- Using uniform DocBook tags for DLLs, commands, environment vars...
- Moved detailed memory management from archi to kernel(s) part. - Enhanced process handling description. - Added section about 16 bit processes' support. - Added section about DOS support.
This commit is contained in:
parent
81857b7373
commit
3bebb0fed9
|
@ -81,7 +81,7 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
WineLib executable. These are applications, written
|
Winelib executable. These are applications, written
|
||||||
using the Windows API, but compiled as a Unix
|
using the Windows API, but compiled as a Unix
|
||||||
executable. Wine provides the tools to create such
|
executable. Wine provides the tools to create such
|
||||||
executables.
|
executables.
|
||||||
|
@ -101,7 +101,7 @@
|
||||||
<entry>DOS (.COM or .EXE)</entry>
|
<entry>DOS (.COM or .EXE)</entry>
|
||||||
<entry>Win16 (NE)</entry>
|
<entry>Win16 (NE)</entry>
|
||||||
<entry>Win32 (PE)</entry>
|
<entry>Win32 (PE)</entry>
|
||||||
<entry>WineLib</entry>
|
<entry>Winelib</entry>
|
||||||
</row>
|
</row>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
|
@ -188,14 +188,12 @@
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Wine deals with this issue by launching a separate Wine
|
Wine deals with this issue by launching a separate Wine process (which
|
||||||
process (which is in fact a Unix process) for each Win32
|
is in fact a Unix process) for each Win32 process, but not for Win16
|
||||||
process, but not for Win16 tasks. Win16 tasks (as well as
|
tasks. Win16 tasks are run as different intersynchronized Unix-threads
|
||||||
DOS programs) are run as different intersynchronized
|
in the same dedicated Wine process; this Wine process is commonly
|
||||||
Unix-threads in the same dedicated Wine process; this Wine
|
known as a <firstterm>WOW</firstterm> process (Windows on Windows),
|
||||||
process is commonly known as a <firstterm>WOW</firstterm>
|
referring to a similar mechanism used by Windows NT.
|
||||||
process (Windows on Windows), referring to a similar
|
|
||||||
mechanism used by Windows NT.
|
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Synchronization between the Win16 tasks running in the WOW
|
Synchronization between the Win16 tasks running in the WOW
|
||||||
|
@ -206,6 +204,15 @@
|
||||||
one of the waiting threads will then acquire it and let its
|
one of the waiting threads will then acquire it and let its
|
||||||
task run.
|
task run.
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>winevdm</command> is the Wine process dedicated to running the
|
||||||
|
Win16 processes. Note that several instances of this process could
|
||||||
|
exist, has Windows has support for different VDM (Virtual Dos
|
||||||
|
Machines) in order to have Win16 processes running in different
|
||||||
|
address spaces. Wine also uses the same architecture to run DOS
|
||||||
|
programs (in this case, the DOS emulation is provided by a Wine only
|
||||||
|
DLL called <filename>winedos</filename>.
|
||||||
|
</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
</sect1>
|
</sect1>
|
||||||
|
|
||||||
|
@ -251,9 +258,12 @@
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The windows architecture (Windows NT way) looks like the
|
The windows architecture (Windows NT way) looks like the
|
||||||
following drawing. Note the new DLL (NTDLL) which allows
|
following drawing. Note the new DLL
|
||||||
implementing different subsystems (as win32); kernel32 in NT
|
(<filename>NTDLL</filename>) which allows implementing
|
||||||
architecture implements the Win32 subsystem on top of NTDLL.
|
different subsystems (as win32);
|
||||||
|
<filename>kernel32</filename> in NT architecture
|
||||||
|
implements the Win32 subsystem on top of
|
||||||
|
<filename>NTDLL</filename>.
|
||||||
<screen>
|
<screen>
|
||||||
+---------------------+ \
|
+---------------------+ \
|
||||||
| Windows EXE | } application
|
| Windows EXE | } application
|
||||||
|
@ -371,12 +381,16 @@
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Wine must at least completely replace the "Big Three" DLLs
|
Wine must at least completely replace the "Big Three" DLLs
|
||||||
(KERNEL/KERNEL32, GDI/GDI32, and USER/USER32), which all
|
(<filename>KERNEL</filename>/<filename>KERNEL32</filename>,
|
||||||
other DLLs are layered on top of. But since Wine is (for
|
<filename>GDI</filename>/<filename>GDI32</filename>, and
|
||||||
various reasons) leaning towards the NT way of implementing
|
<filename>USER</filename>/<filename>USER32</filename>),
|
||||||
things, the NTDLL is another core DLL to be implemented in
|
which all other DLLs are layered on top of. But since Wine
|
||||||
Wine, and many KERNEL32 and ADVAPI32 features will be
|
is (for various reasons) leaning towards the NT way of
|
||||||
implemented through the NTDLL.
|
implementing things, the <filename>NTDLL</filename> is
|
||||||
|
another core DLL to be implemented in Wine, and many
|
||||||
|
<filename>KERNEL32</filename> and
|
||||||
|
<filename>ADVAPI32</filename> features will be
|
||||||
|
implemented through the <filename>NTDLL</filename>.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
As of today, no real subsystem (apart the Win32 one) has
|
As of today, no real subsystem (apart the Win32 one) has
|
||||||
|
@ -421,30 +435,30 @@
|
||||||
Wine server launches, it creates a Unix socket for the
|
Wine server launches, it creates a Unix socket for the
|
||||||
current host based on (see below) your home directory's
|
current host based on (see below) your home directory's
|
||||||
<filename>.wine</filename> subdirectory (or wherever the
|
<filename>.wine</filename> subdirectory (or wherever the
|
||||||
<constant>WINEPREFIX</constant> environment variable
|
<envar>WINEPREFIX</envar> environment variable points to)
|
||||||
points to) - all Wine processes launched later connects to
|
- all Wine processes launched later connects to the Wine
|
||||||
the Wine server using this socket. (If a Wine server was
|
server using this socket. If a Wine server was not
|
||||||
not already running, the first Wine process will start up
|
already running, the first Wine process will start up the
|
||||||
the Wine server in auto-terminate mode (i.e. the Wine
|
Wine server in auto-terminate mode (i.e. the Wine server
|
||||||
server will then terminate itself once the last Wine
|
will then terminate itself once the last Wine process has
|
||||||
process has terminated).)
|
terminated).
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
In earlier versions of Wine the master socket mentioned
|
In earlier versions of Wine the master socket mentioned
|
||||||
above was actually created in the configuration directory;
|
above was actually created in the configuration directory;
|
||||||
either your home directory's <filename>/wine</filename>
|
either your home directory's <filename>/wine</filename>
|
||||||
subdirectory or wherever the
|
subdirectory or wherever the
|
||||||
<constant>WINEPREFIX</constant> environment variable
|
<envar>WINEPREFIX</envar> environment variable points>.
|
||||||
points>. Since that might not be possible the socket is
|
Since that might not be possible the socket is actually
|
||||||
actually created within the <filename>/tmp</filename>
|
created within the <filename>/tmp</filename> directory
|
||||||
directory with a name that reflects the configuration
|
with a name that reflects the configuration directory.
|
||||||
directory. This means that there can actually be several
|
This means that there can actually be several separate
|
||||||
separate copies of the Wine server running; one per
|
copies of the Wine server running; one per combination of
|
||||||
combination of user and configuration directory. Note that
|
user and configuration directory. Note that you should
|
||||||
you should not have several users using the same
|
not have several users using the same configuration
|
||||||
configuration directory at the same time; they will have
|
directory at the same time; they will have different
|
||||||
different copies of the Wine server running and this could
|
copies of the Wine server running and this could well
|
||||||
well lead to problems with the registry information that
|
lead to problems with the registry information that
|
||||||
they are sharing.
|
they are sharing.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
|
@ -544,9 +558,9 @@
|
||||||
automatically registered when the shared library is
|
automatically registered when the shared library is
|
||||||
loaded - remember, registration call is put inside a
|
loaded - remember, registration call is put inside a
|
||||||
shared library constructor - using the
|
shared library constructor - using the
|
||||||
<constant>PRELOAD</constant> environment variable
|
<envar>PRELOAD</envar> environment variable when
|
||||||
when running a Wine process can force the
|
running a Wine process can force the registration of
|
||||||
registration of some DLL descriptors.
|
some DLL descriptors.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -554,8 +568,7 @@
|
||||||
If it's not registered, Wine will look for it on
|
If it's not registered, Wine will look for it on
|
||||||
disk, building the shared library name from the DLL
|
disk, building the shared library name from the DLL
|
||||||
module name. Directory searched for are specified by
|
module name. Directory searched for are specified by
|
||||||
the <constant>WINEDLLPATH</constant> environment
|
the <envar>WINEDLLPATH</envar> environment variable.
|
||||||
variable.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -647,15 +660,19 @@
|
||||||
A DLL descriptor is also created for every 16 bit
|
A DLL descriptor is also created for every 16 bit
|
||||||
DLL. However, this DLL normally paired with a 32 bit
|
DLL. However, this DLL normally paired with a 32 bit
|
||||||
DLL. Either, it's the 16 bit counterpart of the 16 bit DLL
|
DLL. Either, it's the 16 bit counterpart of the 16 bit DLL
|
||||||
(KRNL386.EXE for KERNEL32, USER for USER32...), or a 16
|
(<filename>KRNL386.EXE</filename> for
|
||||||
bit DLL directly linked to a 32 bit DLL (like SYSTEM for
|
<filename>KERNEL32</filename>, <filename>USER</filename>
|
||||||
KERNEL32, or DDEML for USER32). In those cases, the 16 bit
|
for <filename>USER32</filename>...), or a 16
|
||||||
|
bit DLL directly linked to a 32 bit DLL (like
|
||||||
|
<filename>SYSTEM</filename> for <filename>KERNEL32</filename>,
|
||||||
|
or <filename>DDEML</filename> for
|
||||||
|
<filename>USER32</filename>). In those cases, the 16 bit
|
||||||
descriptor(s) is (are) inserted in the same shared library
|
descriptor(s) is (are) inserted in the same shared library
|
||||||
as the the corresponding 32 bit DLL. Wine will also create
|
as the the corresponding 32 bit DLL. Wine will also create
|
||||||
symbolic links between kernel32.dll.so and system.dll.so
|
symbolic links between kernel32.dll.so and system.dll.so
|
||||||
so that loading of either
|
so that loading of either
|
||||||
<filename>kernel32.dll</filename> or
|
<filename>KERNEL32.DLL</filename> or
|
||||||
<filename>system.dll</filename> will end up on the same
|
<filename>SYSTEM.DLL</filename> will end up on the same
|
||||||
shared library.
|
shared library.
|
||||||
</para>
|
</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
@ -675,24 +692,26 @@
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Native DLLs of course guarantee 100% compatibility for
|
Native DLLs of course guarantee 100% compatibility for
|
||||||
routines they implement. For example, using the native USER
|
routines they implement. For example, using the native
|
||||||
DLL would maintain a virtually perfect and Windows 95-like
|
<filename>USER</filename> DLL would maintain a virtually
|
||||||
look for window borders, dialog controls, and so on. Using
|
perfect and Windows 95-like look for window borders,
|
||||||
the built-in Wine version of this library, on the other
|
dialog controls, and so on. Using the built-in Wine
|
||||||
hand, would produce a display that does not precisely mimic
|
version of this library, on the other hand, would produce
|
||||||
that of Windows 95. Such subtle differences can be
|
a display that does not precisely mimic that of Windows
|
||||||
engendered in other important DLLs, such as the common
|
95. Such subtle differences can be engendered in other
|
||||||
controls library COMMCTRL or the common dialogs library
|
important DLLs, such as the common controls library
|
||||||
COMMDLG, when built-in Wine DLLs outrank other types in load
|
<filename>COMMCTRL</filename> or the common dialogs library
|
||||||
order.
|
<filename>COMMDLG</filename>, when built-in Wine DLLs
|
||||||
|
outrank other types in load order.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
More significant, less aesthetically-oriented problems can
|
More significant, less aesthetically-oriented problems can
|
||||||
result if the built-in Wine version of the SHELL DLL is
|
result if the built-in Wine version of the
|
||||||
loaded before the native version of this library. SHELL
|
<filename>SHELL</filename> DLL is loaded before the native
|
||||||
|
version of this library. <filename>SHELL</filename>
|
||||||
contains routines such as those used by installer utilities
|
contains routines such as those used by installer utilities
|
||||||
to create desktop shortcuts. Some installers might fail when
|
to create desktop shortcuts. Some installers might fail when
|
||||||
using Wine's built-in SHELL.
|
using Wine's built-in <filename>SHELL</filename>.
|
||||||
</para>
|
</para>
|
||||||
</sect3>
|
</sect3>
|
||||||
|
|
||||||
|
@ -704,16 +723,17 @@
|
||||||
a library tries to access features of the rest of the system
|
a library tries to access features of the rest of the system
|
||||||
that are not fully implemented in Wine, the native DLL might
|
that are not fully implemented in Wine, the native DLL might
|
||||||
work much worse than the corresponding built-in one, if at
|
work much worse than the corresponding built-in one, if at
|
||||||
all. For example, the native Windows GDI library must be
|
all. For example, the native Windows <filename>GDI</filename>
|
||||||
paired with a Windows display driver, which of course is not
|
library must be paired with a Windows display driver, which
|
||||||
present under Intel Unix and Wine.
|
of course is not present under Intel Unix and Wine.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Finally, occasionally built-in Wine DLLs implement more
|
Finally, occasionally built-in Wine DLLs implement more
|
||||||
features than the corresponding native Windows DLLs.
|
features than the corresponding native Windows DLLs.
|
||||||
Probably the most important example of such behavior is the
|
Probably the most important example of such behavior is the
|
||||||
integration of Wine with X provided by Wine's built-in USER
|
integration of Wine with X provided by Wine's built-in
|
||||||
DLL. Should the native Windows USER library take load-order
|
<filename>USER</filename> DLL. Should the native Windows
|
||||||
|
<filename>USER</filename> library take load-order
|
||||||
precedence, such features as the ability to use the
|
precedence, such features as the ability to use the
|
||||||
clipboard or drag-and-drop between Wine windows and X
|
clipboard or drag-and-drop between Wine windows and X
|
||||||
windows will be lost.
|
windows will be lost.
|
||||||
|
@ -820,10 +840,11 @@
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The EXE file itself is usually mapped at address 0x400000
|
The EXE file itself is usually mapped at address
|
||||||
and up: indeed, most EXEs have their relocation records
|
<constant>0x400000</constant> and up: indeed, most EXEs have
|
||||||
stripped which means they must be loaded at their base
|
their relocation records stripped which means they must be
|
||||||
address and cannot be loaded at any other address.
|
loaded at their base address and cannot be loaded at any
|
||||||
|
other address.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
@ -836,7 +857,8 @@
|
||||||
be loaded at one address in one process, and a totally
|
be loaded at one address in one process, and a totally
|
||||||
different one in another. Ensuring all the functions
|
different one in another. Ensuring all the functions
|
||||||
loaded into memory can find each other is the job of the
|
loaded into memory can find each other is the job of the
|
||||||
Windows dynamic linker, which is a part of NTDLL.
|
Windows dynamic linker, which is a part of
|
||||||
|
<filename>NTDLL</filename>.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
So, we have the EXE and its DLLs mapped into memory. Two
|
So, we have the EXE and its DLLs mapped into memory. Two
|
||||||
|
@ -864,16 +886,16 @@
|
||||||
available for the application. In fact that's not so: only
|
available for the application. In fact that's not so: only
|
||||||
the lower 2 gigs are available, the upper 2 gigs are on
|
the lower 2 gigs are available, the upper 2 gigs are on
|
||||||
Windows NT used by the operating system and hold the
|
Windows NT used by the operating system and hold the
|
||||||
kernel (from 0x80000000). Why is the kernel mapped into
|
kernel (from <constant>0x80000000</constant>). Why is the
|
||||||
every address space? Mostly for performance: while it's
|
kernel mapped into every address space? Mostly for
|
||||||
possible to give the kernel its own address space too -
|
performance: while it's possible to give the kernel its own
|
||||||
this is what Ingo Molnars 4G/4G VM split patch does for
|
address space too - this is what Ingo Molnars 4G/4G VM
|
||||||
Linux - it requires that every system call into the kernel
|
split patch does for Linux - it requires that every system
|
||||||
switches address space. As that is a fairly expensive
|
call into the kernel switches address space. As that is a
|
||||||
operation (requires flushing the translation lookaside
|
fairly expensive operation (requires flushing the
|
||||||
buffers etc) and syscalls are made frequently it's best
|
translation lookaside buffers etc) and syscalls are made
|
||||||
avoided by keeping the kernel mapped at a constant
|
frequently it's best avoided by keeping the kernel mapped
|
||||||
position in every processes address space.
|
at a constant position in every processes address space.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
@ -923,403 +945,8 @@
|
||||||
memory allocation and stack.
|
memory allocation and stack.
|
||||||
</para>
|
</para>
|
||||||
</sect3>
|
</sect3>
|
||||||
|
|
||||||
<sect3>
|
|
||||||
<title>Implementation</title>
|
|
||||||
<para>
|
|
||||||
Wine (with a bit of black magic) is able to map all items
|
|
||||||
at the correct locations as depicted above.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Wine also implements the shared heap so native win9x DLLs
|
|
||||||
can be used. This heap is always created at the
|
|
||||||
<constant>SYSTEM_HEAP_BASE</constant> address or
|
|
||||||
<constant>0x80000000</constant> and defaults to 16
|
|
||||||
megabytes in size.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
There are a few other magic locations. The bottom 64k of
|
|
||||||
memory is deliberately left unmapped to catch null pointer
|
|
||||||
dereferences. The region from 64k to 1mb+64k are reserved
|
|
||||||
for DOS compatibility and contain various DOS data
|
|
||||||
structures. Finally, the address space also contains
|
|
||||||
mappings for the Wine binary itself, any native libaries
|
|
||||||
Wine is using, the glibc malloc arena and so on.
|
|
||||||
</para>
|
|
||||||
</sect3>
|
|
||||||
|
|
||||||
<sect3 id="address-space">
|
|
||||||
<title>Laying out the address space</title>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Up until about the start of 2004, the Linux address space
|
|
||||||
very much resembled the Windows 9x layout: the kernel sat
|
|
||||||
in the top gigabyte, the bottom pages were unmapped to
|
|
||||||
catch null pointer dereferences, and the rest was
|
|
||||||
free. The kernels mmap algorithm was predictable: it would
|
|
||||||
start by mapping files at low addresses and work up from
|
|
||||||
there.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
The development of a series of new low level patches
|
|
||||||
violated many of these assumptions, and resulted in Wine
|
|
||||||
needing to force the Win32 address space layout upon the
|
|
||||||
system. This section looks at why and how this is done.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
The exec-shield patch increases security by randomizing
|
|
||||||
the kernels mmap algorithms. Rather than consistently
|
|
||||||
choosing the same addresses given the same sequence of
|
|
||||||
requests, the kernel will now choose randomized
|
|
||||||
addresses. Because the Linux dynamic linker
|
|
||||||
(ld-linux.so.2) loads DSOs into memory by using mmap, this
|
|
||||||
means that DSOs are no longer loaded at predictable
|
|
||||||
addresses, so making it harder to attack software by using
|
|
||||||
buffer overflows. It also attempts to relocate certain
|
|
||||||
binaries into a special low area of memory known as the
|
|
||||||
ASCII armor so making it harder to jump into them when
|
|
||||||
using string based attacks.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Prelink is a technology that enhances startup times by
|
|
||||||
precalculating ELF global offset tables then saving the
|
|
||||||
results inside the native binaries themselves. By grid
|
|
||||||
fitting each DSO into the address space, the dynamic
|
|
||||||
linker does not have to perform as many relocations so
|
|
||||||
allowing applications that heavily rely on dynamic linkage
|
|
||||||
to be loaded into memory much quicker. Complex C++
|
|
||||||
applications such as Mozilla, OpenOffice and KDE can
|
|
||||||
especially benefit from this technique.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
The 4G VM split patch was developed by Ingo Molnar. It
|
|
||||||
gives the Linux kernel its own address space, thereby
|
|
||||||
allowing processes to access the maximum addressable
|
|
||||||
amount of memory on a 32-bit machine: 4 gigabytes. It
|
|
||||||
allows people with lots of RAM to fully utilise that in
|
|
||||||
any given process at the cost of performance: the reason
|
|
||||||
behind giving the kernel a part of each processes address
|
|
||||||
space was to avoid the overhead of switching on each
|
|
||||||
syscall.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Each of these changes alter the address space in a way
|
|
||||||
incompatible with Windows. Prelink and exec-shield mean
|
|
||||||
that the libraries Wine uses can be placed at any point in
|
|
||||||
the address space: typically this meant that a library was
|
|
||||||
sitting in the region that the EXE you wanted to run had
|
|
||||||
to be loaded (remember that unlike DLLs, EXE files cannot
|
|
||||||
be moved around in memory). The 4G VM split means that
|
|
||||||
programs could receive pointers to the top gigabyte of
|
|
||||||
address space which some are not prepared for (they may
|
|
||||||
store extra information in the high bits of a pointer, for
|
|
||||||
instance). In particular, in combination with exec-shield
|
|
||||||
this one is especially deadly as it's possible the process
|
|
||||||
heap could be allocated beyond ADDRESS_SPACE_LIMIT which
|
|
||||||
causes Wine initialization to fail.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
The solution to these problems is for Wine to reserve
|
|
||||||
particular parts of the address space so that areas that
|
|
||||||
we don't want the system to use will be avoided. We later
|
|
||||||
on (re/de)allocate those areas as needed. One problem is
|
|
||||||
that some of these mappings are put in place automatically
|
|
||||||
by the dynamic linker: for instance any libraries that
|
|
||||||
Wine is linked to (like libc, libwine, libpthread etc)
|
|
||||||
will be mapped into memory before Wine even gets
|
|
||||||
control. In order to solve that, Wine overrides the
|
|
||||||
default ELF initialization sequence at a low level and
|
|
||||||
reserves the needed areas by using direct syscalls into
|
|
||||||
the kernel (ie without linking against any other code to
|
|
||||||
do it) before restarting the standard initialization and
|
|
||||||
letting the dynamic linker continue. This is referred to
|
|
||||||
as the preloader and is found in loader/preloader.c.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Once the usual ELF boot sequence has been completed, some
|
|
||||||
native libraries may well have been mapped above the 3gig
|
|
||||||
limit: however, this doesn't matter as 3G is a Windows
|
|
||||||
limit, not a Linux limit. We still have to prevent the
|
|
||||||
system from allocating anything else above there (like the
|
|
||||||
heap or other DLLs) though so Wine performs a binary
|
|
||||||
search over the upper gig of address space in order to
|
|
||||||
iteratively fill in the holes with MAP_NORESERVE mappings
|
|
||||||
so the address space is allocated but the memory to
|
|
||||||
actually back it is not. This code can be found in libs/wine/mmap.c:reserve_area.
|
|
||||||
</para>
|
|
||||||
</sect3>
|
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
<sect2>
|
|
||||||
<title>Processes</title>
|
|
||||||
<para>
|
|
||||||
Let's take a closer look at the way Wine loads and run
|
|
||||||
processes in memory.
|
|
||||||
</para>
|
|
||||||
<sect3>
|
|
||||||
<title>Starting a process from command line</title>
|
|
||||||
<para>
|
|
||||||
When starting a Wine process from command line (we'll get
|
|
||||||
later on to the differences between NE, PE and Winelib
|
|
||||||
executables), there are a couple of things Wine need to do
|
|
||||||
first. A first executable is run to check the threading
|
|
||||||
model of the underlying OS (see <xref linkend="threading">
|
|
||||||
for the details) and will start the real Wine loader
|
|
||||||
corresponding to the choosen threading model.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Then Wine graps a few elements from the Unix world: the
|
|
||||||
environment, the program arguments. Then the
|
|
||||||
<filename>ntdll.dll.so</filename> is loaded into memory
|
|
||||||
using the standard shared library dynamic loader. When
|
|
||||||
loaded, NTDLL will mainly first create a decent Windows
|
|
||||||
environment:
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>create a PEB and a TEB</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
set up the connection to the Wine server - and
|
|
||||||
eventually launching the Wine server if none runs
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>create the process heap</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Then <filename>Kernel32</filename> is loaded (but now
|
|
||||||
using the Windows dynamic loading capabilities) and a Wine
|
|
||||||
specific entry point is called
|
|
||||||
<function>__wine_kernel_init</function>. This function
|
|
||||||
will actually handle all the logic of the process loading
|
|
||||||
and execution, and will never return from it's call.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
<function>__wine_kernel_init</function> will undergo the
|
|
||||||
following tasks:
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
initialization of program arguments from Unix
|
|
||||||
program arguments
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
lookup of executable in the file system
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If the file is not found, then an error is printed
|
|
||||||
and the Wine loader stops.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
We'll cover the non-PE file type later on, so assume
|
|
||||||
for now it's a PE file. The PE module is loaded in
|
|
||||||
memory using the Windows shared library
|
|
||||||
mechanism. Note that the dependencies on the module
|
|
||||||
are not resolved at this point.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
A new stack is created, which size is given in the
|
|
||||||
PE header, and this stack is made the one of the
|
|
||||||
running thread (which is still the only one in the
|
|
||||||
process). The stack used at startup will no longer
|
|
||||||
be used.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Which this new stack,
|
|
||||||
<function>ntdll.LdrInitializeThunk</function> is
|
|
||||||
called which performs the remaining initialization
|
|
||||||
parts, including resolving all the DLL imports on
|
|
||||||
the PE module, and doing the init of the TLS slots.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Control can now be passed to the
|
|
||||||
<function>EntryPoint</function> of the PE module,
|
|
||||||
which will let the executable run.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
</para>
|
|
||||||
</sect3>
|
|
||||||
<sect3>
|
|
||||||
<title>Creating a child process from a running process</title>
|
|
||||||
<para>
|
|
||||||
The steps used are closely link to what is done in the
|
|
||||||
previous case.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
There are however a few points to look at a bit more
|
|
||||||
closely. The inner implementation creates the child
|
|
||||||
process using the <function>fork()</function> and
|
|
||||||
<function>exec()</function> calls. This means that we
|
|
||||||
don't need to check again for the threading model, we can
|
|
||||||
use what the parent (or the grand-parent process...)
|
|
||||||
started from command line has found.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
The Win32 process creation allows to pass a lot of
|
|
||||||
information between the parent and the child. This
|
|
||||||
includes object handles, windows title, console
|
|
||||||
parameters, environment strings... Wine makes use of both
|
|
||||||
the standard Unix inheritance mechanisms (for environment
|
|
||||||
for example) and the Wine server (to pass from parent to
|
|
||||||
child a chunk of data containing the relevant information).
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
The previously described loading mechanism will check in
|
|
||||||
the Wine server if such a chunk exists, and, if so, will
|
|
||||||
perform the relevant initialization.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Some further synchronization is also put in place: a
|
|
||||||
parent will wait until the child has started, or has
|
|
||||||
failed. The Wine server is also used to perform those
|
|
||||||
tasks.
|
|
||||||
</para>
|
|
||||||
</sect3>
|
|
||||||
<sect3>
|
|
||||||
<title>Starting a Winelib process</title>
|
|
||||||
<para>
|
|
||||||
Before going into the gory details, let's first go back to
|
|
||||||
what a Winelib application is. It can be either a regular
|
|
||||||
Unix executable, or a more specific Wine beast. This later
|
|
||||||
form in fact creates two files for a given executable (say
|
|
||||||
<filename>foo.exe</filename>). The first one, named
|
|
||||||
<filename>foo</filename> will be a symbolic link to the
|
|
||||||
Wine loader (<filename>wine</filename>). The second one,
|
|
||||||
named <filename>foo.exe.so</filename>, is the equivalent
|
|
||||||
of the <filename>.dll.so</filename> files we've already
|
|
||||||
described for DLLs. As in Windows, an executable is, among
|
|
||||||
other things, a module with its import and export
|
|
||||||
information, as any DLL, it makes sense Wine uses the same
|
|
||||||
mechanisms for loading native executables and DLLs.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
When starting a Winelib application from the command line
|
|
||||||
(say with <command>foo arg1 arg2</command>), the Unix
|
|
||||||
shell will execute <command>foo</command> as a Unix
|
|
||||||
executable. Since this is in fact the Wine loader, Wine
|
|
||||||
will fire up. However, will notice that it hasn't been
|
|
||||||
started as <command>wine</command> but as
|
|
||||||
<command>foo</command>, and hence, will try to load (using
|
|
||||||
Unix shared library mechanism) the second file
|
|
||||||
<filename>foo.exe.so</filename>. Wine will recognize a 32
|
|
||||||
bit module (with its descriptor) embedded in the shared
|
|
||||||
library, and once the shared library loaded, it will
|
|
||||||
proceed the same path as when loading a standard native PE
|
|
||||||
executable.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Wine needs to implement this second form of executable in
|
|
||||||
order to maintain the order of initialization of some
|
|
||||||
elements in the executable. One particular issue is when
|
|
||||||
dealing with global C++ objects. In standard Unix
|
|
||||||
executable, the call of the constructor to such objects is
|
|
||||||
stored in the specific section of the executable
|
|
||||||
(<function>.init</function> not to name it). All
|
|
||||||
constructors in this section are called before the
|
|
||||||
<function>main</function> function is called. Creating a
|
|
||||||
Wine executable using the first form mentionned above will
|
|
||||||
let those constructors being called before Wine gets a
|
|
||||||
chance to initialize itself. So, any constructor using a
|
|
||||||
Windows API will fail, because Wine infrastructure isn't
|
|
||||||
in place. The use of the second form for Winelib
|
|
||||||
executables ensures that we do the initialization using
|
|
||||||
the following steps:
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
initialize the Wine infrastructure
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
load the executable into memory
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
handle the import sections for the executable
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
call the global object constructors (if any). They
|
|
||||||
now can properly call the Windows APIs
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
call the executable entry point
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
The attentive reader would have noted that the resolution
|
|
||||||
of imports for the executable is done, as for a DLL, when
|
|
||||||
the executable/DLL descriptor is registered. However, this
|
|
||||||
is done also by adding a specific constructor in the
|
|
||||||
<function>.init</function> section. For the above describe
|
|
||||||
scheme to function properly, this constructor must be the
|
|
||||||
first constructor to be called, before all the other
|
|
||||||
constructors, generated by the executable itself. The Wine
|
|
||||||
build chain takes care of that, and also generating the
|
|
||||||
executable/DLL descriptor for the Winelib executable.
|
|
||||||
</para>
|
|
||||||
</sect3>
|
|
||||||
<sect3>
|
|
||||||
<title>Starting a NE (Win16) process</title>
|
|
||||||
<para>
|
|
||||||
When Wine is requested to run a NE (Win 16 process), it
|
|
||||||
will in fact hand over the execution of it to a specific
|
|
||||||
executable <filename>winevdm</filename>. VDM stands for
|
|
||||||
Virtual DOS Machine. This <filename>winevdm</filename>
|
|
||||||
will in fact set up the correct 16 bit environment to run
|
|
||||||
the executable. Any new 16 bit process created by this
|
|
||||||
executable (or its children) will run into the same
|
|
||||||
<filename>winevdm</filename> instance. Among one instance,
|
|
||||||
several functionalities will be provided to those 16 bit
|
|
||||||
processes, including the cooperative multitasking, sharing
|
|
||||||
the same address space, managing the selectors for the 16
|
|
||||||
bit segments needed for code, data and stack.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
Note that several <filename>winevdm</filename> instances
|
|
||||||
can run in the same Wine session, but the functionalities
|
|
||||||
described above are only shared among a given instance,
|
|
||||||
not among all the instances. <filename>winevdm</filename>
|
|
||||||
is built as Winelib application, and hence has access to
|
|
||||||
any facility a 32 bit application has.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
The behaviour we just described also applies to DOS
|
|
||||||
executables, which are handled the same way by
|
|
||||||
<filename>winevdm</filename>.
|
|
||||||
</para>
|
|
||||||
</sect3>
|
|
||||||
</sect2>
|
|
||||||
<sect2>
|
<sect2>
|
||||||
<title>Wine drivers</title>
|
<title>Wine drivers</title>
|
||||||
<para>
|
<para>
|
||||||
|
@ -1327,11 +954,13 @@
|
||||||
Unix. This comes mainly because (look at the generic
|
Unix. This comes mainly because (look at the generic
|
||||||
architecture schemas) Wine doesn't implement the kernel
|
architecture schemas) Wine doesn't implement the kernel
|
||||||
features of Windows (kernel here really means the kernel,
|
features of Windows (kernel here really means the kernel,
|
||||||
not the KERNEL32 DLL), but rather sets up a proxy layer on
|
not the <filename>KERNEL32</filename> DLL), but rather
|
||||||
top of the Unix kernel to provide the NTDLL and KERNEL32
|
sets up a proxy layer on top of the Unix kernel to provide
|
||||||
features. This means that Wine doesn't provide the inner
|
the <filename>NTDLL</filename> and
|
||||||
infrastructure to run native drivers, either from the Win9x
|
<filename>KERNEL32</filename> features. This means that
|
||||||
family or from the NT family.
|
Wine doesn't provide the inner infrastructure to run
|
||||||
|
native drivers, either from the Win9x family or from the
|
||||||
|
NT family.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
In other words, Wine will only be able to provide access to
|
In other words, Wine will only be able to provide access to
|
||||||
|
|
|
@ -202,6 +202,361 @@ ExitProcess( entry( peb ) );
|
||||||
</sect2>
|
</sect2>
|
||||||
</sect1>
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Detailed memory management</title>
|
||||||
|
<para>
|
||||||
|
As already explained in previous chapter (see <xref linkend="arch-mem">
|
||||||
|
for the details), Wine creates every 32-bit Windows process in its own
|
||||||
|
32 address space. Wine also tries to map at the relevant addresses what
|
||||||
|
Windows would do. There are however a few nasty bits to look at.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<sect2>
|
||||||
|
<title>Implementation</title>
|
||||||
|
<para>
|
||||||
|
Wine (with a bit of black magic) is able to map the main module at
|
||||||
|
it's desired address (likely <constant>0x400000</constant>), to create
|
||||||
|
the process heap, its stack (as a Windows executable can ask for a
|
||||||
|
specific stack size), Wine simply use the initial stack of the ELF
|
||||||
|
executable for its initialisation, but creates a new stack (as a Win32
|
||||||
|
one) for the main thread of the executable. Wine also tries to map all
|
||||||
|
native DLLs at their desired address, so that no relocation has to be
|
||||||
|
performed.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Wine also implements the shared heap so native win9x DLLs can be
|
||||||
|
used. This heap is always created at the
|
||||||
|
<constant>SYSTEM_HEAP_BASE</constant> address or
|
||||||
|
<constant>0x80000000</constant> and defaults to 16 megabytes in size.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
There are a few other magic locations. The bottom 64k of memory is
|
||||||
|
deliberately left unmapped to catch null pointer dereferences. The
|
||||||
|
region from 64k to 1mb+64k are reserved for DOS compatibility and
|
||||||
|
contain various DOS data structures. Finally, the address space also
|
||||||
|
contains mappings for the Wine binary itself, any native libaries
|
||||||
|
Wine is using, the glibc malloc arena and so on.
|
||||||
|
</para>
|
||||||
|
</sect2>
|
||||||
|
|
||||||
|
<sect2 id="address-space">
|
||||||
|
<title>Laying out the address space</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Up until about the start of 2004, the Linux address space very much
|
||||||
|
resembled the Windows 9x layout: the kernel sat in the top gigabyte,
|
||||||
|
the bottom pages were unmapped to catch null pointer dereferences, and
|
||||||
|
the rest was free. The kernels mmap algorithm was predictable: it
|
||||||
|
would start by mapping files at low addresses and work up from there.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The development of a series of new low level patches violated many of
|
||||||
|
these assumptions, and resulted in Wine needing to force the Win32
|
||||||
|
address space layout upon the system. This section looks at why and
|
||||||
|
how this is done.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The exec-shield patch increases security by randomizing the kernels
|
||||||
|
mmap algorithms. Rather than consistently choosing the same addresses
|
||||||
|
given the same sequence of requests, the kernel will now choose
|
||||||
|
randomized addresses. Because the Linux dynamic linker
|
||||||
|
(<filename>ld-linux.so.2</filename>) loads DSOs into memory by using
|
||||||
|
mmap, this means that DSOs are no longer loaded at predictable
|
||||||
|
addresses, so making it harder to attack software by using buffer
|
||||||
|
overflows. It also attempts to relocate certain binaries into a
|
||||||
|
special low area of memory known as the ASCII armor so making it
|
||||||
|
harder to jump into them when using string based attacks.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Prelink is a technology that enhances startup times by precalculating
|
||||||
|
ELF global offset tables then saving the results inside the native
|
||||||
|
binaries themselves. By grid fitting each DSO into the address space,
|
||||||
|
the dynamic linker does not have to perform as many relocations so
|
||||||
|
allowing applications that heavily rely on dynamic linkage to be
|
||||||
|
loaded into memory much quicker. Complex C++ applications such as
|
||||||
|
Mozilla, OpenOffice and KDE can especially benefit from this
|
||||||
|
technique.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The 4G VM split patch was developed by Ingo Molnar. It gives the Linux
|
||||||
|
kernel its own address space, thereby allowing processes to access the
|
||||||
|
maximum addressable amount of memory on a 32-bit machine: 4
|
||||||
|
gigabytes. It allows people with lots of RAM to fully utilise that in
|
||||||
|
any given process at the cost of performance: the reason behind giving
|
||||||
|
the kernel a part of each processes address space was to avoid the
|
||||||
|
overhead of switching on each syscall.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Each of these changes alter the address space in a way incompatible
|
||||||
|
with Windows. Prelink and exec-shield mean that the libraries Wine
|
||||||
|
uses can be placed at any point in the address space: typically this
|
||||||
|
meant that a library was sitting in the region that the EXE you wanted
|
||||||
|
to run had to be loaded (remember that unlike DLLs, EXE files cannot
|
||||||
|
be moved around in memory). The 4G VM split means that programs could
|
||||||
|
receive pointers to the top gigabyte of address space which some are
|
||||||
|
not prepared for (they may store extra information in the high bits of
|
||||||
|
a pointer, for instance). In particular, in combination with
|
||||||
|
exec-shield this one is especially deadly as it's possible the process
|
||||||
|
heap could be allocated beyond
|
||||||
|
<constant>ADDRESS_SPACE_LIMIT</constant> which causes Wine
|
||||||
|
initialization to fail.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The solution to these problems is for Wine to reserve particular parts
|
||||||
|
of the address space so that areas that we don't want the system to
|
||||||
|
use will be avoided. We later on (re/de)allocate those areas as
|
||||||
|
needed. One problem is that some of these mappings are put in place
|
||||||
|
automatically by the dynamic linker: for instance any libraries that
|
||||||
|
Wine is linked to (like <filename>libc</filename>,
|
||||||
|
<filename>libwine</filename>, <filename>libpthread</filename> etc)
|
||||||
|
will be mapped into memory before Wine even gets control. In order to
|
||||||
|
solve that, Wine overrides the default ELF initialization sequence at
|
||||||
|
a low level and reserves the needed areas by using direct syscalls
|
||||||
|
into the kernel (ie without linking against any other code to do it)
|
||||||
|
before restarting the standard initialization and letting the dynamic
|
||||||
|
linker continue. This is referred to as the preloader and is found in
|
||||||
|
<filename>loader/preloader.c</filename>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Once the usual ELF boot sequence has been completed, some native
|
||||||
|
libraries may well have been mapped above the 3gig limit: however,
|
||||||
|
this doesn't matter as 3G is a Windows limit, not a Linux limit. We
|
||||||
|
still have to prevent the system from allocating anything else above
|
||||||
|
there (like the heap or other DLLs) though so Wine performs a binary
|
||||||
|
search over the upper gig of address space in order to iteratively
|
||||||
|
fill in the holes with <constant>MAP_NORESERVE</constant> mappings so
|
||||||
|
the address space is allocated but the memory to actually back it is
|
||||||
|
not. This code can be found in
|
||||||
|
<filename>libs/wine/mmap.c</filename>:<function>reserve_area</function>.
|
||||||
|
</para>
|
||||||
|
</sect2>
|
||||||
|
</sect1>
|
||||||
|
|
||||||
|
<sect1>
|
||||||
|
<title>Multi-processing in Wine</title>
|
||||||
|
<para>
|
||||||
|
Let's take a closer look at the way Wine loads and run processes in memory.
|
||||||
|
</para>
|
||||||
|
<sect2>
|
||||||
|
<title>Starting a process from command line</title>
|
||||||
|
<para>
|
||||||
|
When starting a Wine process from command line (we'll get later on to
|
||||||
|
the differences between NE, PE and Winelib executables), there are a
|
||||||
|
couple of things Wine need to do first. A first executable is run to
|
||||||
|
check the threading model of the underlying OS (see
|
||||||
|
<xref linkend="threading"> for the details) and will start the real
|
||||||
|
Wine loader corresponding to the choosen threading model.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Then Wine graps a few elements from the Unix world: the environment,
|
||||||
|
the program arguments. Then the <filename>ntdll.dll.so</filename> is
|
||||||
|
loaded into memory using the standard shared library dynamic
|
||||||
|
loader. When loaded, <filename>NTDLL</filename> will mainly first
|
||||||
|
create a decent Windows environment:
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
create a PEB (Process Environment Block) and a TEB (Thread
|
||||||
|
Environment Block).
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
set up the connection to the Wine server - and eventually
|
||||||
|
launching the Wine server if none runs
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>create the process heap</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Then <filename>Kernel32</filename> is loaded (but now using the
|
||||||
|
Windows dynamic loading capabilities) and a Wine specific entry point
|
||||||
|
is called <function>__wine_kernel_init</function>. This function will
|
||||||
|
actually handle all the logic of the process loading and execution,
|
||||||
|
and will never return from it's call.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<function>__wine_kernel_init</function> will undergo the following
|
||||||
|
tasks:
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
initialization of program arguments from Unix program arguments
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>lookup of executable in the file system</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If the file is not found, then an error is printed and the Wine
|
||||||
|
loader stops.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
We'll cover the non-PE file type later on, so assume for now
|
||||||
|
it's a PE file. The PE module is loaded in memory using the
|
||||||
|
same mechanisms as for a native DLLs (mainly mapping the file
|
||||||
|
data and code sections into memory, and handling relocation if
|
||||||
|
needed). Note that the dependencies on the module are not
|
||||||
|
resolved at this point.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
A new stack is created, which size is given in the PE header,
|
||||||
|
and this stack is made the one of the running thread (which is
|
||||||
|
still the only one in the process). The stack used at startup
|
||||||
|
will no longer be used.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Which this new stack,
|
||||||
|
<function>ntdll.LdrInitializeThunk</function> is called which
|
||||||
|
performs the remaining initialization parts, including resolving
|
||||||
|
all the DLL imports on the PE module, and doing the init of the
|
||||||
|
TLS slots.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Control can now be passed to the <function>EntryPoint</function>
|
||||||
|
of the PE module, which will let the executable run.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
</sect2>
|
||||||
|
<sect2>
|
||||||
|
<title>Creating a child process from a running process</title>
|
||||||
|
<para>
|
||||||
|
The steps used are closely link to what is done in the previous case.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
There are however a few points to look at a bit more closely. The
|
||||||
|
inner implementation creates the child process using the
|
||||||
|
<function>fork()</function> and <function>exec()</function>
|
||||||
|
calls. This means that we don't need to check again for the threading
|
||||||
|
model, we can use what the parent (or the grand-parent process...)
|
||||||
|
started from command line has found.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The Win32 process creation allows to pass a lot of information between
|
||||||
|
the parent and the child. This includes object handles, windows title,
|
||||||
|
console parameters, environment strings... Wine makes use of both the
|
||||||
|
standard Unix inheritance mechanisms (for environment for example) and
|
||||||
|
the Wine server (to pass from parent to child a chunk of data
|
||||||
|
containing the relevant information).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The previously described loading mechanism will check in the Wine
|
||||||
|
server if such a chunk exists, and, if so, will perform the relevant
|
||||||
|
initialization.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Some further synchronization is also put in place: a parent will wait
|
||||||
|
until the child has started, or has failed. The Wine server is also
|
||||||
|
used to perform those tasks.
|
||||||
|
</para>
|
||||||
|
</sect2>
|
||||||
|
<sect2>
|
||||||
|
<title>Starting a Winelib process</title>
|
||||||
|
<para>
|
||||||
|
Before going into the gory details, let's first go back to what a
|
||||||
|
Winelib application is. It can be either a regular Unix executable, or
|
||||||
|
a more specific Wine beast. This later form in fact creates two files
|
||||||
|
for a given executable (say <filename>foo.exe</filename>). The first
|
||||||
|
one, named <filename>foo</filename> will be a symbolic link to the
|
||||||
|
Wine loader (<filename>wine</filename>). The second one, named
|
||||||
|
<filename>foo.exe.so</filename>, is the equivalent of the
|
||||||
|
<filename>.dll.so</filename> files we've already described for
|
||||||
|
DLLs. As in Windows, an executable is, among other things, a module
|
||||||
|
with its import and export information, as any DLL, it makes sense
|
||||||
|
Wine uses the same mechanisms for loading native executables and
|
||||||
|
DLLs.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
When starting a Winelib application from the command line (say with
|
||||||
|
<command>foo arg1 arg2</command>), the Unix shell will execute
|
||||||
|
<command>foo</command> as a Unix executable. Since this is in fact the
|
||||||
|
Wine loader, Wine will fire up. However, will notice that it hasn't
|
||||||
|
been started as <command>wine</command> but as <command>foo</command>,
|
||||||
|
and hence, will try to load (using Unix shared library mechanism) the
|
||||||
|
second file <filename>foo.exe.so</filename>. Wine will recognize a 32
|
||||||
|
bit module (with its descriptor) embedded in the shared library, and
|
||||||
|
once the shared library loaded, it will proceed the same path as when
|
||||||
|
loading a standard native PE executable.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Wine needs to implement this second form of executable in order to
|
||||||
|
maintain the order of initialization of some elements in the
|
||||||
|
executable. One particular issue is when dealing with global C++
|
||||||
|
objects. In standard Unix executable, the call of the constructor to
|
||||||
|
such objects is stored in the specific section of the executable
|
||||||
|
(<function>.init</function> not to name it). All constructors in this
|
||||||
|
section are called before the <function>main()</function> or
|
||||||
|
<function>WinMain</function> function is called. Creating a Wine
|
||||||
|
executable using the first form mentionned above will let those
|
||||||
|
constructors being called before Wine gets a chance to initialize
|
||||||
|
itself. So, any constructor using a Windows API will fail, because
|
||||||
|
Wine infrastructure isn't in place. The use of the second form for
|
||||||
|
Winelib executables ensures that we do the initialization using the
|
||||||
|
following steps:
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
initialize the Wine infrastructure
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
load the executable into memory
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
handle the import sections for the executable
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
call the global object constructors (if any). They now can
|
||||||
|
properly call the Windows APIs
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
call the executable entry point
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The attentive reader would have noted that the resolution of imports
|
||||||
|
for the executable is done, as for a DLL, when the executable/DLL
|
||||||
|
descriptor is registered. However, this is done also by adding a
|
||||||
|
specific constructor in the <function>.init</function> section. For
|
||||||
|
the above describe scheme to function properly, this constructor must
|
||||||
|
be the first constructor to be called, before all the other
|
||||||
|
constructors, generated by the executable itself. The Wine build chain
|
||||||
|
takes care of that, and also generating the executable/DLL descriptor
|
||||||
|
for the Winelib executable.
|
||||||
|
</para>
|
||||||
|
</sect2>
|
||||||
|
</sect1>
|
||||||
|
|
||||||
<sect1 id="threading">
|
<sect1 id="threading">
|
||||||
<title>Multi-threading in Wine</title>
|
<title>Multi-threading in Wine</title>
|
||||||
|
|
||||||
|
@ -313,40 +668,6 @@ if (res != ERROR_SUCCESS) return res;
|
||||||
</para>
|
</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
<sect2>
|
|
||||||
<title>SysLevels</title>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
SysLevels are an undocumented Windows-internal thread-safety
|
|
||||||
system. They are basically critical sections which must be taken in a
|
|
||||||
particular order. The mechanism is generic but there are always three
|
|
||||||
syslevels: level 1 is the Win16 mutex, level 2 is the
|
|
||||||
<filename>USER</filename> mutex and level 3 is the
|
|
||||||
<filename>GDI</filename> mutex.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
When entering a syslevel, the code (in
|
|
||||||
<filename>dlls/kernel/syslevel.c</filename>) will check that a higher
|
|
||||||
syslevel is not already held and produce an error if so. This is
|
|
||||||
because it's not legal to enter level 2 while holding level 3 - first,
|
|
||||||
you must leave level 3.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Throughout the code you may see calls to
|
|
||||||
<function>_ConfirmSysLevel()</function> and
|
|
||||||
<function>_CheckNotSysLevel()</function>. These functions are
|
|
||||||
essentially assertions about the syslevel states and can be used to
|
|
||||||
check that the rules have not been accidentally violated. In
|
|
||||||
particular, <function>_CheckNotSysLevel()</function> will break
|
|
||||||
probably into the debugger) if the check fails. If this happens the
|
|
||||||
solution is to get a backtrace and find out, by reading the source of
|
|
||||||
the wine functions called along the way, how Wine got into the invalid
|
|
||||||
state.
|
|
||||||
</para>
|
|
||||||
</sect2>
|
|
||||||
|
|
||||||
<sect2>
|
<sect2>
|
||||||
<title>POSIX threading vs. kernel threading</title>
|
<title>POSIX threading vs. kernel threading</title>
|
||||||
|
|
||||||
|
@ -393,7 +714,7 @@ if (res != ERROR_SUCCESS) return res;
|
||||||
glibc, for instance. Worse, pthreads and pure kernel threads had
|
glibc, for instance. Worse, pthreads and pure kernel threads had
|
||||||
strange interactions when run in the same process yet some libraries
|
strange interactions when run in the same process yet some libraries
|
||||||
used by Wine used pthreads internally. Throw in source code porting
|
used by Wine used pthreads internally. Throw in source code porting
|
||||||
using WineLib - where you have both UNIX and Win32 code in the same
|
using Winelib - where you have both UNIX and Win32 code in the same
|
||||||
process - and chaos was the result.
|
process - and chaos was the result.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
@ -651,15 +972,16 @@ if (res != ERROR_SUCCESS) return res;
|
||||||
<para>
|
<para>
|
||||||
Windows exceptions typically contain more information than the Unix
|
Windows exceptions typically contain more information than the Unix
|
||||||
standard APIs provide. For instance, a
|
standard APIs provide. For instance, a
|
||||||
<constant>STATUS_ACCESS_VIOLATION</constant> exception (0xC0000005)
|
<constant>STATUS_ACCESS_VIOLATION</constant> exception
|
||||||
structure contains the faulting address, whereas a standard Unix
|
(<constant>0xC0000005</constant>) structure contains the faulting
|
||||||
SIGSEGV just tells the app that it crashed. Usually this information
|
address, whereas a standard Unix <constant>SIGSEGV</constant> just
|
||||||
is passed as an extra parameter to the signal handler, however its
|
tells the app that it crashed. Usually this information is passed as
|
||||||
location and contents vary between kernels (BSD, Solaris,
|
an extra parameter to the signal handler, however its location and
|
||||||
etc). This data is provided in a <structname>SIGCONTEXT</structname>
|
contents vary between kernels (BSD, Solaris, etc). This data is
|
||||||
structure, and on entry to the signal handler it contains the register
|
provided in a <structname>SIGCONTEXT</structname> structure, and on
|
||||||
state of the CPU before the signal was sent. Modifying it will cause
|
entry to the signal handler it contains the register state of the CPU
|
||||||
the kernel to adjust the context before restarting the thread.
|
before the signal was sent. Modifying it will cause the kernel to
|
||||||
|
adjust the context before restarting the thread.
|
||||||
</para>
|
</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
</sect1>
|
</sect1>
|
||||||
|
@ -1195,6 +1517,7 @@ if (res != ERROR_SUCCESS) return res;
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
<note>
|
<note>
|
||||||
|
<title>Case sensitivity vs. preservation</title>
|
||||||
<para>
|
<para>
|
||||||
When we say that most systems in NT are case insensitive, this
|
When we say that most systems in NT are case insensitive, this
|
||||||
has to be understood for looking up for a file, where the
|
has to be understood for looking up for a file, where the
|
||||||
|
@ -2125,6 +2448,150 @@ if (res != ERROR_SUCCESS) return res;
|
||||||
</para>
|
</para>
|
||||||
</sect3>
|
</sect3>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
<sect2>
|
||||||
|
<title>Win16 processes support</title>
|
||||||
|
<sect3>
|
||||||
|
<title>Starting a NE (Win16) process</title>
|
||||||
|
<para>
|
||||||
|
Wine is also able to run 16 bit processes, but this feature is only
|
||||||
|
supported on Intel IA-32 architectures.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
When Wine is requested to run a NE (Win 16 process), it will in fact
|
||||||
|
hand over the execution of it to a specific executable
|
||||||
|
<command>winevdm</command>. VDM stands for Virtual DOS
|
||||||
|
Machine. This <command>winevdm</command> is a Winelib application,
|
||||||
|
but will in fact set up the correct 16 bit environment to run the
|
||||||
|
executable. We will get back later on in details to what this means.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Any new 16 bit process created by this executable (or its children)
|
||||||
|
will run into the same <command>winevdm</command> instance. Among
|
||||||
|
one instance, several functionalities will be provided to those 16
|
||||||
|
bit processes, including the cooperative multitasking, sharing the
|
||||||
|
same address space, managing the selectors for the 16 bit segments
|
||||||
|
needed for code, data and stack.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Note that several <command>winevdm</command> instances can run in
|
||||||
|
the same Wine session, but the functionalities described above are
|
||||||
|
only shared among a given instance, not among all the
|
||||||
|
instances. <command>winevdm</command> is built as Winelib
|
||||||
|
application, and hence has access to any facility a 32 bit
|
||||||
|
application has.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Each Win16 application is implemented in
|
||||||
|
<command>winevdm</command> as a Win32
|
||||||
|
thread. <command>winevdm</command> then implements its own
|
||||||
|
scheduling facilities (in fact, the code for this feature is in the
|
||||||
|
<filename>krnl386.exe</filename> DLL). Since the required Win16
|
||||||
|
scheduling is non pre-emptive, this doesn't require any underlying
|
||||||
|
OS kernel support.
|
||||||
|
</para>
|
||||||
|
</sect3>
|
||||||
|
<sect3>
|
||||||
|
<title>SysLevels</title>
|
||||||
|
<para>
|
||||||
|
SysLevels are an undocumented Windows-internal thread-safety system
|
||||||
|
dedicated to 16 bit applications (or 32 bit applications that call -
|
||||||
|
directly or indirectly - 16 bit code). They are basically critical
|
||||||
|
sections which must be taken in a particular order. The mechanism is
|
||||||
|
generic but there are always three syslevels:
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>level 1 is the Win16 mutex,</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>level 2 is the <filename>USER</filename> mutex,</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>level 3 is the <filename>GDI</filename> mutex.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
When entering a syslevel, the code (in
|
||||||
|
<filename>dlls/kernel/syslevel.c</filename>) will check that a
|
||||||
|
higher syslevel is not already held and produce an error if so. This
|
||||||
|
is because it's not legal to enter level 2 while holding level 3 -
|
||||||
|
first, you must leave level 3.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Throughout the code you may see calls to
|
||||||
|
<function>_ConfirmSysLevel()</function> and
|
||||||
|
<function>_CheckNotSysLevel()</function>. These functions are
|
||||||
|
essentially assertions about the syslevel states and can be used to
|
||||||
|
check that the rules have not been accidentally violated. In
|
||||||
|
particular, <function>_CheckNotSysLevel()</function> will break
|
||||||
|
probably into the debugger) if the check fails. If this happens the
|
||||||
|
solution is to get a backtrace and find out, by reading the source
|
||||||
|
of the wine functions called along the way, how Wine got into the
|
||||||
|
invalid state.
|
||||||
|
</para>
|
||||||
|
</sect3>
|
||||||
|
<sect3>
|
||||||
|
<title>Memory management</title>
|
||||||
|
<para>
|
||||||
|
Every Win16 address is expressed in the form of selector:offset. The
|
||||||
|
selector is an entry in the LDT, but a 16 bit entry, limiting each
|
||||||
|
offset to 64 KB. Hence, the maximum available memory to a Win16
|
||||||
|
process is 512 MB. Note, that the processor runs in protected mode,
|
||||||
|
but using 16 bit selectors.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Windows, for a 16 bit process, defines a few selectors to access the
|
||||||
|
"real" memory (the one provided) by DOS. Basically, Wine also
|
||||||
|
provides this area of memory.
|
||||||
|
</para>
|
||||||
|
</sect3>
|
||||||
|
</sect2>
|
||||||
|
<sect2>
|
||||||
|
<title>DOS processes support</title>
|
||||||
|
<para>
|
||||||
|
The behaviour we just described also applies to DOS executables, which
|
||||||
|
are handled the same way by <command>winevdm</command>. This is only
|
||||||
|
supported on Intel IA-32 architectures.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Wine implements also most of the DOS support in a Wine specific DLL
|
||||||
|
(<filename>winedos</filename>). This DLL is called under certain
|
||||||
|
conditions, like:
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
In <command>winevdm</command>, when trying to launch a DOS
|
||||||
|
application (<filename>.EXE</filename> or
|
||||||
|
<filename>.COM</filename>, <filename>.PIF</filename>).
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
In <filename>kernel32</filename>, when an attempt is made in the
|
||||||
|
binary code to call some DOS or BIOS interrupts (like Int 21h
|
||||||
|
for example).
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
When <command>winevdm</command> runs a DOS program, this one runs in
|
||||||
|
real mode (in fact in V86 mode from the IA-32 point of view).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Wine also supports part of the DPMI (DOS Protected Mode Interface).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Wine, when running a DOS programs, needs to map the 1 MB of virtual
|
||||||
|
memory to the real memory (as seen by the DOS program). When this is
|
||||||
|
not possible (like when someone else is already using this area), the
|
||||||
|
DOS support is not possible. Not also that by doing so, access to
|
||||||
|
linear address 0 is enabled (as it's also real mode address 0 which is
|
||||||
|
valid). Hence, NULL pointer derefence faults are no longer catched.
|
||||||
|
</para>
|
||||||
|
</sect2>
|
||||||
</sect1>
|
</sect1>
|
||||||
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
Loading…
Reference in New Issue