Re: [PATCH 1/3] winebuild: Added support for entry points generated in runtime.

On Jan 21, 2016 9:41 AM, "Sebastian Lackner" sebastian@fds-team.de wrote:

... In this case it shouldn't matter (as far as I know NtOpenFile isn't

intercepted

by the Chromium Sandbox), however when thinking more carefully about it,

heap

functions could indeed be problematic. What we theoretically need is two

sets of

them, user mode calls are supposed to go through NtAllocateVirtualMemory,

but

kernel mode calls not. I'll do some more testing myself, so far I haven't

found out

which thunks exactly introduce the randomness in the Chromium sandboxing

code.

...

Maybe this is being overly simplistic, but we do have both Zw* and Nt* entry points. It could make sense to use Zw* internally and route all the external calls through the thunks (Nt*).

Best, Erich