box64 behavior after execv(wine) on x86_64 vs ARM64 #3947
Replies: 1 comment 4 replies
-
I should not work like that. execv will check if the target program is an x86_64 (or x86), and if that's the case, it will use box64 (or box86) to run to program. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I'm currently running box64 + wine on an x86_64 native machine (AMD Ryzen 5), and I've been tracing the execution flow.
From what I observed, the flow looks like this:
box64 emulates wine launcher (64-bit ELF)
↓ wine calls execv → wine-preloader
box64 is gone after this point
↓
wine-preloader runs natively (no box64 involvement)
↓
wine main process + ntdll/kernel32 loaded (all native x86_64)
↓
hello.exe runs → "Hello!" printed
My understanding is:
My questions:
I'm trying to build a continuous execution tracer that covers the full flow from box64 → exec → wine → PE entry point, and I want to make sure I understand the architecture correctly before deciding between a box64-level hook vs. a ptrace-based external tracer.
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions