On Mon Jul 21 08:03:29 2025 +0000, Nikolay Sivov wrote:

Another way would be to extend this builtin signature check to optionally include installed module name instead of assuming it's the same as a filename, so that we can specify comctl32_v6.dll there and build everything as builtin. I don't know if it's easy, because it requires variable length data.

It will be a lot more work. First, we need to pack variable-length data into e_lfanew for every DLL/EXE(output_pe_file(),output_module16, etc). Then we need to change this signature parsing to support variable-length data(winedump, dbghelp, build_module() in NTDLL, ntdll DLL loader, setupapi fakedll support). There will probably be alignment issues to be handled. Also, increasing e_lfanew might increase the chance of anti-virus software misdetecting wine DLLs as malware. Overall, I don't think it's worth it to extend the built-in signature check for this.