https://bugs.winehq.org/show_bug.cgi?id=48417
Bug ID: 48417 Summary: Wine 32-bit builtins in PE format occupy low address space range, preventing non-relocatable native executables from being loaded Product: Wine Version: 5.0-rc4 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says. Encountered with some Microsoft installers, for example .NET Framework 2.0 SDK. Wine was built with llvm-mingw toolchain.
Failure of installer with PE builtins:
--- snip --- $ WINEDEBUG=+seh,+relay,+server,+loaddll,+virtual,+module wine ./setup.exe
log.txt 2>&1
... 0009:trace:module:load_dll looking for L"kernelbase.dll" in L"Z:\home\focht\.cache\winetricks\dotnet20sdk;C:\windows\system32;C:\windows\system;C:\windows;.;C:\windows\system32;C:\windows;C:\windows\system32\wbem;C:\windows\system32\WindowsPowershell\v1.0" 0009: create_file( access=80100000, sharing=00000005, create=1, options=00000060, attrs=00000000, objattr={rootdir=0000,attributes=00000040,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/windows/system32/kernelbase.dll" ) 0009: create_file() = 0 { handle=0014 } 0009: get_handle_fd( handle=0014 ) 0009: *fd* 0014 -> 24 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089, options=00000060 } 0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001, size=00000000, file_handle=0014, objattr={} ) 0009: create_mapping() = 0 { handle=0018 } 0009: close_handle( handle=0014 ) 0009: close_handle() = 0 0009: get_mapping_info( handle=0018, access=0000000c ) 0009: get_mapping_info() = 0 { size=001c1000, flags=01800000, shared_file=0000, image={base=10000000,entry_point=10020850,map_size=001c1000,stack_size=00100000,stack_commit=00001000,zerobits=00000000,subsystem=00000002,subsystem_low=0000,subsystem_high=0006,gp=00000000,image_charact=2102,dll_charact=0100,machine=014c,contains_code=1,image_flags=40,loader_flags=00000000,header_size=00000400,file_size=001b8000,checksum=00000000,cpu=x86} } 0009: get_handle_fd( handle=0018 ) 0009: *fd* 0018 -> 25 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d, options=00000020 } 0009:trace:module:map_image mapped PE file at 0x10000000-0x101c1000 0009:trace:module:map_image mapping section .text at 0x10001000 off 400 size 46800 virt 466b8 flags 60000020 0009:trace:module:map_image clearing 0x10047800 - 0x10048000 0009:trace:module:map_image mapping section .rdata at 0x10048000 off 46c00 size 37800 virt 377ca flags 40000040 0009:trace:module:map_image clearing 0x1007f800 - 0x10080000 0009:trace:module:map_image mapping section .buildid at 0x10080000 off 7e400 size 200 virt 81 flags 40000040 0009:trace:module:map_image clearing 0x10080200 - 0x10081000 0009:trace:module:map_image mapping section .data at 0x10081000 off 7e600 size 200 virt 1c30 flags c0000040 0009:trace:module:map_image clearing 0x10081200 - 0x10082000 0009:trace:module:map_image mapping section .rodata at 0x10083000 off 7e800 size 1e00 virt 1d04 flags c0000040 0009:trace:module:map_image clearing 0x10084e00 - 0x10085000 0009:trace:module:map_image mapping section .reloc at 0x10085000 off 80600 size 4200 virt 4158 flags 42000040 0009:trace:module:map_image clearing 0x10089200 - 0x1008a000 0009:trace:module:map_image mapping section /4 at 0x1008a000 off 84800 size 4600 virt 45c4 flags 42000040 0009:trace:module:map_image clearing 0x1008e600 - 0x1008f000 0009:trace:module:map_image mapping section /18 at 0x1008f000 off 88e00 size 8000 virt 7f08 flags 42000040 0009:trace:module:map_image mapping section /31 at 0x10097000 off 90e00 size 92600 virt 9243c flags 42000040 0009:trace:module:map_image clearing 0x10129600 - 0x1012a000 0009:trace:module:map_image mapping section /43 at 0x1012a000 off 123400 size 1aa00 virt 1a936 flags 42000040 0009:trace:module:map_image clearing 0x10144a00 - 0x10145000 0009:trace:module:map_image mapping section /55 at 0x10145000 off 13de00 size 34400 virt 3432e flags 42000040 0009:trace:module:map_image clearing 0x10179400 - 0x1017a000 0009:trace:module:map_image mapping section /66 at 0x1017a000 off 172200 size 4600 virt 4488 flags 42000040 0009:trace:module:map_image clearing 0x1017e600 - 0x1017f000 0009:trace:module:map_image mapping section /80 at 0x1017f000 off 176800 size 41600 virt 41417 flags 42000040 0009:trace:module:map_image clearing 0x101c0600 - 0x101c1000 0009: map_view( mapping=0018, access=0000000c, base=10000000, size=001c1000, start=00000000 ) 0009: map_view() = 0 0009:trace:virtual:VIRTUAL_DumpView View: 0x10000000 - 0x101c0fff (image) 0009:trace:virtual:VIRTUAL_DumpView 0x10000000 - 0x10000fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x10001000 - 0x10047fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x10048000 - 0x10080fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x10081000 - 0x10084fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x10085000 - 0x101c0fff c-r-- ... 0009:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\kernelbase.dll" at 0x10000000: PE builtin 0009:trace:module:load_dll Loaded module L"\??\C:\windows\system32\kernelbase.dll" at 0x10000000 ... 0009:trace:loaddll:load_so_dll Loaded L"C:\windows\system32\kernel32.dll" at 0x7b420000: builtin 0009:trace:module:load_dll looking for L"Z:\home\focht\.cache\winetricks\dotnet20sdk\setup.exe" in L"Z:\home\focht\.cache\winetricks\dotnet20sdk;C:\windows\system32;C:\windows\system;C:\windows;.;C:\windows\system32;C:\windows;C:\windows\system32\wbem;C:\windows\system32\WindowsPowershell\v1.0" 0009: create_file( access=80100000, sharing=00000005, create=1, options=00000060, attrs=00000000, objattr={rootdir=0000,attributes=00000040,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/z:/home/focht/.cache/winetricks/dotnet20sdk/setup.exe" ) 0009: create_file() = 0 { handle=0014 } 0009: get_handle_fd( handle=0014 ) 0009: *fd* 0014 -> 24 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089, options=00000060 } 0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001, size=00000000, file_handle=0014, objattr={} ) 0009: create_mapping() = 0 { handle=0018 } 0009: close_handle( handle=0014 ) 0009: close_handle() = 0 0009: get_mapping_info( handle=0018, access=0000000c ) 0009: get_mapping_info() = 0 { size=1620a000, flags=01800000, shared_file=0000, image={base=01000000,entry_point=0100645c,map_size=1620a000,stack_size=00040000,stack_commit=00001000,zerobits=00000000,subsystem=00000002,subsystem_low=0000,subsystem_high=0004,gp=00000000,image_charact=010f,dll_charact=8400,machine=014c,contains_code=1,image_flags=00,loader_flags=00000000,header_size=00000400,file_size=162088b8,checksum=16210119,cpu=x86} } 0009: get_handle_fd( handle=0018 ) 0009: *fd* 0018 -> 25 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d, options=00000020 } 0009:trace:virtual:map_view got mem in reserved area 0x101d0000-0x263da000 0009:trace:module:map_image mapped PE file at 0x101d0000-0x263da000 0009:trace:module:map_image mapping section .text at 0x101d1000 off 400 size 9a00 virt 992c flags 60000020 0009:trace:module:map_image clearing 0x101daa00 - 0x101db000 0009:trace:module:map_image mapping section .data at 0x101db000 off 9e00 size 400 virt 1be4 flags c0000040 0009:trace:module:map_image clearing 0x101db400 - 0x101dc000 0009:trace:module:map_image mapping section .rsrc at 0x101dd000 off a200 size 161fcc00 virt 161fca34 flags 40000040 0009:trace:module:map_image clearing 0x263d9c00 - 0x263da000 0009: map_view( mapping=0018, access=0000000c, base=101d0000, size=1620a000, start=00000000 ) 0009: map_view() = 0 0009:trace:virtual:VIRTUAL_DumpView View: 0x101d0000 - 0x263d9fff (image) 0009:trace:virtual:VIRTUAL_DumpView 0x101d0000 - 0x101d0fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x101d1000 - 0x101dafff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x101db000 - 0x101dcfff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x101dd000 - 0x263d9fff c-r-- 0009: close_handle( handle=0018 ) 0009: close_handle() = 0 0009:trace:module:get_load_order looking for L"Z:\home\focht\.cache\winetricks\dotnet20sdk\setup.exe" 0009:trace:module:get_load_order got main exe default n,b for L"Z:\home\focht\.cache\winetricks\dotnet20sdk\setup.exe" 0009:trace:module:load_native_dll Trying native dll L"\??\Z:\home\focht\.cache\winetricks\dotnet20sdk\setup.exe" 0009:warn:module:perform_relocations Need to relocate module from 0x1000000 to 0x101d0000, but there are no relocation records 0009: unmap_view( base=101d0000 ) 0009: unmap_view() = 0 0009:warn:module:load_dll Failed to load module L"Z:\home\focht\.cache\winetricks\dotnet20sdk\setup.exe"; status=c0000018 ... --- snip ---
Due to 'kernelbase.dll' already mapped to 0x10000000 (seven zeros) it prevents native 'setup.exe' from being mapped at 0x1000000 (six zeros). Mappable image size is 0x1620a000 (see 'get_mapping_info') which overlaps into 0x10000000 . The installer executable is non-relocatable.
Address space layout with 32-bit PE builtins using notepad:
--- snip --- $ winedbg notepad
WineDbg starting on pid 003d 0x7bcb0201 DbgBreakPoint+0x1 in ntdll: ret
Wine-dbg>info share Module Address Debug info Name (98 modules) PE 330000- 3c0000 Deferred shlwapi PE 3c0000- 3d3000 Deferred version PE 3e0000- 3ec000 Deferred api-ms-win-crt-runtime-l1-1-0 PE 400000- 458000 Deferred notepad PE 460000- 5d2000 Deferred comdlg32 PE 5e0000- 609000 Deferred shcore PE 610000- 95e000 Deferred ole32 PE 960000- ab1000 Deferred rpcrt4 PE ac0000- d7c000 Deferred comctl32 PE d80000- e0b000 Deferred usp10 PE e10000- e3f000 Deferred imm32 PE 1060000- 1149000 Deferred setupapi PE 1160000- 11b3000 Deferred uxtheme PE 10000000-101c1000 Deferred kernelbase ELF 7b400000-7b670000 Dwarf kernel32<elf> -PE 7b420000-7b670000 \ kernel32 ELF 7bc00000-7beb1000 Dwarf ntdll<elf> -PE 7bc30000-7beb1000 \ ntdll ELF 7c000000-7c004000 Deferred <wine-loader> ... --- snip ---
Without PE builtins:
--- snip --- $ winedbg notepad.exe
WineDbg starting on pid 0048 0x7bcb0851 DbgBreakPoint+0x1 in ntdll: ret
Wine-dbg>info share Module Address Debug info Name (108 modules) ELF 7b400000-7b670000 Dwarf kernel32<elf> -PE 7b420000-7b670000 \ kernel32 ELF 7bc00000-7beb2000 Dwarf ntdll<elf> -PE 7bc30000-7beb2000 \ ntdll ELF 7bec2000-7bf1e000 Deferred libblkid.so.1 ELF 7bf1e000-7c000000 Deferred libgcrypt.so.20 ELF 7c000000-7c004000 Deferred <wine-loader> ... ELF 7e908000-7e953000 Deferred notepad<elf> -PE 7e910000-7e953000 \ notepad ELF 7e953000-7ea2f000 Deferred kernelbase<elf> -PE 7e970000-7ea2f000 \ kernelbase ... --- snip ---
In case of 32-bit processes, the loader should not map Wine PE builtins into low address space regions to avoid these issues. I'm not sure what the "hard" lower limit is though, when the address space is congested with a lot of dlls (top down?).
Tidbit: Starting with Windows Vista+, even core dlls are subject to address space randomization (if ASLR enabled) but they are still located within 0x7xxxxxxx range on 32-bit.
$ sha1sum setup.exe 4e4b1072b5e65e855358e2028403f2dc52a62ab4 setup.exe
$ du -sh setup.exe 355M setup.exe
$ wine --version wine-5.0-rc4
Regards
https://bugs.winehq.org/show_bug.cgi?id=48417
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |https://web.archive.org/web | |/20170226170826/http://down | |load.microsoft.com/download | |/c/4/b/c4b15d7d-6f37-4d5a-b | |9c6-8f07e7d46635/setup.exe
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
adding download link via Internet Archive:
https://web.archive.org/web/20170226170826/http://download.microsoft.com/dow... -> .NET Framework 2.0 SDK installer
Regards
https://bugs.winehq.org/show_bug.cgi?id=48417
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
for tracking purpose in 'winetricks' I've created:
https://github.com/Winetricks/winetricks/issues/1465
Regards
https://bugs.winehq.org/show_bug.cgi?id=48417
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Note that this is specific to llvm-mingw, standard mingw uses --enable-auto-image-base by default. llvm-mingw should probably do the same.
https://bugs.winehq.org/show_bug.cgi?id=48417
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Wine 32-bit builtins in PE |All Wine 32-bit PE builtin |format occupy low address |dlls created by llvm-mingw |space range, preventing |use the same fixed |non-relocatable native |imagebase, preventing |executables from being |non-relocatable native |loaded |executables from being | |loaded (dynamicbase/ASLR | |should be default)
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello Alexandre,
--- quote --- Note that this is specific to llvm-mingw, standard mingw uses --enable-auto-image-base by default. llvm-mingw should probably do the same. --- quote ---
the distro MinGW-w64 (gcc) indeed has 'enable-auto-image-base' by default:
--- snip --- $ i686-w64-mingw32-gcc -v Using built-in specs. COLLECT_GCC=/usr/bin/i686-w64-mingw32-gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/i686-w64-mingw32/7.3.0/lto-wrapper Target: i686-w64-mingw32 Configured with: ../configure --prefix=/usr --bindir=/usr/bin --includedir=/usr/include --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --with-gnu-as --with-gnu-ld --verbose --without-newlib --disable-multilib --disable-plugin --with-system-zlib --disable-nls --without-included-gettext --disable-win32-registry --enable-languages=c,c++,objc,obj-c++,fortran --with-bugurl=http://bugzilla.redhat.com/bugzilla --with-cloog --enable-threads=posix --enable-libgomp --target=i686-w64-mingw32 --with-sysroot=/usr/i686-w64-mingw32/sys-root --with-gxx-include-dir=/usr/i686-w64-mingw32/sys-root/mingw/include/c++ Thread model: posix gcc version 7.3.0 20180125 (Fedora MinGW 7.3.0-1.fc28) (GCC)
$ i686-w64-mingw32-gcc -dumpspecs | grep enable-auto-image-base %{m64:-m i386pep} %{!m64:-m i386pe} %{mwindows:--subsystem windows} %{mconsole:--subsystem console} %{shared: %{mdll: %eshared and mdll are not compatible}} %{shared: --shared} %{mdll:--dll} %{static:-Bstatic} %{!static:-Bdynamic} %{shared|mdll: %{m64:-e DllMainCRTStartup} %{!m64:-e _DllMainCRTStartup@12} --enable-auto-image-base} %(shared_libgcc_undefs) --- snip ---
The problem: LLVM's LLD doesn't seem to support this ;-(
https://github.com/llvm/llvm-project/blob/master/lld/MinGW/Options.td#L92
--- snip --- // Ignored options def: Joined<["-"], "O">; def: F<"build-id">; def: F<"disable-auto-image-base">; def: F<"enable-auto-image-base">; def: F<"enable-auto-import">, HelpText<"Ignored; listed for libtool compatibility">; def: F<"end-group">; def: Flag<["--"], "full-shutdown">; def: F<"high-entropy-va">; def: S<"major-image-version">; def: S<"minor-image-version">; def: F<"no-seh">; def: F<"nxcompat">; def: F<"pic-executable">; ... --- snip ---
The closest functionality I could find is LLD option '--dynamicbase' which is used for ASLR.
https://github.com/llvm/llvm-project/blob/b11386f9be9b2dc7276a758d64f66833da...
--- snip --- if (config->dynamicBase) pe->DLLCharacteristics |= IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE; --- snip ---
I've injected '-Wl,--dynamicbase' into 'CROSSLDFLAGS'.
--- snip --- $ winedump $(winepath -u "c:\windows\syswow64\kernelbase.dll") Contents of /home/focht/.wine/dosdevices/c:/windows/syswow64/kernelbase.dll: 1802240 bytes
*** This is a Wine builtin DLL ***
File Header Machine: 014C (i386) Number of Sections: 13 TimeDateStamp: 5E11DCBC (Sun Jan 5 13:55:24 2020) offset 128 PointerToSymbolTable: 001B7E00 NumberOfSymbols: 00000000 SizeOfOptionalHeader: 00E0 Characteristics: 2102 EXECUTABLE_IMAGE 32BIT_MACHINE DLL
Optional Header (32bit) Magic 0x10B 267 linker version 14.00 size of code 0x46800 288768 size of initialized data 0x171200 1511936 size of uninitialized data 0x0 0 entrypoint RVA 0x20850 133200 base of code 0x1000 4096 base of data 0x0 0 image base 0x10000000 268435456 section align 0x1000 4096 file align 0x200 512 required OS version 6.00 image version 0.00 subsystem version 6.00 Win32 Version 0x0 0 size of image 0x1c1000 1839104 size of headers 0x400 1024 checksum 0x0 0 Subsystem 0x2 (Windows GUI) DLL characteristics: 0x140 DYNAMIC_BASE NX_COMPAT stack reserve size 0x100000 1048576 stack commit size 0x1000 4096 heap reserve size 0x100000 1048576 heap commit size 0x1000 4096 loader flags 0x0 0 RVAs & sizes 0x10 16
Data Directory EXPORT rva: 0x72468 size: 0xa8e3 IMPORT rva: 0x7cd4b size: 0x28 RESOURCE rva: 0x0 size: 0x0 EXCEPTION rva: 0x0 size: 0x0 SECURITY rva: 0x0 size: 0x0 BASERELOC rva: 0x85000 size: 0x4158 DEBUG rva: 0x80000 size: 0x1c ARCHITECTURE rva: 0x0 size: 0x0 GLOBALPTR rva: 0x0 size: 0x0 TLS rva: 0x0 size: 0x0 LOAD_CONFIG rva: 0x0 size: 0x0 Bound IAT rva: 0x0 size: 0x0 IAT rva: 0x7d324 size: 0x5b0 Delay IAT rva: 0x0 size: 0x0 CLR Header rva: 0x0 size: 0x0 rva: 0x0 size: 0x0
Done dumping /home/focht/.wine/dosdevices/c:/windows/syswow64/kernelbase.dll --- snip ---
'DLL characteristics' -> 'DYNAMIC_BASE'
Dlls will still have the default image base set though:
https://github.com/llvm/llvm-project/blob/d3fec7fb456138c83b84e38ce785ea6bfa...
--- snip --- static uint64_t getDefaultImageBase() { if (config->is64()) return config->dll ? 0x180000000 : 0x140000000; return config->dll ? 0x10000000 : 0x400000; } --- snip ---
https://github.com/llvm/llvm-project/blob/d3fec7fb456138c83b84e38ce785ea6bfa...
--- snip --- // Set default image base if /base is not given. if (config->imageBase == uint64_t(-1)) config->imageBase = getDefaultImageBase(); --- snip ---
The problem: ASLR isn't supported in Wine loader yet.
--- snip --- $ grep -Hrn DYNAMIC_BASE
dlls/kernel32/tests/loader.c:462: if (!(nt_header->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)) dlls/kernel32/tests/loader.c:1123: nt_header.OptionalHeader.DllCharacteristics = IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE; dlls/kernel32/tests/loader.c:1297: nt64.OptionalHeader.DllCharacteristics = IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE; dlls/kernel32/tests/loader.c:1408: nt32.OptionalHeader.DllCharacteristics = IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE;
dlls/fusion/tests/asmcache.c:328: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE |
tools/winedump/pe.c:218: X(IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE, "DYNAMIC_BASE");
server/mapping.c:651: if ((nt.opt.hdr32.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) && server/mapping.c:691: if ((nt.opt.hdr64.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) &&
include/winnt.h:2986:#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 --- snip ---
--- snip --- $ grep -Hrni DynamicallyRelocated
dlls/kernel32/tests/loader.c:387: (S(U(image)).ImageDynamicallyRelocated && LOWORD(image.TransferAddress) == LOWORD(entry_point)), dlls/kernel32/tests/loader.c:463: ok( !S(U(image)).ImageDynamicallyRelocated || broken( S(U(image)).ComPlusILOnly ), /* <= win7 */ dlls/kernel32/tests/loader.c:464: "%u: wrong ImageDynamicallyRelocated flags %02x\n", id, U(image).ImageFlags ); dlls/kernel32/tests/loader.c:466: ok( S(U(image)).ImageDynamicallyRelocated || broken(is_winxp), dlls/kernel32/tests/loader.c:467: "%u: wrong ImageDynamicallyRelocated flags %02x\n", id, U(image).ImageFlags ); dlls/kernel32/tests/loader.c:469: ok( !S(U(image)).ImageDynamicallyRelocated || broken(TRUE), /* <= win8 */ dlls/kernel32/tests/loader.c:470: "%u: wrong ImageDynamicallyRelocated flags %02x\n", id, U(image).ImageFlags );
server/protocol.def:767:#define IMAGE_FLAGS_ImageDynamicallyRelocated 0x04
server/mapping.c:653: mapping->image.image_flags |= IMAGE_FLAGS_ImageDynamicallyRelocated; server/mapping.c:693: mapping->image.image_flags |= IMAGE_FLAGS_ImageDynamicallyRelocated;
include/winternl.h:2028: UCHAR ImageDynamicallyRelocated : 1;
include/wine/server_protocol.h:751:#define IMAGE_FLAGS_ImageDynamicallyRelocated 0x04 --- snip ---
I'm not sure if upstream LLVM project is keen to implement 'enable-auto-image-base' since there is already 'dynamicbase'. Actually 'auto-image-base' would be contradictory when 'dynamicbase' is provided. Why would the linker need to generate a random image load address when the OS loader does a better job at runtime (has the knowledge of the address space layout).
I think supporting ASLR in Wine loader is more preferable as it would bring the PE binaries created with mingw cross-toolchain in line with what's produced by Microsoft's toolchains by default -> https://web.archive.org/web/20200105131452/https://devblogs.microsoft.com/cp...
If upstream doesn't want 'auto-image-base' for above stated reasons, we could make this bug report about defaulting to 'dynamicbase' in llvm-mingw (still upstream?) and create another bug about supporting ASLR in Wine loader.
Regards
https://bugs.winehq.org/show_bug.cgi?id=48417
--- Comment #5 from Alexandre Julliard julliard@winehq.org --- While we may want to add ASLR at some point, it's not necessary for this bug.
The right fix is to map the exe before anything else, but there's still some work left before we can do that. For now, setting an explicit load address for kernelbase should be enough.
https://bugs.winehq.org/show_bug.cgi?id=48417
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |8f7d88c707b84e9f414a66d4b4a | |67c0f22970099 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #6 from Alexandre Julliard julliard@winehq.org --- It should be fixed by 8f7d88c707b84e9f414a66d4b4a67c0f22970099.
https://bugs.winehq.org/show_bug.cgi?id=48417
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|ntdll |kernelbase Summary|All Wine 32-bit PE builtin |32-bit PE 'kernelbase.dll' |dlls created by llvm-mingw |has default imagebase |use the same fixed |0x10000000 when built with |imagebase, preventing |llvm-mingw, preventing |non-relocatable native |non-relocatable native |executables from being |executables from being |loaded (dynamicbase/ASLR |loaded |should be default) |
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello Alexandre,
ok then, I've refined the summary again to match the change. Thanks for the quick fix.
Regards
https://bugs.winehq.org/show_bug.cgi?id=48417
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.0-rc5.
https://bugs.winehq.org/show_bug.cgi?id=48417
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|kernelbase |kernel32
https://bugs.winehq.org/show_bug.cgi?id=48417
--- Comment #9 from Anastasius Focht focht@gmx.net --- Hello folks,
addendum to Alexandre's comment #5
--- quote --- The right fix is to map the exe before anything else, but there's still some work left before we can do that. For now, setting an explicit load address for kernelbase should be enough. --- quote ---
This is now fulfilled by commit https://source.winehq.org/git/wine.git/commitdiff/72baffdb6d7ce2d8c2bb0656b4... ("ntdll: Load the main module before the other dlls.").
Regards