Hi,
The latest version of newsbin 4.1B5 refuses to run, displaying "debugger or monitoring tool detected".
The detection code is very simple, immedeately at the program entry point 0x516000 it does (intel syntax):
| Disassembly of 0x00516000 | 0x51600D: 64A023000000 mov al,fs:[0x23] | 0x516013: EB03 jmp 0x516018 | ;*************************************************** | 0x516018: 84C0 test al,al | 0x51601A: EB03 jmp 0x51601f | ;*************************************************** | 0x51601F: 7567 jnz 0x516088
This jump is taken and leads immedeatly to the messagebox displaying the message above.
Any idea's and/or explanation?
Rein.
On Thu, Jan 23, 2003 at 10:12:32AM +0100, Rein Klazes wrote:
Hi,
The latest version of newsbin 4.1B5 refuses to run, displaying "debugger or monitoring tool detected".
The detection code is very simple, immedeately at the program entry point 0x516000 it does (intel syntax):
| Disassembly of 0x00516000 | 0x51600D: 64A023000000 mov al,fs:[0x23] | 0x516013: EB03 jmp 0x516018 | ;*************************************************** | 0x516018: 84C0 test al,al | 0x51601A: EB03 jmp 0x51601f | ;*************************************************** | 0x51601F: 7567 jnz 0x516088
This jump is taken and leads immedeatly to the messagebox displaying the message above.
Any idea's and/or explanation?
Well, we store the thread pid there, see thread.h:
DWORD pid; /* !2- 20 Process id (win95: debug context) */
Try to move the pid somewhere else and mark this field as unused.
Ciao, Marcus
Marcus Meissner wrote:
On Thu, Jan 23, 2003 at 10:12:32AM +0100, Rein Klazes wrote:
Hi,
The latest version of newsbin 4.1B5 refuses to run, displaying "debugger or monitoring tool detected".
Well, we store the thread pid there, see thread.h:
DWORD pid; /* !2- 20 Process id (win95: debug context) */Try to move the pid somewhere else and mark this field as unused.
All, I saw this same problem with a different application, and it behaves the same way whether the "Windows version" is NT or 9x. After a bit of research, it appears that NT pids should be less than 65k, so I created a patch that makes all of Wine's Win32 PIDs less than 65k. It makes the application I was using work (for winver set to both NT and 9x), but I had not posted it to wine-patches because I was afraid it might break something else.
I will go ahead and post it now, but it would appreciate comments from someone who knows more
Regards, Alex Pasadyn
On Thu, 23 Jan 2003 11:00:43 -0600, you wrote:
Marcus Meissner wrote:
On Thu, Jan 23, 2003 at 10:12:32AM +0100, Rein Klazes wrote:
Hi,
The latest version of newsbin 4.1B5 refuses to run, displaying "debugger or monitoring tool detected".
Well, we store the thread pid there, see thread.h:
DWORD pid; /* !2- 20 Process id (win95: debug context) */Try to move the pid somewhere else and mark this field as unused.
All, I saw this same problem with a different application, and it behaves the same way whether the "Windows version" is NT or 9x. After a bit of research, it appears that NT pids should be less than 65k, so I created a patch that makes all of Wine's Win32 PIDs less than 65k. It makes the application I was using work (for winver set to both NT and 9x), but I had not posted it to wine-patches because I was afraid it might break something else.
I will go ahead and post it now, but it would appreciate comments from someone who knows more
That would be nice. Following Marcus' suggestion takes me past this obstacle, but at a later point in some piece of self-modified code an exception happens:
| wine: Unhandled exception, starting debugger... | Couldn't start process '0 64 ' | Couldn't start process '0 64 ' | Couldn't start process '0 64 ' | Couldn't start process '0 64 '
Btw, the program also refuses to run in a Win2K guest under Vmware. It runs OK in pure Win2K.
Rein.
-
Alex Pasadyn -
Marcus Meissner -
Rein Klazes