rr icon indicating copy to clipboard operation
rr copied to clipboard
verified publisher icon rr-debugger

[feature request] Wine's new WoW64 mode

Open yshui opened this issue 4 months ago • 2 comments

Since 9.0 wine added a new WoW64 mode, which runs a 32-bit Windows program with 64-bit libraries on the host. Basically it does a protected mode <-> long mode switch whenever the control flow cross the Windows/host boundary.

When trying to record such a process, rr fails with:

[FATAL src/Task.cc:1758:set_extra_regs()]
 (task 3847667 (rec:3847667) at time 473153)
 -> Assertion `regs.arch() == arch()' failed to hold. Trying to set wrong arch ExtraRegisters

Is something like this supportable?

yshui avatar Jul 28 '25 11:07 yshui

I don't know the details of how their WoW64 mode works. I don't think they're literally doing a mode switch since you can't do that in userspace.

EDIT: well that's obviously incorrect. They must be switching the processor mode between 32 and 64 bits, presumably like Windows by calling through a code segment set up with the correct size, set up using modify_ldt I guess?

rocallahan avatar Jul 28 '25 12:07 rocallahan

I guess rr could be extended pretty easily to handle this. rr doesn't generally care about how instructions are interpreted. But sometimes the instruction mode matters. We'd need some reduced testcases testing what Wine Wow64 actually does.

rocallahan avatar Jul 28 '25 13:07 rocallahan