From 93fc29211568728ca2d0f1657faaa228d5b74ade Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Tue, 24 Jan 2017 13:10:56 +0100
Subject: [PATCH] Added patch to replace Peb->BeingDebugged check by
 CheckRemoteDebuggerPresent.

---
 ...ediag-message-to-show-warning-that-t.patch | 14 ++---
 patches/Staging/definition                    |  1 +
 ...-Peb-BeingDebugged-check-by-CheckRem.patch | 54 +++++++++++++++++++
 patches/kernel32-BeingDebugged/definition     |  1 +
 ...NET-images-in-the-same-way-as-Window.patch | 27 +++++-----
 patches/ntdll-CLI_Images/definition           |  1 +
 patches/patchinstall.sh                       | 35 +++++++++++-
 7 files changed, 112 insertions(+), 21 deletions(-)
 create mode 100644 patches/Staging/definition
 create mode 100644 patches/kernel32-BeingDebugged/0001-kernel32-Replace-Peb-BeingDebugged-check-by-CheckRem.patch
 create mode 100644 patches/kernel32-BeingDebugged/definition

diff --git a/patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch b/patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch
index 0005d796..6a040ffd 100644
--- a/patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch
+++ b/patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch
@@ -1,4 +1,4 @@
-From a41dac0b19ec2ba3807da4ac42d77717d79f1115 Mon Sep 17 00:00:00 2001
+From 41ee5d7699182ea01c61223ab9d0a10473e16ac2 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
 Subject: kernel32: Add winediag message to show warning, that this isn't
@@ -9,7 +9,7 @@ Subject: kernel32: Add winediag message to show warning, that this isn't
  1 file changed, 9 insertions(+)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index b0c06e3..a2c1d4c 100644
+index 6d0fc74cdf4..ed1d967ffdf 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
 @@ -65,6 +65,7 @@
@@ -20,7 +20,7 @@ index b0c06e3..a2c1d4c 100644
  
  #ifdef __APPLE__
  extern char **__wine_get_main_environment(void);
-@@ -1099,6 +1100,14 @@ static DWORD WINAPI start_process( PEB *peb )
+@@ -1104,6 +1105,14 @@ static DWORD WINAPI start_process( PEB *peb )
          DPRINTF( "%04x:Starting process %s (entryproc=%p)\n", GetCurrentThreadId(),
                   debugstr_w(peb->ProcessParameters->ImagePathName.Buffer), entry );
  
@@ -32,9 +32,9 @@ index b0c06e3..a2c1d4c 100644
 +    else
 +        WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
 +
-     SetLastError( 0 );  /* clear error code */
-     if (peb->BeingDebugged) DbgBreakPoint();
-     return call_process_entry( peb, entry );
+     if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
+         being_debugged = FALSE;
+ 
 -- 
-2.5.1
+2.11.0
 
diff --git a/patches/Staging/definition b/patches/Staging/definition
new file mode 100644
index 00000000..729dafcc
--- /dev/null
+++ b/patches/Staging/definition
@@ -0,0 +1 @@
+Depends: kernel32-BeingDebugged
diff --git a/patches/kernel32-BeingDebugged/0001-kernel32-Replace-Peb-BeingDebugged-check-by-CheckRem.patch b/patches/kernel32-BeingDebugged/0001-kernel32-Replace-Peb-BeingDebugged-check-by-CheckRem.patch
new file mode 100644
index 00000000..64d3813e
--- /dev/null
+++ b/patches/kernel32-BeingDebugged/0001-kernel32-Replace-Peb-BeingDebugged-check-by-CheckRem.patch
@@ -0,0 +1,54 @@
+From a3c36a9407542059fcab059b071a9cff16840ed9 Mon Sep 17 00:00:00 2001
+From: Dmitry Timoshkov <dmitry@baikal.ru>
+Date: Tue, 24 Jan 2017 19:18:13 +0800
+Subject: kernel32: Replace Peb->BeingDebugged check by
+ CheckRemoteDebuggerPresent().
+
+misctool.dll from AmiBroker on PROCESS_ATTACH event intentionally sets
+teb->peb->BeingDebugged to random value returned by rdtsc instruction,
+but that doesn't generate exceptions or debug events under Windows.
+---
+ dlls/kernel32/process.c | 6 +++++-
+ include/winbase.h       | 1 +
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
+index 21302407b76..6d0fc74cdf4 100644
+--- a/dlls/kernel32/process.c
++++ b/dlls/kernel32/process.c
+@@ -1087,6 +1087,7 @@ static DWORD WINAPI start_process( PEB *peb )
+ {
+     IMAGE_NT_HEADERS *nt;
+     LPTHREAD_START_ROUTINE entry;
++    BOOL being_debugged;
+ 
+     nt = RtlImageNtHeader( peb->ImageBaseAddress );
+     entry = (LPTHREAD_START_ROUTINE)((char *)peb->ImageBaseAddress +
+@@ -1103,8 +1104,11 @@ static DWORD WINAPI start_process( PEB *peb )
+         DPRINTF( "%04x:Starting process %s (entryproc=%p)\n", GetCurrentThreadId(),
+                  debugstr_w(peb->ProcessParameters->ImagePathName.Buffer), entry );
+ 
++    if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
++        being_debugged = FALSE;
++
+     SetLastError( 0 );  /* clear error code */
+-    if (peb->BeingDebugged) DbgBreakPoint();
++    if (being_debugged) DbgBreakPoint();
+     return call_process_entry( peb, entry );
+ }
+ 
+diff --git a/include/winbase.h b/include/winbase.h
+index eff59724eb0..0a2a3a334fd 100644
+--- a/include/winbase.h
++++ b/include/winbase.h
+@@ -1737,6 +1737,7 @@ WINBASEAPI BOOL        WINAPI CancelTimerQueueTimer(HANDLE,HANDLE);
+ WINBASEAPI BOOL        WINAPI CancelWaitableTimer(HANDLE);
+ WINBASEAPI BOOL        WINAPI CheckNameLegalDOS8Dot3A(const char*,char*,DWORD,BOOL*,BOOL*);
+ WINBASEAPI BOOL        WINAPI CheckNameLegalDOS8Dot3W(const WCHAR*, char*,DWORD,BOOL*,BOOL*);
++WINBASEAPI BOOL        WINAPI CheckRemoteDebuggerPresent(HANDLE,PBOOL);
+ WINBASEAPI BOOL        WINAPI ChangeTimerQueueTimer(HANDLE,HANDLE,ULONG,ULONG);
+ WINADVAPI  BOOL        WINAPI CheckTokenMembership(HANDLE,PSID,PBOOL);
+ WINBASEAPI BOOL        WINAPI ClearCommBreak(HANDLE);
+-- 
+2.11.0
+
diff --git a/patches/kernel32-BeingDebugged/definition b/patches/kernel32-BeingDebugged/definition
new file mode 100644
index 00000000..77fa1dd8
--- /dev/null
+++ b/patches/kernel32-BeingDebugged/definition
@@ -0,0 +1 @@
+Fixes: [41648] Replace Peb->BeingDebugged check by CheckRemoteDebuggerPresent
diff --git a/patches/ntdll-CLI_Images/0001-ntdll-Load-CLI-.NET-images-in-the-same-way-as-Window.patch b/patches/ntdll-CLI_Images/0001-ntdll-Load-CLI-.NET-images-in-the-same-way-as-Window.patch
index e2b8920b..9ed178cd 100644
--- a/patches/ntdll-CLI_Images/0001-ntdll-Load-CLI-.NET-images-in-the-same-way-as-Window.patch
+++ b/patches/ntdll-CLI_Images/0001-ntdll-Load-CLI-.NET-images-in-the-same-way-as-Window.patch
@@ -1,4 +1,4 @@
-From f4024fac3fba56c007fa873a66271eef4f6c31ff Mon Sep 17 00:00:00 2001
+From 2f7c047b2c96b4506599e29ea245516d653582db Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Wed, 1 Apr 2015 04:34:20 +0200
 Subject: ntdll: Load CLI/.NET images in the same way as Windows XP and above.
@@ -9,10 +9,10 @@ Subject: ntdll: Load CLI/.NET images in the same way as Windows XP and above.
  2 files changed, 133 insertions(+), 10 deletions(-)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index 1cd6e47..4d985d4 100644
+index 6d0fc74cdf4..389e056f9f9 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
-@@ -1079,16 +1079,11 @@ static inline DWORD call_process_entry( PEB *peb, LPTHREAD_START_ROUTINE entry )
+@@ -1083,17 +1083,12 @@ static inline DWORD call_process_entry( PEB *peb, LPTHREAD_START_ROUTINE entry )
   *
   * Startup routine of a new process. Runs on the new process stack.
   */
@@ -21,22 +21,23 @@ index 1cd6e47..4d985d4 100644
  {
 -    IMAGE_NT_HEADERS *nt;
 -    LPTHREAD_START_ROUTINE entry;
--
++    PEB *peb = NtCurrentTeb()->Peb;
+     BOOL being_debugged;
+ 
 -    nt = RtlImageNtHeader( peb->ImageBaseAddress );
 -    entry = (LPTHREAD_START_ROUTINE)((char *)peb->ImageBaseAddress +
 -                                     nt->OptionalHeader.AddressOfEntryPoint);
-+    PEB *peb = NtCurrentTeb()->Peb;
- 
+-
 -    if (!nt->OptionalHeader.AddressOfEntryPoint)
 +    if (!entry)
      {
          ERR( "%s doesn't have an entry point, it cannot be executed\n",
               debugstr_w(peb->ProcessParameters->ImagePathName.Buffer) );
 diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index bef0ab1..2dd8ad0 100644
+index f1ef7ab1bdd..2eae4f76f21 100644
 --- a/dlls/ntdll/loader.c
 +++ b/dlls/ntdll/loader.c
-@@ -97,6 +97,10 @@ static UINT tls_module_count;      /* number of modules with TLS directory */
+@@ -104,6 +104,10 @@ static UINT tls_module_count;      /* number of modules with TLS directory */
  static IMAGE_TLS_DIRECTORY *tls_dirs;  /* array of TLS directories */
  LIST_ENTRY tls_links = { &tls_links, &tls_links };
  
@@ -47,7 +48,7 @@ index bef0ab1..2dd8ad0 100644
  static RTL_CRITICAL_SECTION loader_section;
  static RTL_CRITICAL_SECTION_DEBUG critsect_debug =
  {
-@@ -330,6 +334,78 @@ static inline ULONG_PTR allocate_stub( const char *dll, const char *name ) { ret
+@@ -337,6 +341,78 @@ static inline ULONG_PTR allocate_stub( const char *dll, const char *name ) { ret
  
  
  /*************************************************************************
@@ -126,7 +127,7 @@ index bef0ab1..2dd8ad0 100644
   *		get_modref
   *
   * Looks for the referenced HMODULE in the current process
-@@ -868,6 +944,10 @@ static NTSTATUS fixup_imports( WINE_MODREF *wm, LPCWSTR load_path )
+@@ -886,6 +962,10 @@ static NTSTATUS fixup_imports( WINE_MODREF *wm, LPCWSTR load_path )
      if (!(wm->ldr.Flags & LDR_DONT_RESOLVE_REFS)) return STATUS_SUCCESS;  /* already done */
      wm->ldr.Flags &= ~LDR_DONT_RESOLVE_REFS;
  
@@ -137,7 +138,7 @@ index bef0ab1..2dd8ad0 100644
      wm->ldr.TlsIndex = alloc_tls_slot( &wm->ldr );
  
      if (!(imports = RtlImageDirectoryEntryToData( wm->ldr.BaseAddress, TRUE,
-@@ -1063,8 +1143,43 @@ static NTSTATUS MODULE_InitDLL( WINE_MODREF *wm, UINT reason, LPVOID lpReserved
+@@ -1090,8 +1170,43 @@ static NTSTATUS MODULE_InitDLL( WINE_MODREF *wm, UINT reason, LPVOID lpReserved
      BOOL retv = FALSE;
  
      /* Skip calls for modules loaded with special load flags */
@@ -182,7 +183,7 @@ index bef0ab1..2dd8ad0 100644
      if (wm->ldr.TlsIndex != -1) call_tls_callbacks( wm->ldr.BaseAddress, reason );
      if (!entry || !(wm->ldr.Flags & LDR_IMAGE_IS_DLL)) return STATUS_SUCCESS;
  
-@@ -2870,7 +2985,20 @@ static void load_global_options(void)
+@@ -3044,7 +3159,20 @@ static void load_global_options(void)
   */
  static void start_process( void *kernel_start )
  {
@@ -205,5 +206,5 @@ index bef0ab1..2dd8ad0 100644
  
  /******************************************************************
 -- 
-2.4.5
+2.11.0
 
diff --git a/patches/ntdll-CLI_Images/definition b/patches/ntdll-CLI_Images/definition
index 1d7c420f..2a9cf6c9 100644
--- a/patches/ntdll-CLI_Images/definition
+++ b/patches/ntdll-CLI_Images/definition
@@ -1,2 +1,3 @@
 Fixes: [38661] Implement proper handling of CLI .NET images in Wine library loader
 Depends: mscoree-CorValidateImage
+Depends: kernel32-BeingDebugged
diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh
index fad04d0a..b3e92a4a 100755
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -178,6 +178,7 @@ patch_enable_all ()
 	enable_inseng_Implementation="$1"
 	enable_iphlpapi_System_Ping="$1"
 	enable_iphlpapi_TCP_Table="$1"
+	enable_kernel32_BeingDebugged="$1"
 	enable_kernel32_COMSPEC="$1"
 	enable_kernel32_CopyFileEx="$1"
 	enable_kernel32_Cwd_Startup_Info="$1"
@@ -751,6 +752,9 @@ patch_enable ()
 		iphlpapi-TCP_Table)
 			enable_iphlpapi_TCP_Table="$2"
 			;;
+		kernel32-BeingDebugged)
+			enable_kernel32_BeingDebugged="$2"
+			;;
 		kernel32-COMSPEC)
 			enable_kernel32_COMSPEC="$2"
 			;;
@@ -2299,9 +2303,13 @@ if test "$enable_ntdll_DllRedirects" -eq 1; then
 fi
 
 if test "$enable_ntdll_CLI_Images" -eq 1; then
+	if test "$enable_kernel32_BeingDebugged" -gt 1; then
+		abort "Patchset kernel32-BeingDebugged disabled, but ntdll-CLI_Images depends on that."
+	fi
 	if test "$enable_mscoree_CorValidateImage" -gt 1; then
 		abort "Patchset mscoree-CorValidateImage disabled, but ntdll-CLI_Images depends on that."
 	fi
+	enable_kernel32_BeingDebugged=1
 	enable_mscoree_CorValidateImage=1
 fi
 
@@ -2431,6 +2439,13 @@ if test "$enable_advapi32_LsaLookupSids" -eq 1; then
 	enable_server_Misc_ACL=1
 fi
 
+if test "$enable_Staging" -eq 1; then
+	if test "$enable_kernel32_BeingDebugged" -gt 1; then
+		abort "Patchset kernel32-BeingDebugged disabled, but Staging depends on that."
+	fi
+	enable_kernel32_BeingDebugged=1
+fi
+
 
 # If autoupdate is enabled then create a tempfile to keep track of all patches
 if test "$enable_patchlist" -eq 1; then
@@ -2521,8 +2536,26 @@ if test "$enable_Pipelight" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset kernel32-BeingDebugged
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#41648] Replace Peb->BeingDebugged check by CheckRemoteDebuggerPresent
+# |
+# | Modified files:
+# |   *	dlls/kernel32/process.c, include/winbase.h
+# |
+if test "$enable_kernel32_BeingDebugged" -eq 1; then
+	patch_apply kernel32-BeingDebugged/0001-kernel32-Replace-Peb-BeingDebugged-check-by-CheckRem.patch
+	(
+		printf '%s\n' '+    { "Dmitry Timoshkov", "kernel32: Replace Peb->BeingDebugged check by CheckRemoteDebuggerPresent().", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset Staging
 # |
+# | This patchset has the following (direct or indirect) dependencies:
+# |   *	kernel32-BeingDebugged
+# |
 # | Modified files:
 # |   *	dlls/kernel32/process.c, dlls/ntdll/misc.c, dlls/ntdll/ntdll.spec, include/wine/library.h, libs/wine/Makefile.in,
 # | 	libs/wine/config.c, libs/wine/loader.c, libs/wine/wine.def, libs/wine/wine.map, loader/main.c
@@ -5246,7 +5279,7 @@ fi
 # Patchset ntdll-CLI_Images
 # |
 # | This patchset has the following (direct or indirect) dependencies:
-# |   *	mscoree-CorValidateImage
+# |   *	kernel32-BeingDebugged, mscoree-CorValidateImage
 # |
 # | This patchset fixes the following Wine bugs:
 # |   *	[#38661] Implement proper handling of CLI .NET images in Wine library loader