> Browsing the disassembled (!) KERNEL32.ASM and PM65.ASM I
> noticed, that
> PM pushes some arguments on the stack before call to QT_Thunk and then
> doesn't pop them, i.e. PM assumes, that it is QT_Thunk's job.
Only a little strange. Many functions are stdcall (callee pop arguments)
However it makes less sense for variable argument functions.
> Okay. I did add the following strings to wine/dlls/kernel/thunk.c:
>
> TRACE("Bumping ESP by %ld bytes\n", argsize);
> ESP_reg(context) += argsize;
>
> at the end of QT_Thunk.
Reasonable guess.
> But argsize is always 12 for me, in spite of the fact, that QT_Thunk
> calls KERNEL.47: GETMODULEHANDLE(03af:0000 "ATM").
Hmm, strange.
> I'm absolutely sure, that PM doesn't use QT_Thunk except for
> GetModuleHandle16
> and I replaced "ESP_reg(context) += argsize" by
> "ESP_reg(context) += 4": PM works!
I see.
> So, the question: what the right way of popping right number
> of bytes from the
> stack after CallTo16?
I think you ask the wrong question. It don't think it is anything
to do with CallTo16 in itself. The problem might be that the
argsize is wrongly calculated.
It is possible that the way argsize is calculated by subtracting
0x40 only worked for the specific application that was tested.
However FT_Thunk is calculated the same way which weakens the case.
Hmm. I'm not sure why the argsize is wrong, if indeed it is wrong.
You will have to keep investigating.
