On 4/22/06, Marcus Meissner <[EMAIL PROTECTED]> wrote: > > > > Certainly, find it here (261K): > > > > http://devzero.co.uk/~alistair/wine/dump.log > > This is the section with the entry point in: > > 04 .iyhivx VirtSize: 548864 VirtAddr: 401408 0x00062000 > raw data offs: 356352 raw data size: 548864 > relocation offs: 0 relocations: 0 > line # offs: 0 line #'s: 0 > characteristics: 0xc0000040 > INITIALIZED_DATA MEM_READ MEM_WRITE > > It is missing the "MEM_EXECUTE" flag. > > Try this patch: > > Index: dlls/ntdll/virtual.c > =================================================================== > RCS file: /home/wine/wine/dlls/ntdll/virtual.c,v > retrieving revision 1.88 > diff -u -r1.88 virtual.c > --- dlls/ntdll/virtual.c 8 Apr 2006 18:13:41 -0000 1.88 > +++ dlls/ntdll/virtual.c 22 Apr 2006 12:53:46 -0000 > @@ -1072,6 +1072,12 @@ > if (sec->Characteristics & IMAGE_SCN_MEM_READ) vprot |= > VPROT_READ; > if (sec->Characteristics & IMAGE_SCN_MEM_WRITE) vprot |= > VPROT_READ|VPROT_WRITECOPY; > if (sec->Characteristics & IMAGE_SCN_MEM_EXECUTE) vprot |= > VPROT_EXEC; > + > + /* Dumb game crack let the AOEP point into a data section. Adjust. */ > + if ( (nt->OptionalHeader.AddressOfEntryPoint >= > sec->VirtualAddress) && > + (nt->OptionalHeader.AddressOfEntryPoint < sec->VirtualAddress > + size) > + ) > + vprot |= VPROT_EXEC; > VIRTUAL_SetProt( view, ptr + sec->VirtualAddress, size, vprot ); > } > > > Ciao, Marcus > > >
Here's the unmodified executable: ftp://resnet.dnip.net/dump.txt It has MEM_EXECUTE correctly set. I think that loader should be considered buggy. Jesse
