https://bugs.winehq.org/show_bug.cgi?id=45349 Zebediah Figura <z.figura12(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12(a)gmail.com --- Comment #1 from Zebediah Figura <z.figura12(a)gmail.com> --- Hi Anastasius, Mind sharing a few more details? I've tried applying the Staging patches, but I seem to get a crash in the exact same place (with the exact same RIP, even). And yes, I've checked that the on-disk ntdll has the syscall thunks. I'm also a little confused by your explanation. From the looks of things I'd expect a crash executing the copied entry point (e.g. at the PINSR or ROR instruction or the following INT3), which would then presumably take the form of a STATUS_ACCESS_VIOLATION or STATUS_BREAKPOINT, but the crash is a STATUS_PRIVILEGED_INSTRUCTION, several pages away from that address, and if I dump bytes around the faulty RIP I get this: 0: 4d 56 rex.WRB push %r14 2: bb 65 d4 85 86 mov $0x8685d465,%ebx 7: b9 0a 00 00 00 mov $0xa,%ecx c: 66 ba 58 56 mov $0x5658,%dx 10: ed in (%dx),%eax <- faulty instruction 11: 81 fb 68 58 4d 56 cmp $0x564d5868,%ebx 17: 75 00 jne 19 <foo+0x19> 19: 48 83 c4 10 add $0x10,%rsp 1d: 41 5f pop %r15 1f: 41 rex.B which doesn't look like a corrupted ntdll entry point to me. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.