https://bugs.winehq.org/show_bug.cgi?id=50077
Bug ID: 50077 Summary: .NET 3.5SP1 installer depends on PEB->Reserved[1] / AtlThunkSListPtr32 being 0 or 1 Product: Wine Version: 5.20 Hardware: x86-64 OS: Mac OS X Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: bshanks@codeweavers.com
The .NET 3.5SP1 installer contains the 32-bit SITSetup.dll, which does the following:
- if IsProcessorFeatureEnabled(PF_NX_ENABLED) is true, - retrieve PEB[0x34]. In Wine this is currently 'Reserved[1]', Geoff Chappell documents it as 'AtlThunkSListPtr32'. - if the value is 0, allocate 8 bytes, zero them, and set PEB[0x34] to point to it. if the value is 1, this is coincidentally a flag value used by the code when DEP/NX is not supported/disabled. otherwise, the value is assumed to be a valid SLIST_HEADER pointer.
Wine uses PEB->Reserved for the image address, referenced by dbghelp check_live_target().
In limited testing on Linux (and Windows 10), I found PEB->Reserved[1] was set to 0, makes sense for a 32-bit EXE. On macOS (32on64), it was set to 0x1. On certain macOS versions, it was set to 0x2, causing the DLL to execute InterlockedPopEntrySList(2), which crashes.