> Conclusion: > The ntdll is for wine apps what libc is for Linux/Unix. > Syscalls is made from ntdll and the native version is never > run. mostly (libc contains much more than ntdll does). A closer (yet incomplete) answer would be libc = ntdll + kernel32 + msvcrt (most of the win32 apps don't call ntdll in, they call kernel32 or msvcrt in) > You are right about the syscalls in Linux, too bad > theres no protection for it though. It should be, otherwise > there could appear wine_linux viruses. well, there could, as well, be pure linux viruses. and, I don't see why wine should be more protective than the linux kernel is.
> Cant you fix this with ptrace? no. A+