New subject: [Bug 50077] .NET 3.5SP1 installer depends on PEB->Reserved[1] / AtlThunkSListPtr32 being 0 or 1

29 Oct 2020


      https://bugs.winehq.org/show_bug.cgi?id=50077
Bug ID: 50077
           Summary: .NET 3.5SP1 installer depends on PEB->Reserved[1] /
                    AtlThunkSListPtr32 being 0 or 1
           Product: Wine
           Version: 5.20
          Hardware: x86-64
                OS: Mac OS X
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ntdll
          Assignee: wine-bugs@winehq.org
          Reporter: bshanks@codeweavers.com
The .NET 3.5SP1 installer contains the 32-bit SITSetup.dll, which does the
following:
- if IsProcessorFeatureEnabled(PF_NX_ENABLED) is true,
- retrieve PEB[0x34]. In Wine this is currently 'Reserved[1]', Geoff Chappell
documents it as 'AtlThunkSListPtr32'.
- if the value is 0, allocate 8 bytes, zero them, and set PEB[0x34] to point to
it.
  if the value is 1, this is coincidentally a flag value used by the code when
DEP/NX is not supported/disabled.
  otherwise, the value is assumed to be a valid SLIST_HEADER pointer.
Wine uses PEB->Reserved for the image address, referenced by dbghelp
check_live_target().
In limited testing on Linux (and Windows 10), I found PEB->Reserved[1] was set
to 0, makes sense for a 32-bit EXE.
On macOS (32on64), it was set to 0x1. On certain macOS versions, it was set to
0x2, causing the DLL to execute InterlockedPopEntrySList(2), which crashes.
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

[Bug 50077] New: .NET 3.5SP1 installer depends on PEB->Reserved[1] / AtlThunkSListPtr32 being 0 or 1