https://bugs.winehq.org/show_bug.cgi?id=39938
Bug ID: 39938 Summary: winedbg reports wrong values of input parameter for functions with DECLSPEC_HOTPATCH attribute Product: Wine Version: 1.9.0 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: winedbg Assignee: wine-bugs@winehq.org Reporter: andrej.skvortzov@gmail.com Distribution: ---
Created attachment 53350 --> https://bugs.winehq.org/attachment.cgi?id=53350 test executable with source code
Steps to reproduce the problem:
1. run winedbg with attached example ca 2. set breakpoint to the function with DECLSPEC_HOTPATCH attribute (for example CreateProcessA). Select function in the wine source code, not the kernel32 entry point. 3. continue execution of the program in winedbg 4. when breakpoint is hit, show local variables using 'info locals' command. Notice wrong value of app_name and cmd_line input parameters.
I attached binary with source code and log of the winedbg session, that shows this problem.
Short summary: if attribute DECLSPEC_HOTPATCH is specified, then compiler generate this prologue:
movl %edi,%edi pushl %ebp movl %esp,%ebp
That is used for hotpatching since Windows XP. The breakpoint is set just after this prologue (see attached winedbg log). The prologue modifies stack by pushing ebp, but winedbg assumes that breakpoint is set before prologue and stack is not modified. Therefore all parameters displayed by winedbg have wrong addresses (shifted on size of ebp) and as result wrong values.