https://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #21 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Anastasius Focht from comment #20)
Hello folks,
the recent ATL thunk patch series made the thing more compliant :) There is still a missing piece though, that is not executing ATL thunk check on a guard page.
Thats not right, the tests definitely show that the ATL thunk check is also performed on guard pages (because the guard page flag is removed before thunk check happens). Nevertheless, there are still a couple of patches missing, so there is a chance that the remaining issues might be solved afterwards.
Another thing I noticed...
Wine's process execution flags are reversed for 'enabled' and 'disabled' options.
From my comment here: https://bugs.winehq.org/show_bug.cgi?id=24125#c7
https://src.chromium.org/svn/trunk/src/sandbox/win/src/ process_mitigations_test.cc
Chromium source snippet, part of test suite:
--- snip --- const int MEM_EXECUTE_OPTION_ENABLE = 1; const int MEM_EXECUTE_OPTION_DISABLE = 2; const int MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4; const int MEM_EXECUTE_OPTION_PERMANENT = 8; dep_flags &= 0xff; --- snip ---
vs.
Source: http://source.winehq.org/git/wine.git/blob/ 9a806d0f1c10289241500519beda73f1ac556586:/include/winternl.h#l729
--- snip --- 729 #define MEM_EXECUTE_OPTION_DISABLE 0x01 730 #define MEM_EXECUTE_OPTION_ENABLE 0x02 731 #define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x04 732 #define MEM_EXECUTE_OPTION_PERMANENT 0x08 --- snip ---
I noticed that, but Wine is right in this case. I've looked up several pages, and the meaning of MEM_EXECUTE_OPTION_ENABLE is that executing pages is always enabled, which means DEP is disabled. Chrome uses the flags with inversed order, but it shouldn't matter - it is swapped everywhere. This especially means that their way to set the DEP policy is wrong, and only works because of the swapped constants.
Applications that use the native API way to achieve '[Get|Set]ProcessDEPPolicy' on pre-Vista Windows OS where this entry point is not available will have the reverse effect.
Those functions are the next on my plan, already started working on them. ;)
Thanks for the work so far, Sebastian.
Regards