From: Brendan McGrath Subject: Re: [PATCH v2] ntdll: Fix overflow if running 32bit app w/ wine64 Message-Id: <9bd5bc1d-dc91-2d53-fc35-2c17af7a2460@redmandi.com> Date: Sat, 20 Oct 2018 08:57:17 +1100 In-Reply-To: References: <20181017094901.26009-1-brendan@redmandi.com> <3e6130d8-d5c5-2a3a-73e0-84c2dfdeecd3@redmandi.com> <871s8np0m5.fsf@winehq.org> <718a2392-f882-dfe7-a047-5504ee945136@redmandi.com> I ran this test with WINEDEBUG=+relay with and without the patch. With the patch I see this entry: 0067:Call PE DLL (proc=0x7fe6ef3a8610,module=0x7fe6ef380000 L"mscoree.dll",reason=PROCESS_ATTACH,res=0x22fb00) Without the patch I don't (in fact the text 'mscoree' isn't in the log at all). So I think the crash happens before the mscoree.dll library is loaded. And I guess this makes sense since the issue is with allocation of memory for the stack of the main process. On 20/10/18 12:24 am, Vincent Povirk wrote: >> I installed .NET 4.0 and it doesn't work. It's the same error. It works >> however with this patch. > If native mscoree is being used (you might want to double check) it > suggests that either ntdll is calling _CorValidateImage too late, or > this is the correct approach. I don't know how to test this.