Hello Alexandre ,

current CVS version has regression.

All Asprotected (probably) programs crash due to the fact that Asprotect assumes that executables are being loaded from kernel32.dll, so stack return address passed to executable entry (in the other words executable entry was called from kernel32.dll) points to somewhere inside kernel32.dll. Later Asprotect uses this return address to detect kernel32.dll export section and dig it for required kernel32.dll function (LoadModule, VirtualAlloc etc).

The problem is that now executable entry loaded under wine is being started from somewhere inside ntdll.dll, so Asprotected kernel32.dll function finding routines fail with crash.

I'm not sure what's the best way to solve it, is some ntdll.dll process startup code relocating to kernel32.dll good enough ?