On 5/25/20 1:39 PM, Paul Gofman wrote:
On 5/25/20 21:32, Stefan Dösinger wrote:
Am 25.05.2020 um 20:09 schrieb Paul Gofman <pgofman@codeweavers.com mailto:pgofman@codeweavers.com>:
goes in the lower address space, so a bit later an .exe without relocations cannot be mapped to 0x40000.
It's been a while since I understood the library load code well enough (if I ever understood it), but shouldn't we map the .exe file before we map kernelbase.dll? How does ntdll figure out kernelbase is needed without looking into the .exe import section?
I think we want kernelbase and kernel32 at their fixed addresses regardless, some DRMs or just too much inventive applications may depend on that.
I don't think the addresses are based on Windows addresses, though, but rather seem to be specifically to accommodate this kind of bug. See 8f567028123c and 8f7d88c707b8, the latter of which is linked to bug 48417. In particular I think comment 5 of that bug is relevant here.