[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Emulating Windows system calls in Linux

Emulating Windows system calls in Linux

Posted Jun 25, 2020 23:24 UTC (Thu) by smcv (subscriber, #53363)
In reply to: Emulating Windows system calls in Linux by roc
Parent article: Emulating Windows system calls in Linux

As mentioned in the article, patching Windows game code is unlikely to work well, because in some cases it tries to detect external modifications to itself as an anti-cheating mechanism, and it's deliberately obfuscated to make modification and tracing harder. I'm aware rr isn't usually tracing actively cooperating processes, but it isn't usually tracing a process that is actively uncooperative either.

to post comments

Emulating Windows system calls in Linux

Posted Jun 26, 2020 1:39 UTC (Fri) by roc (subscriber, #30627) [Link] (9 responses)

The rr approach applied to Wine would not require patching the Windows game code, only the Wine/Linux libraries which *are* somewhat cooperative.

Discussing it on LKML, the problem with our approach for Wine is probably the issues with multiple threads potentially racing with system-call patching.

Emulating Windows system calls in Linux

Posted Jun 26, 2020 11:49 UTC (Fri) by pm215 (subscriber, #98099) [Link] (8 responses)

The patchset says it's addressing the way that "Modern Windows applications are executing system call instructions directly from the application's code without going through the WinAPI" -- so I think your approach would imply patching game code. It sounds like they already have workable approaches for apps that are traditional "call the winapi library which makes the syscall" style.

Emulating Windows system calls in Linux

Posted Jun 26, 2020 12:40 UTC (Fri) by pbonzini (subscriber, #60935) [Link] (7 responses)

No, you would:

* patch WINE libraries (the only ones that should issue Linux system calls) to go through a trampoline page

* use seccomp-bpf to raise SIGSYS for almost all code except that single trampoline page

* now if you get SIGSYS you now it's a Windows syscall, and you handle it from the SIGSYS handler

Emulating Windows system calls in Linux

Posted Jun 26, 2020 14:09 UTC (Fri) by pm215 (subscriber, #98099) [Link] (4 responses)

That would work, but it's not the approach suggested at the top of this comment thread, which includes "The ptracer looks at the code around the syscall and if it matches certain common patterns, we patch it with a jump to a stub"... (You don't need to runtime-patch the wine libraries -- wine controls that code so it can just be built to do whatever.)

Emulating Windows system calls in Linux

Posted Jun 26, 2020 15:03 UTC (Fri) by pbonzini (subscriber, #60935) [Link]

Yes, the core idea though is the same, distinguishing trapped and pass-through system calls from the address.

Emulating Windows system calls in Linux

Posted Jun 26, 2020 21:05 UTC (Fri) by roc (subscriber, #30627) [Link] (2 responses)

Wine uses glibc and a bunch of other system libraries which do need to be patched. Those libraries aren't trying to stop us patching them, but they're not providing any hooks to avoid the need for patching, either.

Again: you don't need to patch the tricky game code with this approach ... as long as you can tolerate those syscalls being slow.

Emulating Windows system calls in Linux

Posted Jun 28, 2020 19:04 UTC (Sun) by NYKevin (subscriber, #129325) [Link] (1 responses)

> as long as you can tolerate those syscalls being slow.

I imagine this will depend on the game. If it's isolated into a bunch of small levels with loading screens between them, well, the loading screens will suck, but the rest of the game should basically work most of the time, assuming the game engine isn't trying to do something weird (like constantly telling the OS which pages to evict first).

But if it's an open world game that dynamically loads stuff in and out of memory all the time, then you're in trouble.

Emulating Windows system calls in Linux

Posted Jul 3, 2020 13:28 UTC (Fri) by raoni (guest, #137137) [Link]

IIRC from when I read the thread, they are OK with overhead on syscalls from windows code, they are not the concern for performance, they are concerned that applying some sort of overhead for all syscalls is a bigger performance hit because the linux libraries and the winAPI emulation code.

Emulating Windows system calls in Linux

Posted Jun 30, 2020 12:31 UTC (Tue) by mirabilos (subscriber, #84359) [Link]

Except that the code needed to handle it almost certainly isn’t signal handler-safe or can be made to…

Emulating Windows system calls in Linux

Posted Jul 11, 2020 13:30 UTC (Sat) by Hi-Angel (guest, #110915) [Link]

> No, you would:
>
> * patch WINE libraries (the only ones that should issue Linux system calls) to
> go through a trampoline page

You can't achieve anything here by patching WINE libs because as the prev. author
said, there's no problem with apps that go through them. The problem being
discussed is that some apps make system calls without going through WinAPI/WINE
libs. Let me quote the original mail:

> Modern Windows applications are executing system call instructions directly
> from the application's code without going through the WinAPI. This breaks Wine
> emulation, because it doesn't have a chance to intercept and emulate these
> syscalls before they are submitted to Linux.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds