On 17 Dec 2001 11:17:22 -0800 Alexandre Julliard julliard@winehq.com wrote:
With that in mind, it seems that the only thing it's really looking for is that signature. So one idea that I had is a "Shrinker fixer". When Wine loads an executable, it would look for this specific exception handling code, and then NOP out the checks.
Is that a reasonable approach?
No; first I don't really see how you would do it reliably, and even then it could be considered copy protection circumvention thanks to the lovely DMCA.
Well, reliably because you just scan the code section of the executable for the sequence of bytes representing that procedure, since it will always be the same and always be in the code section.
I think I might be willing to risk going to jail to implement this; I think the risk is low. But that is off-topic.
But I see no reason we cannot have the code that calls the exception handler be identical to the NT code, since it seems to be checking only a couple of instructions.
That is a nifty idea. Unfortunately it obfuscates the code a little bit. Instead of calling the handler, we'd have to code it in assembly with "call ecx" at the end. Shrinker looks for the next instruction after that to be something like mov eax,fs:[00000000], so we'd have to do that as well.
--Rob