Snapshot 2020-11-12_05-12 broke debugging via attach-to-process in Wine ('safe attach' is now default, no longer configurable) #2525
Comments
|
I've created following bug reports to track the problems in Wine project:
|
|
Could you point me to a way to detect wine? It's very easy to do this the old way for wine (especially because the reason for this is to hide the attaching from the debuggee which would be quite pointless in wine). |
|
There are many ways to detect wine. The easiest would be to check for exports specific to Wine. ntdll.dll.wine_get_version would be my preferred choice when testing for one famous Wine specific export. I don't think these exports will ever be removed. It would break too many applications "ported" to Linux (in fact made to work with Wine) if these are no longer present. I documented this in a couple of bugs. These can be hidden though. Wine-Staging has a hack for this. But that's only for special cases when people want to prevent detection of Wine, at least w.r.t to famous exports. See for example:
Alternatively you could check for well known registry keys.
Many apps do these as well, or combination of both (Steam). |
|
Thanks for documenting this @rmi1974 and for the effort on root cause analysis. I think it would be preferable to implement these native APIs in wine instead. (As per https://wiki.winehq.org/Developer_FAQ#How_can_I_detect_Wine.3F, it seems that is the general view among other developers) As you mentioned, there are cases where we do intentionally have to hide exports, as was the case with EAC. Now I've run into additional applications that require NtCreateDebugObject support (that is beyond a simplistic stub) for anti debug checks. Since some of these apps are in scope for Proton, the priority might shift in favor of implementing these sooner rather than later. Hence unless there is a really good reason for it, I don't think x64dbg should change anything for wine based on some runtime detections ; however having the work-around option in the GUI would resolve this in the meantime. |
|
Hello folks, some update ... https://bugs.winehq.org/show_bug.cgi?id=50194 ("x64dbg snapshots >= 2020-11-12_05-12 crash on unimplemented function ntdll.dll.NtCreateDebugObject when attaching to process") is now implemented. https://source.winehq.org/git/wine.git/commitdiff/5ebc20c65609cc1b8643b427104ed386094a65c1 Next would be: https://bugs.winehq.org/show_bug.cgi?id=50195 ("x64dbg snapshots >= 2020-11-12_05-12 need ntdll.dll.NtDebugActiveProcess implementation to debug process via attach") which is still a stub. Regards |
|
Hello folks, good news: Wine now implements all the needed native debugging API. Copy/pasta from my comment: https://bugs.winehq.org/show_bug.cgi?id=50195#c1 This is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/46b84e7a83beae7484e6daac16739a2b9238f68e ("ntdll: Implement NtDebugActiveProcess() and NtRemoveProcessDebug().") and related commits in the series. Thanks Alexandre. Latest x64dbg snapshot used for testing: Prerequisite:
Tests with x32dbg:
Tests with x64dbg:
Felt a bit like unwrapping late christmas gift ;-) This will be part of Wine 6.2 release in a bit less than two weeks (unless people build/test Wine daily from Git like me). Regards |
|
Wow, that is great news! Did you also test it with the GleeBug debug engine
per chance?
…On Tue, 2 Feb 2021 at 00:41, Robert Michelsen ***@***.***> wrote:
Hello folks,
good news: Wine now implements all the needed native debugging API.
It works nicely with the current snapshot.
Copy/pasta from my comment:
https://bugs.winehq.org/show_bug.cgi?id=50195#c1
------------------------------
This is fixed by commit
https://source.winehq.org/git/wine.git/commitdiff/46b84e7a83beae7484e6daac16739a2b9238f68e
("ntdll: Implement NtDebugActiveProcess() and NtRemoveProcessDebug().") and
related commits in the series.
Thanks Alexandre.
$ git remote -v
...
origin git://source.winehq.org/git/wine.git (fetch)
$ git log --oneline 46b84e7a83b^...7999af82448
7999af82448 ntdll: Implement NtWaitForDebugEvent().
d848a25b765 ntdll: Implement DbgUiConvertStateChangeStructure().
c8f5cced471 ntdll: Implement NtDebugContinue().
7bebf7db8c2 ntdll: Implement NtSetInformationDebugObject().
46b84e7a83b ntdll: Implement NtDebugActiveProcess() and NtRemoveProcessDebug().
Latest x64dbg snapshot used for testing:
https://web.archive.org/web/20210127234740/https://github.com/x64dbg/x64dbg/releases/download/snapshot/snapshot_2021-01-14_13-25.zip
Prerequisite:
- workaround for bug 45916 (WINEDLLOVERRIDES=msvcr120,msvcp120=n,b)
Tests with x32dbg:
- start 32-bit process in debugger (entry point)
- attaching to running 32-bit process (pause/breakin)
- symbol loading (Wine builtins PDB)
- further debugging (stepping, breakpoints)
Tests with x64dbg:
- start 64-bit process in debugger (entry point)
- attaching to running 64-bit process (pause/breakin)
- symbol loading (Wine builtins PDB)
- further debugging (stepping, breakpoints)
Felt a bit like unwrapping late christmas gift ;-)
$ sha1sum snapshot_2021-01-14_13-25.zip
e39756243f419db6f4d2213227ab266ae0618163 snapshot_2021-01-14_13-25.zip
$ du -sh snapshot_2021-01-14_13-25.zip
32M snapshot_2021-01-14_13-25.zip
$ wine --version
wine-6.1-38-gcfbbde2abce
------------------------------
This will be part of Wine 6.2 release in a bit less than two weeks (unless
people build/test Wine daily from Git like me).
After the release of Wine 6.2 I propose to resolve this ticket as
'WONTFIX'.
If people want to use recent x64dbg they should upgrade to Wine >= 6.2.
No need to reintroduce old code / deprecated things.
Regards
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2525 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AASYFGNISMBC7TJDMCNNHALS4433NANCNFSM4UDR34RA>
.
|
I've switched the engines and basic debugging seems to work. Same tests as with TitanEngine. One feature that never worked with both Engines is "pause". |
|
To any lost souls out there: issue does not occur anymore in newest versions of Wine. Currently on 7.0-rc2. x64dbg works flawlessly |
Hello folks,
with the latest snapshot release snapshot_2020-11-12_05-12.zip the ability to attach to processes is broken in Wine.
Symptom: attaching to any 32-bit or 64-bit process results in x32dbg/x64dbg crash.
If x32dbg/x64dbg is registered as default crash handler you get a nice debugger crash "fork" bomb ;-)
It crashes on unimplemented NtCreateDebugObject() which is native API.
https://source.winehq.org/git/wine.git/blob/40d4fbe45997a1820296e7909ba2212518bcfacc:/dlls/ntdll/ntdll.spec#l162
Even with a small stub it wouldn't work because NtDebugActiveProcess is a stub as well.
https://source.winehq.org/git/wine.git/blob/40d4fbe45997a1820296e7909ba2212518bcfacc:/dlls/ntdll/ntdll.spec#l193
The native API used to implement remote breakin:
https://github.com/x64dbg/TitanEngine/blob/91f57815c886d6bef94f1b512d60c5e2d8bb43fe/TitanEngine/Global.Debugger.cpp#L246
Apparently this debugging functionality which makes use of native API was switched to being a debug engine default here:
x64dbg/TitanEngine@0a1c323 ("Make SafeAttach the default")
Previously it could be controlled by SafeAttach config setting which is still there but now no longer usable:
x64dbg/src/dbg/_exports.cpp
Line 1018 in dad1654
I will create Wine bugs about implementing the missing native API functionality. It might be low priority though.
A workaround exists: use last snapshot before the breaking change:
https://sourceforge.net/projects/x64dbg/files/snapshots/snapshot_2020-11-05_15-25.zip/download
I don't mind if you close this bug as "WONTFIX" since Wine is not really a supported "platform".
I just wanted to have this breaking change for Wine documented by bug reports on both projects.
Regards
The text was updated successfully, but these errors were encountered: