hi ik wine can translate userspace calls but i wonder if its possible to translate windows kernel level calls to linux ones (eg,kernel level anticheat,etc)

  • breadsmasher@lemmy.world
    link
    fedilink
    English
    arrow-up
    71
    ·
    edit-2
    3 months ago

    Wine does translate kernel calls. Perhaps youre misunderstanding how that is then exposed?

    Wine translates windows calls (including system level/kernel level) but exposes/implements in userspace on linux.

    It doesn’t only do windows userspace to linux userspace

    Its a design decision from the wine team to not build it as a kernel module and to instead implement as an application in userspace

    Have a read here https://werat.dev/blog/how-wine-works-101/

      • breadsmasher@lemmy.world
        link
        fedilink
        English
        arrow-up
        67
        ·
        edit-2
        3 months ago

        Anticheat isnt solely about kernel calls. Anticheat systems, depending on what one you are referring to, will inspect runtime memory, data loaded into RAM. It will do a number of things to verify memory isn’t being modified (which cheat engines, among other things, need to do).

        Simply, Wine and linux load applications differently, anticheat systems see the difference and assume something nefarious is going on.

        Its not as simple as just running anticheat in wine.

        edit some additional info from a pretty old article

        https://www.theverge.com/2021/10/5/22709918/valve-steam-deck-supported-games-anti-cheat-proton-eac-battleye-epic

          • Norgur@fedia.io
            link
            fedilink
            arrow-up
            28
            ·
            3 months ago

            sadly, no. Anticheat Systems are designed to be paranoid as fuck. So even some readout of the hardware used that WINE handles a tad differently than Windows might trip it.

      • Ashtefere@aussie.zone
        link
        fedilink
        arrow-up
        8
        ·
        3 months ago

        Also, (and this is from security research articles here) most kernel level anticheats seem to focus more on datamining than anticheat (see: anything from tencent)

        Its so bad that a lot of corporate environments ban any work being done on machines that also have them installed (source: my employer)

        Over time more and more anricheat companies have realised that personal data is gold and they are harvesting more and more of it.

        Just read the eula some time. Most of it state in plain english that they send files from your documents, take screenshots and log keys.

        And we give them kernel access…

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        3 months ago

        Because it is in user space not kernel space. Also Linux uses a monolithic kernel (no separate space for drivers)

  • hades@lemm.ee
    link
    fedilink
    arrow-up
    10
    ·
    3 months ago

    If you wanted to support all possible drivers, you would basically need to rewrite the entire kernel. You could make one specific anticheat work by supporting its specific calls, but this will take a lot of work, and will probably be broken with the first ever update.

    In the past there were projects that supported specific types of drivers, such as ndiswrapper, but that had a very limited scope.

    Here’s also an answer to a similar question: https://unix.stackexchange.com/questions/544776/installing-proprietary-windows-drivers-on-linux

  • BCsven@lemmy.ca
    link
    fedilink
    arrow-up
    8
    ·
    3 months ago

    WINE loads the executable binary data into the memory, and runs it. The Machine doesn’t care if the code was made for Windows or Linux when it runs it