Skip to content
GitLab
Open
Issue created by Derek Bruening@derekbrueningContributor

use WINE-derived custom kernel32.dll and ntdll.dll for clients

From bruen...@google.com on September 20, 2012 16:10:12

with all of the serious issues surrounding using private libraries on Windows:

  • private kernel32 can't load at zero-instr time for earliest injection: in fact ntdll itself not being initialized may cause problems beyond kernel32. there are serious concerns we can never get C++ clients to use earliest injection, and dbghelp-using clients would need split-init support.
  • console printing doesn't work in many situations due to csrss mediation: issue #556
  • win8 private libs so far don't work at all: issue #915
  • private TEB and even PEB isolation isn't perfect

I am considering using WINE sources to build custom kernel32.dll and ntdll.dll API providers. we should be able to get away w/ only supporting a subset of the Win32 API. WINE is LGPL so shared libs are license-compatible. a brief look shows that it may not be too much work to get enough support there for today's clients.

longer-term I'd want to replace user32.dll as well.

depending on the solution with TEB and PEB, dlls one layer up may be able to remain duplicate native copies, or they may need to also be WINE: should really try for the former to avoid having to build dozens of dlls, but OTOH we can have much better isolation if we can bend TLS a bit.

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=916