From: Eric Pouech <eric.pouech(a)gmail.com> For a 32bit process, running in the "old" wow64 configuration, the filename of loaded (32 bit) ntdll.dll is reported as ..\system32\ntdll.dll instead of being in the wow64 directory. This affects: - filename used for image mapping - filename entry in LdrData (Note all the others DLLs in this configuration are correctly exposed in wow64 directory). Signed-off-by: Eric Pouech <eric.pouech(a)gmail.com> --- dlls/ntdll/loader.c | 16 +++++++++++++++- dlls/ntdll/unix/loader.c | 11 ++++++++--- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c index 01a30742678..21d19231eb9 100644 --- a/dlls/ntdll/loader.c +++ b/dlls/ntdll/loader.c @@ -2197,8 +2197,22 @@ static void build_ntdll_module( HMODULE module ) { UNICODE_STRING nt_name; WINE_MODREF *wm; + const WCHAR *name = L"\\??\\C:\\windows\\system32\\ntdll.dll"; + + if (sizeof(void*) == 4 && NtCurrentTeb()->WowTebOffset) + { + switch (RtlImageNtHeader( NtCurrentTeb()->Peb->ImageBaseAddress )->FileHeader.Machine) + { + case IMAGE_FILE_MACHINE_I386: + name = L"\\??\\C:\\windows\\syswow64\\ntdll.dll"; + break; + case IMAGE_FILE_MACHINE_ARMNT: + name = L"\\??\\C:\\windows\\sysarm32\\ntdll.dll"; + break; + } + } + RtlInitUnicodeString( &nt_name, name ); - RtlInitUnicodeString( &nt_name, L"\\??\\C:\\windows\\system32\\ntdll.dll" ); wm = alloc_module( module, &nt_name, TRUE ); assert( wm ); wm->ldr.Flags &= ~LDR_DONT_RESOLVE_REFS; diff --git a/dlls/ntdll/unix/loader.c b/dlls/ntdll/unix/loader.c index 65934acfc36..d5bef605e93 100644 --- a/dlls/ntdll/unix/loader.c +++ b/dlls/ntdll/unix/loader.c @@ -1878,8 +1878,8 @@ NTSTATUS load_start_exe( WCHAR **image, void **module ) */ static void load_ntdll(void) { - static WCHAR path[] = {'\\','?','?','\\','C',':','\\','w','i','n','d','o','w','s','\\', - 's','y','s','t','e','m','3','2','\\','n','t','d','l','l','.','d','l','l',0}; + static WCHAR ntdll[] = {'n','t','d','l','l','.','d','l','l',0}; + const WCHAR *wow_dir = get_machine_wow64_dir( main_image_info.Machine ); const char *pe_dir = get_pe_dir( current_machine ); unsigned int status; SECTION_IMAGE_INFORMATION info; @@ -1888,8 +1888,12 @@ static void load_ntdll(void) void *module; SIZE_T size = 0; char *name; + WCHAR *imagename; - init_unicode_string( &str, path ); + imagename = malloc( (wcslen(wow_dir) + ARRAY_SIZE(ntdll)) * sizeof(WCHAR) ); + wcscpy(imagename, wow_dir); + wcscat(imagename, ntdll); + init_unicode_string( &str, imagename ); InitializeObjectAttributes( &attr, &str, 0, 0, NULL ); name = malloc( strlen( ntdll_dir ) + strlen( pe_dir ) + sizeof("/ntdll.dll.so") ); @@ -1904,6 +1908,7 @@ static void load_ntdll(void) if (status == STATUS_IMAGE_NOT_AT_BASE) relocate_ntdll( module ); else if (status) fatal_error( "failed to load %s error %x\n", name, status ); free( name ); + free( imagename ); load_ntdll_functions( module ); ntdll_module = module; } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/2106