There are a few other approaches that occur to me to solve this problem, but this one seemed most appealing. Alternatives I can think of: * Detect glibc version and look for pthread.so instead of libc.so. Version-specific logic seems a bit ugly. * Look for both pthread.so and libc.so, and construct a range which will include both libraries. This seems it would have a risk of catching PE code in the middle, although I don't know if that's actually possible given how we allocate memory... * Call syscall(rt_sigaction) directly, allowing us to retrieve sa_restorer. However, we don't know the length of the trampoline, assuming it is indeed contiguous. The outer signal doesn't need to be SIGSYS (in fact my initial plan was to use SIGTRAP instead), but this means we can be a bit more confident we have the right trampoline (they are signal-specific, although glibc seems to use the same trampoline for every signal except during early startup), and it also means we're only fiddling with one signal handler, which is arguably an improvement. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10984#note_141107