[PATCH] ntdll: Pad heap structure to fix offset of flag fields. - wine-devel

18 Mar 2020

Needed for Red Dead Redemption 2 to pass anti-debugger checks, it
accesses 'flags' and 'force_flags' at a fixed offset of the ProcessHeap.
Signed-off-by: Brendan Shanks bshanks@codeweavers.com
---
 dlls/ntdll/heap.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/dlls/ntdll/heap.c b/dlls/ntdll/heap.c
index af2a489b72..eee25e5086 100644
--- a/dlls/ntdll/heap.c
+++ b/dlls/ntdll/heap.c
@@ -151,7 +151,13 @@ typedef struct tagSUBHEAP
 typedef struct tagHEAP
 {
     DWORD_PTR        unknown1[2];
-    DWORD            unknown2;
+    DWORD            unknown2[2];
+    DWORD_PTR        unknown3[4];
+    DWORD            unknown4;
+    DWORD_PTR        unknown5[2];
+    DWORD            unknown6[3];
+    DWORD_PTR        unknown7[2];
+    /* Since Vista, 'flags' is at offset 0x40 (x86) / 0x70 (x64) */
     DWORD            flags;         /* Heap flags */
     DWORD            force_flags;   /* Forced heap flags for debugging */
     SUBHEAP          subheap;       /* First sub-heap */
-- 
2.24.1



    