http://bugs.winehq.org/show_bug.cgi?id=13915
--- Comment #43 from Myk Taylor myk002@yahoo.com 2010-08-20 11:51:34 --- It appears the the crash is happening in the thread created by
HANDLE thread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)hookBase, (void *)(hookBase + 5), 0, NULL);
in the DoInjectDLL function. Sometimes I get a page fault on a valid address, sometimes on NULL, and sometimes it works perfectly, which kinda indicates a race condition somewhere.
One of the following lines is going wonky:
HANDLE process = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, info->dwProcessId);
UInt32 hookBase = (UInt32)VirtualAllocEx(process, NULL, 8192, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
UInt32 loadLibraryAAddr = (UInt32)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
WriteProcessMemory(process, (LPVOID)(hookBase + 5), dllPath, strlen(dllPath) + 1, &bytesWritten);
WriteProcessMemory(process, (LPVOID)(hookBase), hookCode, sizeof(hookCode), &bytesWritten);
HANDLE thread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)hookBase, (void *)(hookBase + 5), 0, NULL);
Of course, it could just be that this line is not actually created a suspended process: bool result = CreateProcess( procName, NULL, // no args NULL, // default process security NULL, // default thread security TRUE, // don't inherit handles CREATE_SUSPENDED, NULL, // no new environment NULL, // no new cwd &startupInfo, &procInfo) != 0;
which would invalidate the assumptions in DoInjectDLL...