| blob | 66afd02199c762c0352da9e93bfeb6b430c912df |
8 <para>
9 With the fundamental architecture of Wine stabilizing, and
10 people starting to think that we might soon be ready to
11 actually release this thing, it may be time to take a look at
12 how Wine actually works and operates.
13 </para>
15 <sect2>
17 <para>
18 Wine is often used as a recursive acronym, standing for
19 "Wine Is Not an Emulator". Sometimes it is also known to be
20 used for "Windows Emulator". In a way, both meanings are
21 correct, only seen from different perspectives. The first
22 meaning says that Wine is not a virtual machine, it does not
23 emulate a CPU, and you are not supposed to install
24 Windows nor any Windows device drivers on top of it; rather,
25 Wine is an implementation of the Windows API, and can be
26 used as a library to port Windows applications to Unix. The
27 second meaning, obviously, is that to Windows binaries
29 Windows, and emulates its behaviour and quirks rather
30 closely.
31 </para>
32 <note>
34 <para>
35 The "Emulator" perspective should not be thought of as if
36 Wine is a typical inefficient emulation layer that means
37 Wine can't be anything but slow - the faithfulness to the
38 badly designed Windows API may of course impose a minor
39 overhead in some cases, but this is both balanced out by
40 the higher efficiency of the Unix platforms Wine runs on,
41 and that other possible abstraction libraries (like Motif,
42 GTK+, CORBA, etc) has a runtime overhead typically
43 comparable to Wine's.
44 </para>
45 </note>
46 </sect2>
48 <sect2>
50 <para>
51 Wine's main task is to run Windows executables under non
52 Windows operating systems. It supports different types of
53 executables:
54 <itemizedlist>
55 <listitem>
56 <para>
57 DOS executable. Those are even older programs, using
60 MZ)).
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Windows NE executable, also called 16 bit. They were
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Windows PE executable. These are programs were
73 introduced in Windows 95 (and became the native
74 formats for all later Windows version), even if 16 bit
75 applications were still supported. PE stands for
76 Portable Executable, in a sense where the format of
77 the executable (as a file) is independent of the CPU
78 (even if the content of the file - the code - is CPU
79 dependent).
80 </para>
81 </listitem>
82 <listitem>
83 <para>
84 WineLib executable. These are applications, written
85 using the Windows API, but compiled as a Unix
86 executable. Wine provides the tools to create such
87 executables.
88 </para>
89 </listitem>
90 </itemizedlist>
91 </para>
92 <para>
93 Let's quickly review the main differences for the supported
94 executables:
95 <table>
98 <thead>
99 <row>
100 <entry></entry>
105 </row>
106 </thead>
107 <tbody>
108 <row>
114 </row>
115 <row>
117 <entry>
118 One MB of memory, where each application is loaded
119 and unloaded.
120 </entry>
121 <entry>
122 All 16 bit applications share a single address
123 space, protected mode.
124 </entry>
125 <entry>
126 Each application has it's own address
127 space. Requires MMU support from CPU.
128 </entry>
129 <entry>
130 Each application has it's own address
131 space. Requires MMU support from CPU.
132 </entry>
133 </row>
134 <row>
136 <entry>
137 No Windows API but the DOS API (like <function>Int
139 </entry>
140 <entry>
141 Will call the 16 bit Windows API.
142 </entry>
143 <entry>
144 Will call the 32 bit Windows API.
145 </entry>
146 <entry>
147 Will call the 32 bit Windows API, and possibly
148 also the Unix APIs.
149 </entry>
150 </row>
151 <row>
153 <entry>
154 Only available on x86 in real mode. Code and data
155 are in segmented forms, with 16 bit
156 offsets. Processor is in real mode.
157 </entry>
158 <entry>
159 Only available on IA-32 architectures, code and
160 data are in segmented forms, with 16 bit offsets
161 (hence the 16 bit name). Processor is in protected
162 mode.
163 </entry>
164 <entry>
165 Available (with NT) on several CPUs, including
166 IA-32. On this CPU, uses a flat memory model with
168 </entry>
169 <entry>
170 Flat model, with 32 bit addresses.
171 </entry>
172 </row>
173 <row>
177 <entry>
178 Available.
179 </entry>
180 <entry>
181 Available, but must use the Win32 APIs for
182 threading and synchronization, not the Unix ones.
183 </entry>
184 </row>
185 </tbody>
186 </tgroup>
187 </table>
188 </para>
190 <para>
191 Wine deals with this issue by launching a separate Wine
192 process (which is in fact a Unix process) for each Win32
193 process, but not for Win16 tasks. Win16 tasks (as well as
194 DOS programs) are run as different intersynchronized
195 Unix-threads in the same dedicated Wine process; this Wine
197 process (Windows on Windows), referring to a similar
198 mechanism used by Windows NT.
199 </para>
200 <para>
201 Synchronization between the Win16 tasks running in the WOW
202 process is normally done through the Win16 mutex - whenever
203 one of them is running, it holds the Win16 mutex, keeping
204 the others from running. When the task wishes to let the
205 other tasks run, the thread releases the Win16 mutex, and
206 one of the waiting threads will then acquire it and let its
207 task run.
208 </para>
209 </sect2>
210 </sect1>
212 <sect1>
215 <sect2>
218 <para>
219 The windows architecture (Win 9x way) looks like this:
220 <screen>
221 +---------------------+ \
222 | Windows EXE | } application
223 +---------------------+ /
225 +---------+ +---------+ \
226 | Windows | | Windows | \ application & system DLLs
227 | DLL | | DLL | /
228 +---------+ +---------+ /
230 +---------+ +---------+ \
231 | GDI32 | | USER32 | \
232 | DLL | | DLL | \
233 +---------+ +---------+ } core system DLLs
234 +---------------------+ /
235 | Kernel32 DLL | /
236 +---------------------+ /
238 +---------------------+ \
239 | Win9x kernel | } kernel space
240 +---------------------+ /
242 +---------------------+ \
243 | Windows low-level | \ drivers (kernel space)
244 | drivers | /
245 +---------------------+ /
246 </screen>
247 </para>
248 </sect2>
249 <sect2>
252 <para>
253 The windows architecture (Windows NT way) looks like the
254 following drawing. Note the new DLL (NTDLL) which allows
255 implementing different subsystems (as win32); kernel32 in NT
256 architecture implements the Win32 subsystem on top of NTDLL.
257 <screen>
258 +---------------------+ \
259 | Windows EXE | } application
260 +---------------------+ /
262 +---------+ +---------+ \
263 | Windows | | Windows | \ application & system DLLs
264 | DLL | | DLL | /
265 +---------+ +---------+ /
267 +---------+ +---------+ +-----------+ \
268 | GDI32 | | USER32 | | | \
269 | DLL | | DLL | | | \
270 +---------+ +---------+ | | \ core system DLLs
271 +---------------------+ | | / (on the left side)
272 | Kernel32 DLL | | Subsystem | /
273 | (Win32 subsystem) | |Posix, OS/2| /
274 +---------------------+ +-----------+ /
276 +---------------------------------------+
277 | NTDLL.DLL |
278 +---------------------------------------+
280 +---------------------------------------+ \
281 | NT kernel | } NT kernel (kernel space)
282 +---------------------------------------+ /
283 +---------------------------------------+ \
284 | Windows low-level drivers | } drivers (kernel space)
285 +---------------------------------------+ /
286 </screen>
287 </para>
288 <para>
289 Note also (not depicted in schema above) that the 16 bit
290 applications are supported in a specific subsystem.
291 Some basic differences between the Win9x and the NT
292 architectures include:
293 <itemizedlist>
294 <listitem>
295 <para>
296 Several subsystems (Win32, Posix...) can be run on NT,
297 while not on Win 9x
298 </para>
299 </listitem>
300 <listitem>
301 <para>
303 NT is truely a 32 bit system.
304 </para>
305 </listitem>
306 <listitem>
307 <para>
308 The drivers model and interfaces in Win 9x and NT are
309 different (even if Microsoft tried to bridge the gap
310 with some support of WDM drivers in Win 98 and above).
311 </para>
312 </listitem>
313 </itemizedlist>
314 </para>
315 </sect2>
316 </sect1>
318 <sect1>
321 <sect2>
324 <para>
325 Wine implementation is closer to the Windows NT
326 architecture, even if several subsystems are not implemented
328 Windows EXE, not as a subsystem). Here's the overall picture:
329 <screen>
330 +---------------------+ \
331 | Windows EXE | } application
332 +---------------------+ /
334 +---------+ +---------+ \
335 | Windows | | Windows | \ application & system DLLs
336 | DLL | | DLL | /
337 +---------+ +---------+ /
339 +---------+ +---------+ +-----------+ +--------+ \
340 | GDI32 | | USER32 | | | | | \
341 | DLL | | DLL | | | | Wine | \
342 +---------+ +---------+ | | | Server | \ core system DLLs
343 +---------------------+ | | | | / (on the left side)
344 | Kernel32 DLL | | Subsystem | | NT-like| /
345 | (Win32 subsystem) | |Posix, OS/2| | Kernel | /
346 +---------------------+ +-----------+ | | /
347 | |
348 +---------------------------------------+ | |
349 | NTDLL | | |
350 +---------------------------------------+ +--------+
352 +---------------------------------------+ \
353 | Wine executable (wine-?thread) | } unix executable
354 +---------------------------------------+ /
355 +---------------------------------------------------+ \
356 | Wine drivers | } Wine specific DLLs
357 +---------------------------------------------------+ /
359 +------------+ +------------+ +--------------+ \
360 | libc | | libX11 | | other libs | } unix shared libraries
361 +------------+ +------------+ +--------------+ / (user space)
363 +---------------------------------------------------+ \
364 | Unix kernel (Linux,*BSD,Solaris,OS/X) | } (Unix) kernel space
365 +---------------------------------------------------+ /
366 +---------------------------------------------------+ \
367 | Unix device drivers | } Unix drivers (kernel space)
368 +---------------------------------------------------+ /
369 </screen>
370 </para>
372 <para>
373 Wine must at least completely replace the "Big Three" DLLs
374 (KERNEL/KERNEL32, GDI/GDI32, and USER/USER32), which all
375 other DLLs are layered on top of. But since Wine is (for
376 various reasons) leaning towards the NT way of implementing
377 things, the NTDLL is another core DLL to be implemented in
378 Wine, and many KERNEL32 and ADVAPI32 features will be
379 implemented through the NTDLL.
380 </para>
381 <para>
382 As of today, no real subsystem (apart the Win32 one) has
383 been implemented in Wine.
384 </para>
385 <para>
386 The Wine server provides the backbone for the implementation
387 of the core DLLs. It mainly implementents inter-process
388 synchronization and object sharing. It can be seen, from a
389 functional point of view, as a NT kernel (even if the APIs
390 and protocols used between Wine's DLL and the Wine server
391 are Wine specific).
392 </para>
393 <para>
394 Wine uses the Unix drivers to access the various hardware
395 pieces on the box. However, in some cases, Wine will
396 provide a driver (in Windows sense) to a physical hardware
397 device. This driver will be a proxy to the Unix driver
398 (this is the case, for example, for the graphical part
399 with X11 or SDL drivers, audio with OSS or ALSA drivers...).
400 </para>
401 <para>
402 All DLLs provided by Wine try to stick as much as possible
403 to the exported APIs from the Windows platforms. There are
404 rare cases where this is not the case, and have been
405 propertly documented (Wine DLLs export some Wine specific
406 APIs). Usually, those are prefixed with
408 </para>
409 <para>
410 Let's now review in greater details all of those components.
411 </para>
412 </sect2>
414 <sect2>
416 <para>
417 The Wine server is among the most confusing concepts in
418 Wine. What is its function in Wine? Well, to be brief, it
419 provides Inter-Process Communication (IPC),
420 synchronization, and process/thread management. When the
421 Wine server launches, it creates a Unix socket for the
422 current host based on (see below) your home directory's
425 points to) - all Wine processes launched later connects to
426 the Wine server using this socket. (If a Wine server was
427 not already running, the first Wine process will start up
428 the Wine server in auto-terminate mode (i.e. the Wine
429 server will then terminate itself once the last Wine
430 process has terminated).)
431 </para>
432 <para>
433 In earlier versions of Wine the master socket mentioned
434 above was actually created in the configuration directory;
436 subdirectory or wherever the
438 points>. Since that might not be possible the socket is
440 directory with a name that reflects the configuration
441 directory. This means that there can actually be several
442 separate copies of the Wine server running; one per
443 combination of user and configuration directory. Note that
444 you should not have several users using the same
445 configuration directory at the same time; they will have
446 different copies of the Wine server running and this could
447 well lead to problems with the registry information that
448 they are sharing.
449 </para>
450 <para>
451 Every thread in each Wine process has its own request
452 buffer, which is shared with the Wine server. When a
453 thread needs to synchronize or communicate with any other
454 thread or process, it fills out its request buffer, then
455 writes a command code through the socket. The Wine server
456 handles the command as appropriate, while the client
457 thread waits for a reply. In some cases, like with the
459 primitives, the server handles it by marking the client
460 thread as waiting and does not send it a reply before the
461 wait condition has been satisfied.
462 </para>
463 <para>
464 The Wine server itself is a single and separate Unix
465 process and does not have its own threading - instead, it
467 loop that alerts the Wine server whenever anything
468 happens, such as a client having sent a command, or a wait
469 condition having been satisfied. There is thus no danger
470 of race conditions inside the Wine server itself - it is
471 often called upon to do operations that look completely
472 atomic to its clients.
473 </para>
474 <para>
475 Because the Wine server needs to manage processes,
476 threads, shared handles, synchronization, and any related
477 issues, all the clients' Win32 objects are also managed by
478 the Wine server, and the clients must send requests to the
479 Wine server whenever they need to know any Win32 object
480 handle's associated Unix file descriptor (in which case
481 the Wine server duplicates the file descriptor, transmits
482 it back to the client, and leaves it to the client to
483 close the duplicate when the client has finished with
484 it).
485 </para>
486 </sect2>
488 <sect2>
489 <title>
490 Wine builtin DLLs: about Relays, Thunks, and DLL
491 descriptors
492 </title>
493 <para>
494 This section mainly applies to builtin DLLs (DLLs provided
496 details on native vs. builtin DLL handling.
497 </para>
498 <para>
499 Loading a Windows binary into memory isn't that hard by
500 itself, the hard part is all those various DLLs and entry
501 points it imports and expects to be there and function as
502 expected; this is, obviously, what the entire Wine
503 implementation is all about. Wine contains a range of DLL
504 implementations. You can find the DLLs implementation in the
506 </para>
507 <para>
508 Each DLL (at least, the 32 bit version, see below) is
509 implemented in a Unix shared library. The file name of this
510 shared library is the module name of the DLL with a
513 depending on the DLL type). This shared library contains the
514 code itself for the DLL, as well as some more information,
515 as the DLL resources and a Wine specific DLL descriptor.
516 </para>
517 <para>
518 The DLL descriptor, when the DLL is instanciated, is used to
519 create an in-memory PE header, which will provide access to
520 various information about the DLL, including but not limited
521 to its entry point, its resources, its sections, its debug
522 information...
523 </para>
524 <para>
525 The DLL descriptor and entry point table is generated by
529 input. Resources (after compilation by
533 </para>
534 <para>
535 Once an application module wants to import a DLL, Wine
536 will look at:
537 <itemizedlist>
538 <listitem>
539 <para>
540 through its list of registered DLLs (in fact, both
541 the already loaded DLLs, and the already loaded
542 shared libraries which has registered a DLL
543 descriptor). Since, the DLL descriptor is
544 automatically registered when the shared library is
545 loaded - remember, registration call is put inside a
546 shared library constructor - using the
548 when running a Wine process can force the
549 registration of some DLL descriptors.
550 </para>
551 </listitem>
552 <listitem>
553 <para>
554 If it's not registered, Wine will look for it on
555 disk, building the shared library name from the DLL
556 module name. Directory searched for are specified by
558 variable.
559 </para>
560 </listitem>
561 <listitem>
562 <para>
563 Failing that, it will look for a real Windows
565 through its imports, etc) and use the loading of
566 native DLLs.
567 </para>
568 </listitem>
569 </itemizedlist>
570 </para>
571 <para>
572 After the DLL has been identified (assuming it's still a
573 native one), it's mapped into memory using a
575 use the shared library mechanisms for resolving and/or
576 importing functions between two shared libraries (for two
577 DLLs). The shared library is only used for providing a way
578 to load a piece of code on demand. This piece of code,
579 thanks the DLL descriptor, will provide the same type of
580 information a native DLL would. Wine can then use the same
581 code for native and builtin DLL to handle imports/exports.
582 </para>
583 <para>
584 Wine also relies on the dynamic loading features of the Unix
585 shared libraries to relocate the DLLs if needed (the same
586 DLL can be loaded at different address in two different
587 processes, and even in two consecutive run of the same
588 executable if the order of loading the DLLs differ).
589 </para>
590 <para>
591 The DLL descriptor is registered in the Wine realm using
593 creating the code for DLL descriptor, also creates a
594 constructor, that will be called when the shared library is
595 loaded into memory. This constructor will actually register
596 the descriptor to the Wine DLL loader. Hence, before the
598 will be known and registered. This also helps to deal with
599 the cases where there's still dependencies (at the ELF
600 shared lib level, not at the embedded DLL level) between
601 different shared libraries: the embedded DLLs will be
602 properly registered, and even loaded (from a Windows point
603 of view).
604 </para>
605 <para>
606 Since Wine is 32-bit code itself, and if the compiler
609 into Win32 code by substituting the addresses of the Wine
610 handlers directly without any thunking layer in
611 between. This eliminates the overhead most people
612 associate with "emulation", and is what the applications
613 expect anyway.
614 </para>
615 <para>
616 However, if the user specified <parameter>WINEDEBUG=+relay
617 </parameter>, a thunk layer is inserted between the
618 application imports and the Wine handlers (actually the
619 export table of the DLL is modified, and a thunk is
620 inserted in the table); this layer is known as "relay"
621 because all it does is print out the arguments/return
622 values (by using the argument lists in the DLL
623 descriptor's entry point table), then pass the call on,
624 but it's invaluable for debugging misbehaving calls into
625 Wine code. A similar mechanism also exists between Windows
626 DLLs - Wine can optionally insert thunk layers between
628 but since no DLL descriptor information exists for
629 non-Wine DLLs, this is less reliable and may lead to
630 crashes.
631 </para>
632 <para>
633 For Win16 code, there is no way around thunking - Wine
635 thunks switch between the app's 16-bit stack and Wine's
636 32-bit stack, copies and converts arguments as appropriate
639 bit linear values in 32 bit), and handles the Win16
640 mutex. Some finer control can be obtained on the
642 manual for the details. Suffice to say that the kind of
643 intricate stack content juggling this results in, is not
644 exactly suitable study material for beginners.
645 </para>
646 <para>
647 A DLL descriptor is also created for every 16 bit
648 DLL. However, this DLL normally paired with a 32 bit
650 (KRNL386.EXE for KERNEL32, USER for USER32...), or a 16
651 bit DLL directly linked to a 32 bit DLL (like SYSTEM for
652 KERNEL32, or DDEML for USER32). In those cases, the 16 bit
653 descriptor(s) is (are) inserted in the same shared library
654 as the the corresponding 32 bit DLL. Wine will also create
655 symbolic links between kernel32.dll.so and system.dll.so
656 so that loading of either
659 shared library.
660 </para>
661 </sect2>
664 <para>
665 Every Win32 process in Wine has its own dedicated native
666 process on the host system, and therefore its own address
667 space. This section explores the layout of the Windows
668 address space and how it is emulated.
669 </para>
671 <para>
672 Firstly, a quick recap of how virtual memory works. Physical
673 memory in RAM chips is split into
677 the maximum space addressable with a 32 bit pointer). Pages
678 can be mapped or unmapped: attempts to access an unmapped
679 page cause an
681 the easily recognizable code of
683 any frame, therefore you can have multiple addresses which
684 actually "contain" the same memory. Pages can also be mapped
685 to things like files or swap space, in which case accessing
686 that page will cause a disk access to read the contents into
687 a free frame.
688 </para>
690 <sect3>
692 <para>
693 When a Win32 process starts, it does not have a clear
694 address space to use as it pleases. Many pages are already
695 mapped by the operating system. In particular, the EXE
696 file itself and any DLLs it needs are mapped into memory,
697 and space has been reserved for the stack and a couple of
698 heaps (zones used to allocate memory to the app
699 from). Some of these things need to be at a fixed address,
700 and others can be placed anywhere.
701 </para>
703 <para>
704 The EXE file itself is usually mapped at address 0x400000
705 and up: indeed, most EXEs have their relocation records
706 stripped which means they must be loaded at their base
707 address and cannot be loaded at any other address.
708 </para>
710 <para>
711 DLLs are internally much the same as EXE files but they
712 have relocation records, which means that they can be
713 mapped at any address in the address space. Remember we
714 are not dealing with physical memory here, but rather
715 virtual memory which is different for each
717 be loaded at one address in one process, and a totally
718 different one in another. Ensuring all the functions
719 loaded into memory can find each other is the job of the
720 Windows dynamic linker, which is a part of NTDLL.
721 </para>
722 <para>
723 So, we have the EXE and its DLLs mapped into memory. Two
724 other very important regions also exist: the stack and the
725 process heap. The process heap is simply the equivalent of
727 region of memory managed by the OS which
729 partitions and hands out to the application. Windows
730 applications can create several heaps but the process heap
731 always exists.
732 </para>
733 <para>
734 Windows 9x also implements another kind of heap: the
735 shared heap. The shared heap is unusual in that
736 anything allocated from it will be visible in every other
737 process.
738 </para>
739 </sect3>
741 <sect3>
743 <para>
744 So far we've assumed the entire 4 gigs of address space is
745 available for the application. In fact that's not so: only
747 Windows NT used by the operating system and hold the
748 kernel (from 0x80000000). Why is the kernel mapped into
749 every address space? Mostly for performance: while it's
750 possible to give the kernel its own address space too -
752 Linux - it requires that every system call into the kernel
753 switches address space. As that is a fairly expensive
754 operation (requires flushing the translation lookaside
755 buffers etc) and syscalls are made frequently it's best
756 avoided by keeping the kernel mapped at a constant
757 position in every processes address space.
758 </para>
760 <para>
761 Basically, the comparison of memory mappings looks as
762 follows:
763 <table>
766 <thead>
767 <row>
772 </row>
773 </thead>
774 <tbody>
775 <row>
780 </row>
781 <row>
786 </row>
787 <row>
792 </row>
793 </tbody>
794 </tgroup>
795 </table>
796 </para>
798 <para>
799 On Windows 9x, in fact only the upper gigabyte
802 for loading system DLLs and for file mappings. The bottom
804 memory allocation and stack.
805 </para>
806 </sect3>
808 <sect3>
810 <para>
811 Wine (with a bit of black magic) is able to map all items
812 at the correct locations as depicted above.
813 </para>
814 <para>
815 Wine also implements the shared heap so native win9x DLLs
816 can be used. This heap is always created at the
819 megabytes in size.
820 </para>
821 <para>
822 There are a few other magic locations. The bottom 64k of
823 memory is deliberately left unmapped to catch null pointer
825 for DOS compatibility and contain various DOS data
826 structures. Finally, the address space also contains
827 mappings for the Wine binary itself, any native libaries
828 Wine is using, the glibc malloc arena and so on.
829 </para>
830 </sect3>
831 </sect2>
832 <sect2>
834 <para>
835 Let's take a closer look at the way Wine loads and run
836 processes in memory.
837 </para>
838 <sect3>
840 <para>
841 When starting a Wine process from command line (we'll get
842 later on to the differences between NE, PE and Winelib
843 executables), there are a couple of things Wine need to do
844 first. A first executable is run to check the threading
846 for the details) and will start the real Wine loader
847 corresponding to the choosen threading model.
848 </para>
849 <para>
850 Then Wine graps a few elements from the Unix world: the
851 environment, the program arguments. Then the
853 using the standard shared library dynamic loader. When
854 loaded, NTDLL will mainly first create a decent Windows
855 environment:
856 <itemizedlist>
857 <listitem>
859 </listitem>
860 <listitem>
861 <para>
862 set up the connection to the Wine server - and
863 eventually launching the Wine server if none runs
864 </para>
865 </listitem>
866 <listitem>
868 </listitem>
869 </itemizedlist>
870 </para>
871 <para>
873 using the Windows dynamic loading capabilities) and a Wine
874 specific entry point is called
876 will actually handle all the logic of the process loading
877 and execution, and will never return from it's call.
878 </para>
879 <para>
881 following tasks:
882 <itemizedlist>
883 <listitem>
884 <para>
885 initialization of program arguments from Unix
886 program arguments
887 </para>
888 </listitem>
889 <listitem>
890 <para>
891 lookup of executable in the file system
892 </para>
893 </listitem>
894 <listitem>
895 <para>
896 If the file is not found, then an error is printed
897 and the Wine loader stops.
898 </para>
899 </listitem>
900 <listitem>
901 <para>
902 We'll cover the non-PE file type later on, so assume
903 for now it's a PE file. The PE module is loaded in
904 memory using the Windows shared library
905 mechanism. Note that the dependencies on the module
906 are not resolved at this point.
907 </para>
908 </listitem>
909 <listitem>
910 <para>
911 A new stack is created, which size is given in the
912 PE header, and this stack is made the one of the
913 running thread (which is still the only one in the
914 process). The stack used at startup will no longer
915 be used.
916 </para>
917 </listitem>
918 <listitem>
919 <para>
920 Which this new stack,
922 called which performs the remaining initialization
923 parts, including resolving all the DLL imports on
924 the PE module, and doing the init of the TLS slots.
925 </para>
926 </listitem>
927 <listitem>
928 <para>
929 Control can now be passed to the
931 which will let the executable run.
932 </para>
933 </listitem>
934 </itemizedlist>
935 </para>
936 </sect3>
937 <sect3>
939 <para>
940 The steps used are closely link to what is done in the
941 previous case.
942 </para>
943 <para>
944 There are however a few points to look at a bit more
945 closely. The inner implementation creates the child
948 don't need to check again for the threading model, we can
949 use what the parent (or the grand-parent process...)
950 started from command line has found.
951 </para>
952 <para>
953 The Win32 process creation allows to pass a lot of
954 information between the parent and the child. This
955 includes object handles, windows title, console
956 parameters, environment strings... Wine makes use of both
957 the standard Unix inheritance mechanisms (for environment
958 for example) and the Wine server (to pass from parent to
959 child a chunk of data containing the relevant information).
960 </para>
961 <para>
962 The previously described loading mechanism will check in
963 the Wine server if such a chunk exists, and, if so, will
964 perform the relevant initialization.
965 </para>
966 <para>
967 Some further synchronization is also put in place: a
968 parent will wait until the child has started, or has
969 failed. The Wine server is also used to perform those
970 tasks.
971 </para>
972 </sect3>
973 <sect3>
975 <para>
976 Before going into the gory details, let's first go back to
977 what a Winelib application is. It can be either a regular
978 Unix executable, or a more specific Wine beast. This later
979 form in fact creates two files for a given executable (say
985 described for DLLs. As in Windows, an executable is, among
986 other things, a module with its import and export
987 information, as any DLL, it makes sense Wine uses the same
988 mechanisms for loading native executables and DLLs.
989 </para>
990 <para>
991 When starting a Winelib application from the command line
994 executable. Since this is in fact the Wine loader, Wine
995 will fire up. However, will notice that it hasn't been
998 Unix shared library mechanism) the second file
1000 bit module (with its descriptor) embedded in the shared
1001 library, and once the shared library loaded, it will
1002 proceed the same path as when loading a standard native PE
1003 executable.
1004 </para>
1005 <para>
1006 Wine needs to implement this second form of executable in
1007 order to maintain the order of initialization of some
1008 elements in the executable. One particular issue is when
1009 dealing with global C++ objects. In standard Unix
1010 executable, the call of the constructor to such objects is
1011 stored in the specific section of the executable
1013 constructors in this section are called before the
1015 Wine executable using the first form mentionned above will
1016 let those constructors being called before Wine gets a
1017 chance to initialize itself. So, any constructor using a
1018 Windows API will fail, because Wine infrastructure isn't
1019 in place. The use of the second form for Winelib
1020 executables ensures that we do the initialization using
1021 the following steps:
1022 <itemizedlist>
1023 <listitem>
1024 <para>
1025 initialize the Wine infrastructure
1026 </para>
1027 </listitem>
1028 <listitem>
1029 <para>
1030 load the executable into memory
1031 </para>
1032 </listitem>
1033 <listitem>
1034 <para>
1035 handle the import sections for the executable
1036 </para>
1037 </listitem>
1038 <listitem>
1039 <para>
1040 call the global object constructors (if any). They
1041 now can properly call the Windows APIs
1042 </para>
1043 </listitem>
1044 <listitem>
1045 <para>
1046 call the executable entry point
1047 </para>
1048 </listitem>
1049 </itemizedlist>
1050 </para>
1051 <para>
1052 The attentive reader would have noted that the resolution
1053 of imports for the executable is done, as for a DLL, when
1054 the executable/DLL descriptor is registered. However, this
1055 is done also by adding a specific constructor in the
1057 scheme to function properly, this constructor must be the
1058 first constructor to be called, before all the other
1059 constructors, generated by the executable itself. The Wine
1060 build chain takes care of that, and also generating the
1061 executable/DLL descriptor for the Winelib executable.
1062 </para>
1063 </sect3>
1064 <sect3>
1066 <para>
1067 When Wine is requested to run a NE (Win 16 process), it
1068 will in fact hand over the execution of it to a specific
1071 will in fact set up the correct 16 bit environment to run
1072 the executable. Any new 16 bit process created by this
1073 executable (or its children) will run into the same
1075 several functionalities will be provided to those 16 bit
1076 processes, including the cooperative multitasking, sharing
1077 the same address space, managing the selectors for the 16
1078 bit segments needed for code, data and stack.
1079 </para>
1080 <para>
1082 can run in the same Wine session, but the functionalities
1083 described above are only shared among a given instance,
1085 is built as Winelib application, and hence has access to
1086 any facility a 32 bit application has.
1087 </para>
1088 <para>
1089 The behaviour we just described also applies to DOS
1090 executables, which are handled the same way by
1092 </para>
1093 </sect3>
1094 </sect2>
1095 <sect2>
1097 <para>
1098 Wine will not allow running native Windows drivers under
1099 Unix. This comes mainly because (look at the generic
1100 architecture schemas) Wine doesn't implement the kernel
1101 features of Windows (kernel here really means the kernel,
1102 not the KERNEL32 DLL), but rather sets up a proxy layer on
1103 top of the Unix kernel to provide the NTDLL and KERNEL32
1104 features. This means that Wine doesn't provide the inner
1105 infrastructure to run native drivers, either from the Win9x
1106 family or from the NT family.
1107 </para>
1108 <para>
1109 In other words, Wine will only be able to provide access to
1110 a specific device, if and only if, 1/ this device is
1111 supported in Unix (there is Unix-driver to talk to it), 2/
1112 Wine has implemented the proxy code to make the glue between
1113 the API of a Windows driver, and the Unix interface of the
1114 Unix driver.
1115 </para>
1116 <para>
1117 Wine, however, tries to implement in the various DLLs
1118 needing to access devices to do it through the standard
1119 Windows APIs for device drivers in user space. This is for
1120 example the case for the multimedia drivers, where Wine
1121 loads Wine builtin DLLs to talk to the OSS interface, or the
1122 ALSA interface. Those DLLs implement the same interface as
1123 any user space audio driver in Windows.
1124 </para>
1125 </sect2>
1126 </sect1>
1131 <sect2>
1133 <para>
1134 NTDLL provides most of the services you'd expect from a
1135 kernel.
1136 </para>
1137 <para>
1138 Process and thread management are part of them (even if
1139 process management is still mainly done in KERNEL32, unlike
1140 NT). A Windows process runs as a Unix process, and a Windows
1141 thread runs as a Unix thread.
1142 </para>
1143 <para>
1144 Wine also provide fibers (which is the Windows name of
1145 co-routines).
1146 </para>
1147 <para>
1148 Most of the Windows memory handling (Heap, Global and Local
1149 functions, virtual memory...) are easily mapped upon their
1150 Unix equivalents. Note the NTDLL doesn't know about 16 bit
1151 memory, which is only handled in KERNEL32/KRNL386.EXE (and
1152 also the DOS routines).
1153 </para>
1155 <sect3>
1157 <para>
1158 Wine uses some configuration in order to map Windows
1159 filenames (either defined with drive letters, or as UNC
1160 names) to the unix filenames. Wine also uses some
1161 incantation so that most of file related APIs can also
1162 take full unix names. This is handy when passing filenames
1163 on the command line.
1164 </para>
1165 <para>
1166 File handles can be waitable objects, as Windows define
1167 them.
1168 </para>
1169 <para>
1170 Asynchronous I/O is implemented on file handles by
1171 queueing pseudo APC. They are not real APC in the sense
1172 that they have the same priority as the threads in the
1173 considered process (while APCs on NT have normally a
1174 higher priority). These APCs get called when invoking
1175 Wine server (which should lead to correct behavior when the
1176 program ends up waiting on some object - waiting always
1177 implies calling Wine server).
1178 </para>
1179 <para>
1180 FIXME: this should be enhanced and updated to latest work
1181 on FS.
1182 </para>
1183 </sect3>
1185 <sect3>
1187 <para>
1188 Most of the synchronization (between threads or processes)
1189 is done in Wine server, which handles both the waiting
1190 operation (on a single object or a set of objects) and the
1191 signaling of objects.
1192 </para>
1193 </sect3>
1195 <sect3>
1197 <para>
1198 Wine is able to load any NE and PE module. In all cases,
1199 the module's binary code is directly executed by the
1200 processor.
1201 </para>
1202 </sect3>
1204 <sect3>
1206 <para>
1207 Wine allows usage a wide variety of devices:
1208 <itemizedlist>
1209 <listitem>
1210 <para>
1211 Communication ports are mapped to Unix
1212 communication ports (if they have sufficient
1213 permissions).
1214 </para>
1215 </listitem>
1216 <listitem>
1217 <para>
1218 Parallel ports are mapped to Unix parallel ports (if
1219 they have sufficient permissions).
1220 </para>
1221 </listitem>
1222 <listitem>
1223 <para>
1224 CDROM: the Windows device I/O control calls are
1226 </para>
1227 </listitem>
1228 <listitem>
1229 <para>
1230 Some Win9x VxDs are supported, by rewriting some of
1231 their internal behavior. But this support is
1232 limited. Portable programs to Windows NT shouldn't
1233 need them.
1234 </para>
1235 <para>
1236 Wine will not support native VxD.
1237 </para>
1238 </listitem>
1239 </itemizedlist>
1240 </para>
1241 </sect3>
1242 </sect2>
1244 <sect2>
1247 <para>
1248 FIXME: Needs some content...
1249 </para>
1250 </sect2>
1252 <sect2>
1255 <sect3>
1258 <para>
1259 The X libraries used to implement X clients (such as Wine)
1260 do not work properly if multiple threads access the same
1261 display concurrently. It is possible to compile the X
1262 libraries to perform their own synchronization (initiated
1264 Wine does not use this approach. Instead Wine performs its
1265 own synchronization using the
1267 functions. This locking protects library access
1268 with a critical section, and also arranges things so that
1271 work with Wine.
1272 </para>
1273 <para>
1274 In the past, all calls to X used to go through a wrapper called
1276 While it is still being used in the code, it's inefficient
1277 as the lock is potentially aquired and released unnecessarily.
1278 New code should explicitly aquire the lock.
1279 </para>
1280 </sect3>
1281 </sect2>
1283 <sect2>
1286 <para>
1287 USER implements windowing and messaging subsystems. It also
1288 contains code for common controls and for other
1289 miscellaneous stuff (rectangles, clipboard, WNet, etc).
1293 </para>
1295 <sect3>
1300 <para>
1301 Windows are arranged into parent/child hierarchy with one
1302 common ancestor for all windows (desktop window). Each
1303 window structure contains a pointer to the immediate
1305 style bit is set), a pointer to the sibling (returned by
1307 to the owner window (set only for popup window if it was
1309 parameter), and a pointer to the first child window
1311 and non-child windows are therefore placed in the first
1312 level of this hierarchy and their ancestor link
1314 window.
1315 </para>
1316 <screen>
1317 Desktop window - root window
1318 | \ `-.
1319 | \ `-.
1321 | \ `-. `-.
1322 | \ `-. `-.
1323 child1 child2 -> child3 child4 - child windows
1324 </screen>
1325 <para>
1326 Horizontal arrows denote sibling relationship, vertical
1327 lines - ancestor/child. To summarize, all windows with the
1328 same immediate ancestor are sibling windows, all windows
1329 which do not have desktop as their immediate ancestor are
1330 child windows. Popup windows behave as topmost top-level
1331 windows unless they are owned. In this case the only
1332 requirement is that they must precede their owners in the
1333 top-level sibling list (they are not topmost). Child
1334 windows are confined to the client area of their parent
1335 windows (client area is where window gets to do its own
1336 drawing, non-client area consists of caption, menu,
1337 borders, intrinsic scrollbars, and
1338 minimize/maximize/close/help buttons).
1339 </para>
1340 <para>
1341 Another fairly important concept is
1343 ancestor/child hierarchy and is used to determine
1344 "above/below" relationship. For instance, in the example
1345 above, z-order is
1346 </para>
1347 <screen>
1349 </screen>
1350 <para>
1351 Current active window ("foreground window" in Win32) is
1352 moved to the front of z-order unless its top-level
1353 ancestor owns popup windows.
1354 </para>
1355 <para>
1356 All these issues are dealt with (or supposed to be) in
1359 interface to the window manager.
1360 </para>
1361 <para>
1362 Wine specifics: in default and managed mode each top-level
1363 window gets its own X counterpart with desktop window
1364 being basically a fake stub. In desktop mode, however,
1365 only desktop window has an X window associated with it.
1367 eventually be implemented via
1369 not the other way around.
1370 </para>
1372 <sect4>
1379 <screen>
1380 ________________________
1381 |_________ | A and B are child windows of C
1382 | A |______ |
1383 | | | |
1384 |---------' | |
1385 | | B | |
1386 | | | |
1387 | `------------' |
1388 | C |
1389 `------------------------'
1390 </screen>
1391 <para>
1392 Visible region determines which part of the window is
1393 not obscured by other windows. If a window has the
1395 areas below its children are considered invisible.
1397 bit is in effect then all areas obscured by its siblings
1398 are invisible. Child windows are always clipped by the
1399 boundaries of their parent windows.
1400 </para>
1401 <para>
1403 </para>
1404 <screen>
1405 . ______
1406 : | |
1407 | ,-----' |
1408 | | B | - visible region of B
1409 | | |
1410 : `------------'
1411 </screen>
1412 <para>
1413 When the program requests a <firstterm>display
1414 context</firstterm> (DC) for a window it can specify
1415 an optional clipping region that further restricts the
1416 area where the graphics output can appear. This area is
1417 calculated as an intersection of the visible region and
1418 a clipping region.
1419 </para>
1420 <para>
1421 Program asked for a DC with a clipping region:
1422 </para>
1423 <screen>
1424 ______
1425 ,--|--. | . ,--.
1426 ,--+--' | | : _: |
1427 | | B | | => | | | - DC region where the painting will
1428 | | | | | | | be visible
1429 `--|-----|---' : `----'
1430 `-----'
1431 </screen>
1432 <para>
1433 When the window manager detects that some part of the window
1434 became visible it adds this area to the update region of this
1438 uncovered area intersects a nonclient part of the window.
1440 message by calling the
1443 that uses accumulated update region as a clipping region. This
1444 operation cleans up invalidated area and the window will not
1446 manager creates a new update region.
1447 </para>
1448 <para>
1449 A was moved to the left:
1450 </para>
1451 <screen>
1452 ________________________ ... / C update region
1453 |______ | : .___ /
1454 | A |_________ | => | ...|___|..
1455 | | | | | : | |
1456 |------' | | | : '---'
1457 | | B | | | : \
1458 | | | | : \
1459 | `------------' | B update region
1460 | C |
1461 `------------------------'
1462 </screen>
1463 <para>
1464 Windows maintains a display context cache consisting of
1465 entries that include the DC itself, the window to which
1466 it belongs, and an optional clipping region (visible
1467 region is stored in the DC itself). When an API call
1468 changes the state of the window tree, window manager has
1469 to go through the DC cache to recalculate visible
1470 regions for entries whose windows were involved in the
1471 operation. DC entries (DCE) can be either private to the
1472 window, or private to the window class, or shared
1473 between all windows (Windows 3.1 limits the number of
1474 shared DCEs to 5).
1475 </para>
1476 </sect4>
1477 </sect3>
1479 <sect3>
1485 <para>
1486 Each Windows task/thread has its own message queue - this
1487 is where it gets messages from. Messages can be:
1488 <orderedlist>
1489 <listitem>
1490 <para>
1494 </para>
1495 </listitem>
1496 <listitem>
1497 <para>
1498 created by the system (hardware messages)
1499 </para>
1500 </listitem>
1501 <listitem>
1502 <para>
1504 </para>
1505 </listitem>
1506 <listitem>
1507 <para>
1509 </para>
1510 </listitem>
1511 </orderedlist>
1512 </para>
1513 <para>
1514 Message priority:
1515 </para>
1516 <para>
1517 First the system looks for sent messages, then for posted
1518 messages, then for hardware messages, then it checks if
1519 the queue has the "dirty window" bit set, and, finally, it
1520 checks for expired timers. See
1522 </para>
1523 <para>
1524 From all these different types of messages, only posted
1525 messages go directly into the private message queue.
1526 System messages (even in Win95) are first collected in the
1527 system message queue and then they either sit there until
1529 or, as in Win95, if system queue is getting clobbered, a
1530 special thread ("raw input thread") assigns them to the
1531 private queues. Sent messages are queued separately and
1532 the sender sleeps until it gets a reply. Special messages
1533 are generated on the fly depending on the window/queue
1534 state. If the window update region is not empty, the
1536 owning queue and eventually this window receives a
1539 intersects with the non-client area). A timer event is
1540 raised when one of the queue timers expire. Depending on
1542 either calls the callback function or the window
1543 procedure. If there are no messages pending the
1544 task/thread sleeps until messages appear.
1545 </para>
1546 <para>
1547 There are several tricky moments (open for discussion) -
1548 </para>
1550 <itemizedlist>
1551 <listitem>
1552 <para>
1553 System message order has to be honored and messages
1554 should be processed within correct task/thread
1556 unassigned system message and this message appears not
1557 to be for the current task/thread it should either
1558 skip it (or get rid of it by moving it into the
1559 private message queue of the target task/thread -
1560 Win95, AFAIK) and look further or roll back and then
1561 yield until this message gets processed when system
1562 switches to the correct context (Win16). In the first
1563 case we lose correct message ordering, in the second
1564 case we have the infamous synchronous system message
1565 queue. Here is a post to one of the OS/2 newsgroup I
1566 found to be relevant:
1567 </para>
1568 <blockquote>
1570 <para>
1571 " Here's the problem in a nutshell, and there is no
1572 good solution. Every possible solution creates a
1573 different problem.
1574 </para>
1575 <para>
1576 With a windowing system, events can go to many
1577 different windows. Most are sent by applications or
1578 by the OS when things relating to that window happen
1579 (like repainting, timers, etc.)
1580 </para>
1581 <para>
1582 Mouse input events go to the window you click on
1583 (unless some window captures the mouse).
1584 </para>
1585 <para>
1586 So far, no problem. Whenever an event happens, you
1587 put a message on the target window's message queue.
1588 Every process has a message queue. If the process
1589 queue fills up, the messages back up onto the system
1590 queue.
1591 </para>
1592 <para>
1593 This is the first cause of apps hanging the GUI. If
1594 an app doesn't handle messages and they back up into
1595 the system queue, other apps can't get any more
1596 messages. The reason is that the next message in
1597 line can't go anywhere, and the system won't skip
1598 over it.
1599 </para>
1600 <para>
1601 This can be fixed by making apps have bigger private
1602 message queues. The SIQ fix does this. PMQSIZE does
1603 this for systems without the SIQ fix. Applications
1604 can also request large queues on their own.
1605 </para>
1606 <para>
1607 Another source of the problem, however, happens when
1608 you include keyboard events. When you press a key,
1609 there's no easy way to know what window the
1610 keystroke message should be delivered to.
1611 </para>
1612 <para>
1613 Most windowing systems use a concept known as
1615 keyboard messages. Focus can be changed from window
1616 to window by apps or by users clicking on windows.
1617 </para>
1618 <para>
1619 This is the second source of the problem. Suppose
1620 window A has focus. You click on window B and start
1621 typing before the window gets focus. Where should
1622 the keystrokes go? On the one hand, they should go
1623 to A until the focus actually changes to B. On the
1624 other hand, you probably want the keystrokes to go
1625 to B, since you clicked there first.
1626 </para>
1627 <para>
1628 OS/2's solution is that when a focus-changing event
1629 happens (like clicking on a window), OS/2 holds all
1630 messages in the system queue until the focus change
1631 actually happens. This way, subsequent keystrokes
1632 go to the window you clicked on, even if it takes a
1633 while for that window to get focus.
1634 </para>
1635 <para>
1636 The downside is that if the window takes a real long
1637 time to get focus (maybe it's not handling events,
1638 or maybe the window losing focus isn't handling
1639 events), everything backs up in the system queue and
1640 the system appears hung.
1641 </para>
1642 <para>
1643 There are a few solutions to this problem.
1644 </para>
1645 <para>
1646 One is to make focus policy asynchronous. That is,
1647 focus changing has absolutely nothing to do with the
1648 keyboard. If you click on a window and start typing
1649 before the focus actually changes, the keystrokes go
1650 to the first window until focus changes, then they
1651 go to the second. This is what X-windows does.
1652 </para>
1653 <para>
1654 Another is what NT does. When focus changes,
1655 keyboard events are held in the system message
1656 queue, but other events are allowed through. This is
1658 queue are delivered to the application queues in a
1659 different order from that with which they were
1661 message, it's of no consequence - the app receiving
1663 keystrokes will go to it.
1664 </para>
1665 <para>
1666 The NT solution also takes care of the application
1667 queue filling up problem. Since the system delivers
1668 messages asynchronously, messages waiting in the
1669 system queue will just sit there and the rest of the
1670 messages will be delivered to their apps.
1671 </para>
1672 <para>
1673 The OS/2 SIQ solution is this: When a
1674 focus-changing event happens, in addition to
1675 blocking further messages from the application
1676 queues, a timer is started. When the timer goes
1677 off, if the focus change has not yet happened, the
1678 bad app has its focus taken away and all messages
1679 targeted at that window are skipped. When the bad
1680 app finally handles the focus change message, OS/2
1681 will detect this and stop skipping its messages.
1682 </para>
1684 <para>
1685 As for the pros and cons:
1686 </para>
1687 <para>
1688 The X-windows solution is probably the easiest. The
1689 problem is that users generally don't like having to
1690 wait for the focus to change before they start
1691 typing. On many occasions, you can type and the
1692 characters end up in the wrong window because
1693 something (usually heavy system load) is preventing
1694 the focus change from happening in a timely manner.
1695 </para>
1696 <para>
1697 The NT solution seems pretty nice, but making the
1698 system message queue asynchronous can cause similar
1699 problems to the X-windows problem. Since messages
1700 can be delivered out of order, programs must not
1701 assume that two messages posted in a particular
1702 order will be delivered in that same order. This
1703 can break legacy apps, but since Win32 always had an
1704 asynchronous queue, it is fair to simply tell app
1706 designers something like that on OS/2 - they'll
1707 complain "you changed the rules and our apps are
1708 breaking."
1709 </para>
1710 <para>
1711 The OS/2 solution's problem is that nothing happens
1712 until you try to change window focus, and then wait
1713 for the timeout. Until then, the bad app is not
1714 detected and nothing is done."
1715 </para>
1716 </blockquote>
1717 </listitem>
1719 <listitem>
1720 <para>
1721 Intertask/interthread
1723 inform the target queue about the forthcoming message,
1724 then it has to carry out the context switch and wait
1725 until the result is available. Win16 stores necessary
1726 parameters in the queue structure and then calls
1728 However, in Win32 there could be several messages
1729 pending sent by preemptively executing threads, and in
1731 build some sort of message queue for sent messages.
1732 Another issue is what to do with messages sent to the
1733 sender when it is blocked inside its own
1735 </para>
1736 </listitem>
1737 </itemizedlist>
1738 </sect3>
1739 </sect2>
1740 </sect1>
1745 <para>
1746 This document mainly deals with the status of current DLL
1747 support by Wine. The Wine ini file currently supports
1748 settings to change the load order of DLLs. The load order
1749 depends on several issues, which results in different settings
1750 for various DLLs.
1751 </para>
1753 <sect2>
1756 <para>
1757 Native DLLs of course guarantee 100% compatibility for
1758 routines they implement. For example, using the native USER
1759 DLL would maintain a virtually perfect and Windows 95-like
1760 look for window borders, dialog controls, and so on. Using
1761 the built-in Wine version of this library, on the other
1762 hand, would produce a display that does not precisely mimic
1763 that of Windows 95. Such subtle differences can be
1764 engendered in other important DLLs, such as the common
1765 controls library COMMCTRL or the common dialogs library
1766 COMMDLG, when built-in Wine DLLs outrank other types in load
1767 order.
1768 </para>
1769 <para>
1770 More significant, less aesthetically-oriented problems can
1771 result if the built-in Wine version of the SHELL DLL is
1772 loaded before the native version of this library. SHELL
1773 contains routines such as those used by installer utilities
1774 to create desktop shortcuts. Some installers might fail when
1775 using Wine's built-in SHELL.
1776 </para>
1777 </sect2>
1779 <sect2>
1782 <para>
1783 Not every application performs better under native DLLs. If
1784 a library tries to access features of the rest of the system
1785 that are not fully implemented in Wine, the native DLL might
1786 work much worse than the corresponding built-in one, if at
1787 all. For example, the native Windows GDI library must be
1788 paired with a Windows display driver, which of course is not
1789 present under Intel Unix and Wine.
1790 </para>
1791 <para>
1792 Finally, occasionally built-in Wine DLLs implement more
1793 features than the corresponding native Windows DLLs.
1794 Probably the most important example of such behavior is the
1795 integration of Wine with X provided by Wine's built-in USER
1796 DLL. Should the native Windows USER library take load-order
1797 precedence, such features as the ability to use the
1798 clipboard or drag-and-drop between Wine windows and X
1799 windows will be lost.
1800 </para>
1801 </sect2>
1803 <sect2>
1806 <para>
1807 Clearly, there is no one rule-of-thumb regarding which
1808 load-order to use. So, you must become familiar with
1809 what specific DLLs do and which other DLLs or features
1810 a given library interacts with, and use this information
1811 to make a case-by-case decision.
1812 </para>
1814 </sect2>
1816 <sect2>
1819 <para>
1820 Using the DLL sections from the wine configuration file, the
1821 load order can be tweaked to a high degree. In general it is
1822 advised not to change the settings of the configuration
1823 file. The default configuration specifies the right load
1824 order for the most important DLLs.
1825 </para>
1826 <para>
1827 The default load order follows this algorithm: for all DLLs
1828 which have a fully-functional Wine implementation, or where
1829 the native DLL is known not to work, the built-in library
1830 will be loaded first. In all other cases, the native DLL
1831 takes load-order precedence.
1832 </para>
1833 <para>
1835 [DllDefaults] section specifies for all DLLs which version
1836 to try first. See manpage for explanation of the arguments.
1837 </para>
1838 <para>
1839 The [DllOverrides] section deals with DLLs, which need a
1840 different-from-default treatment.
1841 </para>
1842 <para>
1843 The [DllPairs] section is for DLLs, which must be loaded in
1844 pairs. In general, these are DLLs for either 16-bit or
1846 version cannot be used without its 16-bit counterpart. For
1847 Wine, it is customary that the 16-bit implementations rely
1848 on the 32-bit implementations and cast the results back to
1849 16-bit arguments. Changing anything in this section is bound
1850 to result in errors.
1851 </para>
1852 <para>
1853 For the future, the Wine implementation of Windows DLL seems
1855 possible, resulting in larger DLLs. They are stored in the
1857 name.
1858 </para>
1859 </sect2>
1861 <sect2>
1864 <para>
1865 The following list briefly describes each of the DLLs
1866 commonly found in Windows whose load order may be modified
1867 during the configuration and compilation of Wine.
1868 </para>
1869 <para>
1872 are currently being rewritten for Wine)
1873 </para>
1875 <!-- FIXME: Should convert this table into a VariableList element -->
1876 <screen>
1877 ADVAPI32.DLL: 32-bit application advanced programming interfaces
1878 like crypto, systeminfo, security and event logging
1879 AVIFILE.DLL: 32-bit application programming interfaces for the
1880 Audio Video Interleave (AVI) Windows-specific
1881 Microsoft audio-video standard
1882 COMMCTRL.DLL: 16-bit common controls
1883 COMCTL32.DLL: 32-bit common controls
1884 COMDLG32.DLL: 32-bit common dialogs
1885 COMMDLG.DLL: 16-bit common dialogs
1887 CRTDLL.DLL: Microsoft C runtime
1888 DCIMAN.DLL: 16-bit
1889 DCIMAN32.DLL: 32-bit display controls
1890 DDEML.DLL: DDE messaging
1891 D3D*.DLL DirectX/Direct3D drawing libraries
1892 DDRAW.DLL: DirectX drawing libraries
1893 DINPUT.DLL: DirectX input libraries
1894 DISPLAY.DLL: Display libraries
1895 DPLAY.DLL, DPLAYX.DLL: DirectX playback libraries
1896 DSOUND.DLL: DirectX audio libraries
1897 GDI.DLL: 16-bit graphics driver interface
1898 GDI32.DLL: 32-bit graphics driver interface
1899 IMAGEHLP.DLL: 32-bit IMM API helper libraries (for PE-executables)
1900 IMM32.DLL: 32-bit IMM API
1901 IMGUTIL.DLL:
1902 KERNEL32.DLL 32-bit kernel DLL
1903 KEYBOARD.DLL: Keyboard drivers
1904 LZ32.DLL: 32-bit Lempel-Ziv or LZ file compression
1905 used by the installshield installers (???).
1906 LZEXPAND.DLL: LZ file expansion; needed for Windows Setup
1907 MMSYSTEM.DLL: Core of the Windows multimedia system
1908 MOUSE.DLL: Mouse drivers
1909 MPR.DLL: 32-bit Windows network interface
1910 MSACM.DLL: Core of the Addressed Call Mode or ACM system
1911 MSACM32.DLL: Core of the 32-bit ACM system
1912 Audio Compression Manager ???
1913 MSNET32.DLL 32-bit network APIs
1914 MSVFW32.DLL: 32-bit Windows video system
1915 MSVIDEO.DLL: 16-bit Windows video system
1916 OLE2.DLL: OLE 2.0 libraries
1918 OLE2CONV.DLL: Import filter for graphics files
1920 OLE2PROX.DLL: Proxy server for OLE 2.0
1921 OLE2THK.DLL: Thunking for OLE 2.0
1923 OLECLI.DLL: 16-bit OLE client
1924 OLECLI32.DLL: 32-bit OLE client
1925 OLEDLG.DLL: OLE 2.0 user interface support
1926 OLESVR.DLL: 16-bit OLE server libraries
1927 OLESVR32.DLL: 32-bit OLE server libraries
1928 PSAPI.DLL: Proces Status API libraries
1929 RASAPI16.DLL: 16-bit Remote Access Services libraries
1930 RASAPI32.DLL: 32-bit Remote Access Services libraries
1931 SHELL.DLL: 16-bit Windows shell used by Setup
1932 SHELL32.DLL: 32-bit Windows shell (COM object?)
1933 TAPI/TAPI32/TAPIADDR: Telephone API (for Modems)
1934 W32SKRNL: Win32s Kernel ? (not in use for Win95 and up!)
1935 WIN32S16.DLL: Application compatibility for Win32s
1936 WIN87EM.DLL: 80387 math-emulation libraries
1937 WINASPI.DLL: Advanced SCSI Peripheral Interface or ASPI libraries
1938 WINDEBUG.DLL Windows debugger
1939 WINMM.DLL: Libraries for multimedia thunking
1940 WING.DLL: Libraries required to "draw" graphics
1941 WINSOCK.DLL: Sockets APIs
1942 WINSPOOL.DLL: Print spooler libraries
1943 WNASPI32.DLL: 32-bit ASPI libraries
1944 WSOCK32.DLL: 32-bit sockets APIs
1945 </screen>
1946 </sect2>
1947 </sect1>
1948 </chapter>
1953 <para>
1954 Wine has a rather complex startup procedure, so unlike many programs the best place to begin
1956 at some of the more straightforward DLLs that exist on the periphery such as MSI, the widget
1957 library (in USER and COMCTL32) etc. The purpose of this section is to document and explain how
1958 Wine starts up from the moment the user runs "wine myprogram.exe" to the point at which
1959 myprogram gets control.
1960 </para>
1962 <sect1>
1965 <para>
1966 The actual wine binary that the user runs does not do very much, in fact it is only
1967 responsible for checking the threading model in use (NPTL vs LinuxThreads) and then invoking
1968 a new binary which performs the next stage in the startup sequence. See the threading chapter
1969 for more information on this check and why it's necessary. You can find this code in
1971 wine-pthread or wine-kthread, potentially (on Linux) via
1973 the native pthreads library requires us to exploit a property of ELF symbol fixup semantics:
1974 it's not possible to do this without starting a new process.
1975 </para>
1977 <para>
1979 order to impose a Win32 style address space layout upon the newly created Win32 process. The
1980 details of what this does is covered in the address space layout chapter. The preloader is a
1981 statically linked ELF binary which is passed the name of the actual Wine binary to run (either
1982 wine-kthread or wine-pthread) along with the arguments the user passed in from the command
1983 line. The preloader is an unusual program: it does not have a main() function. In standard ELF
1984 applications, the entry point is actually at a symbol named _start: this is provided by the
1986 initializes glibc before passing control to the main function as defined by the programmer.
1987 </para>
1989 <para>
1990 The preloader takes control direct from the entry point for a few reasons. Firstly, it is
1991 required that glibc is not initialized twice: the result of such behaviour is undefined and
1992 subject to change without notice. Secondly, it's possible that as part of initializing glibc,
1993 the address space layout could be changed - for instance, any call to malloc will initialize a
1994 heap arena which modifies the VM mappings. Finally, glibc does not return to _start at any
1995 point, so by reusing it we avoid the need to recreate the ELF bootstrap stack (env, argv,
1996 auxiliary array etc).
1997 </para>
1999 <para>
2000 The preloader is responsible for two things: protecting important regions of the address
2001 space so the dynamic linker does not map shared libraries into them, and once that is done
2002 loading the real Wine binary off disk, linking it and starting it up. Normally all this is
2003 done automatically by glibc and the kernel but as we intercepted this process by using a
2004 static binary it's up to us to restart the process. The bulk of the code in the preloader is
2005 about loading wine-[pk]thread and ld-linux.so.2 off disk, linking them together, then
2006 starting the dynamic linking process.
2007 </para>
2009 <para>
2010 One of the last things the preloader does before jumping into the dynamic linker is scan the
2011 symbol table of the loaded Wine binary and set the value of a global variable directly: this
2012 is a more efficient way of passing information to the main Wine program than flattening the
2013 data structures into an environment variable or command line parameter then unpacking it on
2014 the other side, but it achieves pretty much the same thing. The global variable set points to
2015 the preload descriptor table, which contains the VMA regions protected by the preloader. This
2016 allows Wine to unmap them once the dynamic linker has been run, so leaving gaps we can
2017 initialize properly later on.
2018 </para>
2020 </sect1>
2022 <sect1>
2025 <para>
2026 The process of starting up the emulator itself is mostly one of chaining through various
2027 initializer functions defined in the core libraries and DLLs: libwine, then NTDLL, then kernel32.
2028 </para>
2030 <para>
2033 after the preloader has run we start here. This passes the information provided by the
2034 preloader into libwine and then calls wine_init, defined
2037 be called from programs other than the wine loader itself.
2038 </para>
2040 <para>
2042 debugging infrastructure, yet more address space manipulation (see the information on the
2044 the Windows NT series - and jumping to the <function>__wine_process_init</function> function defined
2046 </para>
2048 <para>
2049 This function is responsible for initializing the primary Win32 environment. In thread_init(),
2050 it sets up the TEB, the wineserver connection for the main thread and the process heap. See
2051 the threading chapter for more information on this.
2052 </para>
2054 <para>
2057 is done. The kernel32 initialization code retrieves the startup info for the process from the
2058 server, initializes the registry, sets up the drive mapping system and locale data, then
2059 begins loading the requested application itself. Each process has a STARTUPINFO block that can
2061 window should be displayed: this is sent to the new process via the wineserver.
2062 </para>
2064 <para>
2065 After determining the type of file given to Wine by the user (a Win32 EXE file, a Win16 EXE, a
2066 Winelib app etc), the program is loaded into memory (which may involve loading and
2067 initializing other DLLs, the bulk of Wines startup code), before control reaches the end of
2069 initialized, and start_process being called on the new stack. Nearly there!
2070 </para>
2072 <para>
2073 The final element of initializing Wine is starting the newly loaded program
2076 initialization (such as performing relocations and calling the DllMains with PROCESS_ATTACH),
2077 grabs the entry point of the executable and then on this line:
2078 </para>
2080 <programlisting>
2081 ExitProcess( entry( peb ) );
2082 </programlisting>
2084 <para>
2085 ... jumps to the entry point of the program. At this point the users program is running and
2086 the API provided by Wine is ready to be used. When entry returns,
2088 </para>
2090 </sect1>
2091 </chapter>
2093 <!-- Keep this comment at the end of the file
2094 Local variables:
2095 mode: sgml
2096 sgml-parent-document:("wine-devel.sgml" "set" "book" "part" "chapter" "")
2097 End:
2098 -->