https://bugs.winehq.org/show_bug.cgi?id=38895
--- Comment #14 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Erich E. Hoover from comment #11)
Created attachment 51833 [details] ntdll: Only set the security cookie if it has not already been set (2).
You still need to modify *cookie when the random number accidentically matches one of the default cookie initializers. Also, there is no need to repeat the check "cookie != NULL" three times.
I am also unsure if its correct to allow 16bit/32bit cookie initializers on 64-bit. The code linked by Anastasius does allow it for 16-bit, but not for 32-bit.