New subject: [PATCH 1/1] ntdll: loader_init() invoke breakpoint before loading dlls

8 Dec 2023


      While using [x64dbg](https://x64dbg.com/) I was experiencing incredibly strange issue - `int3` was swallowed and `KiUserExceptionDispatcher` was never invoked.
Turns out that x64dbg ([TitanEngine](https://github.com/x64dbg/TitanEngine/blob/x64dbg/TitanEngine/TitanEngine.De...)) expects system breakpoint to be first breakpoint that will be triggered and it always swallows it (it's hardcoded no setting to change it's behavior).
That means if you have a DLL with `int3` for example
```c
LONG ExceptionHandler(EXCEPTION_POINTERS *ExceptionInfo) {
  ExceptionInfo->ContextRecord->Rip++;
  return EXCEPTION_CONTINUE_EXECUTION;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    if (fdwReason == DLL_PROCESS_ATTACH)
    {
         AddVectoredExceptionHandler(1, ExceptionHandler);
         asm("int $0x03; nop; nop;");
    }
    return TRUE;
}
```
That `int3` would be swallowed and `ExceptionHandler` never invoked when running under x64dbg.
Now with this MR applied it works correctly and as expected (same as on Windows).
Another interesting thing is that without this MR it wouldn't just swallow `int3` but even skip first `nop` aswell and RIP would end up on 2nd `nop`.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/4655

[PATCH 0/1] MR4655: ntdll: loader_init() invoke breakpoint before loading dlls