How WINE can help in Crash Dump Analysis

You probably already know or have heard about the project WINE: Windows API on top of X and Unix

winehq.com 

I first heard about it more than 10 years ago when it started. Today I rediscovered it again and was really surprised. I was looking for one NT status code I couldn’t find in MS official documentation and found it here:

dlls/ntdll/error.c

In order to run Win32 programs WINE emulates all API calls including OLE32, USER32, GDI32, KERNEL32, ADVAPI32 and of course, NTDLL:

dlls/ntdll
dlls/ole32
dlls/user32
dlls/kernel32
dlls/gdi32
dlls/advapi32

Plus hundreds of other components. All source code is located here:

http://cvs.winehq.com/cvsweb/wine/

So if want to see how particular function or protocol might have been implemented hypothetically by Windows OS designers it is a good place to start.

- Dmitry Vostokov -

2 Responses to “How WINE can help in Crash Dump Analysis”

  1. Crash Dump Analysis » Blog Archive » What does this function do? Says:

    […] - Win32 API emulators like WINE […]

  2. Dmitry Vostokov Says:

    ReactOS source code can also be helpful in crash dump analysis
    http://doxygen.reactos.org/

Leave a Reply

You must be logged in to post a comment.