http://bugs.winehq.org/show_bug.cgi?id=24488
Summary: Kernel32 / Ntdll bug. Injecting code into sub process fails in Wine. Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: ron.novy@yahoo.com
Created an attachment (id=30900) --> (http://bugs.winehq.org/attachment.cgi?id=30900) doFork or code 'injection' test.
Wine fails when injecting code into a process created in suspend mode. When trying to access a created process' memory Wine simply does not allow it to be unmapped, written to or even change the process' memory protections.
The test case I've attached works on 32bit and 64bit windows systems without changing protections on the target process' memory. An explanation on how it should work is in the Readme.txt file.
A possible fix would be to allow writing to memory of a process started in suspend mode, but not on a process that is running. This should allow the code to be copied or 'injected' into the suspended process.
http://bugs.winehq.org/show_bug.cgi?id=24488
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, testcase
http://bugs.winehq.org/show_bug.cgi?id=24488
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Kernel32 / Ntdll bug. |Injecting code into sub |Injecting code into sub |process fails |process fails in Wine. |
--- Comment #1 from Dmitry Timoshkov dmitry@codeweavers.com 2010-09-22 01:22:29 CDT --- Please specify the Wine version you are using (in the Version field above).
What applications are affected by this?
http://bugs.winehq.org/show_bug.cgi?id=24488
Ron ron.novy@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- OS/Version|Linux |All
--- Comment #2 from Ron ron.novy@yahoo.com 2010-09-24 21:57:59 CDT --- (In reply to comment #1)
Please specify the Wine version you are using (in the Version field above).
What applications are affected by this?
Unsure of the version. This issue was reported by a user of the application. We attempted to debug with the user, but the app kept failing in the same place.
The code is part of the stub to a packer/unpacker application. This technique was chosen over others because what it allows the unpacker to do.
I don't believe there are any current applications affected. The code has not been released except for beta testing. We are currently working on a way to work around this, but we would prefer not to have to make compromises here.
http://bugs.winehq.org/show_bug.cgi?id=24488
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- OS/Version|All |Linux
http://bugs.winehq.org/show_bug.cgi?id=24488
--- Comment #3 from butraxz@gmail.com 2013-02-03 10:06:37 CST --- No update for two and half years and download is not available. Is this still an issue in 1.5.23 or higher ? Or should this be closed as abandoned ?
http://bugs.winehq.org/show_bug.cgi?id=24488
Ron ron.novy@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |ABANDONED
--- Comment #4 from Ron ron.novy@yahoo.com 2013-02-03 18:29:11 CST --- Abandoned. It may still work on some 32-bit Windows systems but I'm pretty certain its a security flaw. It was being used to implement a software security feature but it does not work on more modern systems so it was eventually abandoned all together. Would have been nice but could have been dangerous as well.
http://bugs.winehq.org/show_bug.cgi?id=24488
Ken Sharp kennybobs@o2.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Ken Sharp kennybobs@o2.co.uk 2013-03-03 06:34:30 CST --- Closing bugs marked as abandoned.