - thunk signature (movl, jmp) matches + * - a "secret" flag is set: + * The flag gets set before calling WndProc and cleared after WndProc + * or a thunk was emulated. + * In Windows XP SP 3 this flag is located at TEB+0xfb4. */
Where does that information come from?
From my attemp to write a test for atl thunks. I had a hard time to get windows to emulate an atl thunk, so I worked my way backward from a working atl thunk example. I knew there had to be some secret flag, because in the WndProc atl thunks worked, outside not. So I took a hard look at the TEB and found it. It was clean reverse engineered. I put it into to patch, to document it somewhere. Markus
Markus Amsler <markus.amsler(a)oribi.org> writes:
From my attemp to write a test for atl thunks. I had a hard time to get windows to emulate an atl thunk, so I worked my way backward from a working atl thunk example. I knew there had to be some secret flag, because in the WndProc atl thunks worked, outside not. So I took a hard look at the TEB and found it.
It was clean reverse engineered. I put it into to patch, to document it somewhere.
It would be better to document it as a test then (not necessarily the TEB flag, we probably don't need to go that far, but at least the basic case that was causing Shrinker to fail). -- Alexandre Julliard julliard(a)winehq.org
participants (2)
-
Alexandre Julliard -
Markus Amsler