Hi all,
I have an application that is creating a process suspended and then using detours modifies the imports of the new process prior to resuming it (the application is called Tracker.exe and is part of MS toolchain, it can be retrieved in MS EWDK package)
The application does not work as it should on Wine, as the DLL its trying to inject to the new process is not getting loaded, I tracked down the problem here are the technical details:
When a new process is created, after all the other set-ups its running the function: dlls/ntdll/server.c!server_init_process_done
This function sets up the handlers for the different signals (signal_init_process) and makes a wine_server_call init_process_done.
In the wine server function server/process.c!init_process_done a check is made to see if the thread of the process needs to be suspended (stop_thread_if_suspended) and indeed when a process is created with the CREATE_SUSPENDED flag, thread->suspend == 1, process->suspend == 0, and the process state is done at this point).
This makes the wine_server call to stop_thread which will send a SIGUSR1 signal to the new process.
The new process however still have the signals in a block state, thus not processing the signal and putting it into a pending state.
The next thing that happens is LdrInitializeThunk continues and fixing up the EXE module imports, this is not the same behavior as Windows in which the Ldr only starts running after the thread has resumed.
Only later signals are being unblocked and then the thread enters a suspended state, the function which unblocks the signals today is attach_process_dlls
The interesting thing is that in the past Wine behavior was correct and the change that basically broke it is commit:
commit 0f5fc117a2320bb7e21b9ae4d07d717bed413171 Author: Alexandre Julliard julliard@winehq.org Date: Mon Nov 19 14:27:07 2007 +0100
ntdll: Unblock signals in process init only after the dlls have been imported.
Unfortunately though there I could not find any reason why the change was made or if there is any bug that it fixed back then (2007) .
I was thinking that perhaps in order to resolve the problem and be closer in the behavior to Windows would be to unblock the signals just before server_init_process_done returns.
Please let me know if you have any other questions, will be happy to resolve this now that we have all the information laid out.
Thanks, -- Jon.