Vitaliy Margolen wrote:
Now I really need you help people.
Ok, here is the problem: LdrInitializeThunk is called from within start_process - the first thing to be executed in the new process's context. But this is not right. All what I found so far indicates, that LdrInitializeThunk should be queued as an APC, so it executes first no matter what.
That's because we run on top of other libraries and they need to be initialized first.
To complicate matters more, LdrInitializeThunk calling wineserver to stop the process if it's created with CREATE_SUSPENDED flag set. This is wrong. New process should never make it to it's main thread yet.
Unfortunately, I don't believe there is a syscall that will allow use to create a process truly suspended.
And even worse, none of this happens where it should be - in ntdll. Functions such as NtCreateProcess and NtCreateThread are stubs. So when I'm looking on-line for any information, they all refer to these ntdll functions.
I believe these functions are too low level to be reasonably implemented in Wine. We defer to a threading library, which roughly corresponds to the kernel32 API, whereas the ntdll API corresponds to us having to make syscalls ourselves. Also, NT process objects don't map exactly to Unix process objects. For example, in NT you can create a process without any threads.