https://bugs.winehq.org/show_bug.cgi?id=49165 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |focht(a)gmx.net Summary|Crash when trying to open |VeraCrypt 1.24 filter |Veracrypt |driver 'veracrypt_x64.sys' | |crashes in entry point | |('IoGetDeviceObjectPointer' | |must not return a stub | |device if the device object | |doesn't exist) Component|-unknown |ntoskrnl --- Comment #2 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, confirming. https://web.archive.org/web/20200319114317/https://launchpadlibrarian.net/46... Trace log: --- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl wine ./VeraCrypt.exe >>log.txt 2>&1 ... 00ec:Call driver init 0000000000D57600 (obj=00000000000FBC70,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\veracrypt") ... 00ec:Call ntoskrnl.exe.MmGetSystemRoutineAddress(00b5f740) ret=00d5718a ... 00ec:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryActiveProcessorCountEx" not found 00ec:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00000000 ret=00d5718a 00ec:trace:seh:raise_exception code=c0000096 flags=0 addr=0xc8a983 ip=c8a983 tid=00ec 00ec:trace:seh:raise_exception rax=0000000000b5f6b8 rbx=0000000000d57600 rcx=0000000000d577d0 rdx=0000000000222004 00ec:trace:seh:raise_exception rsi=0000000000000000 rdi=0000000000d577d0 rbp=0000000000b5f669 rsp=0000000000b5f5b0 00ec:trace:seh:raise_exception r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 00ec:trace:seh:raise_exception r12=0000000000000000 r13=0000000000222004 r14=0000000000000001 r15=0000000000000000 00ec:trace:seh:call_vectored_handlers calling handler at 0x22cf50 code=c0000096 flags=0 00ec:trace:seh:call_vectored_handlers handler at 0x22cf50 returned ffffffff 00ec:Call ntoskrnl.exe.RtlInitUnicodeString(00b5f660,00d577d0 L"\\Device\\VeraCrypt") ret=00c8a9b2 00ec:Call ntdll.RtlInitUnicodeString(00b5f660,00d577d0 L"\\Device\\VeraCrypt") ret=7bca1eff 00ec:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7bca1eff 00ec:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=00000024 ret=00c8a9b2 00ec:Call ntoskrnl.exe.IoGetDeviceObjectPointer(00b5f660,00000080,00b5f600,00b5f608) ret=00c8a9c9 00ec:Call KERNEL32.IsBadStringPtrW(00d577d0,00000011) ret=00235647 00ec:Ret KERNEL32.IsBadStringPtrW() retval=00000000 ret=00235647 00ec:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\\Device\\VeraCrypt" 80 0000000000B5F600 0000000000B5F608 00ec:Ret ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=00c8a9c9 00ec:Call ntoskrnl.exe.KeInitializeEvent(00b5f670,00000000,00000000) ret=00c8a9e0 00ec:trace:ntoskrnl:KeInitializeEvent event 0000000000B5F670, type 0, state 0. 00ec:Ret ntoskrnl.exe.KeInitializeEvent() retval=00000029 ret=00c8a9e0 00ec:Call ntoskrnl.exe.IoBuildDeviceIoControlRequest(00222004,00259578,00000000,00000000,00b5f718,00000004,00000000,00b5f670,00b5f688) ret=00c8aa1a 00ec:trace:ntoskrnl:IoBuildDeviceIoControlRequest 222004, 0000000000259578, 0000000000000000, 0, 0000000000B5F718, 4, 0, 0000000000B5F670, 0000000000B5F688 00ec:trace:ntoskrnl:IoAllocateIrp -128, 0 00ec:Call ntdll.RtlAllocateHeap(008e0000,00000000,00000310) ret=0022f10d 00ec:Ret ntdll.RtlAllocateHeap() retval=008e0330 ret=0022f10d 00ec:trace:ntoskrnl:ExAllocatePoolWithTag 784 pool 0 -> 00000000008E0330 00ec:trace:ntoskrnl:IoInitializeIrp 00000000008E0330, 784, -128 00ec:Call msvcrt.memset(008e0330,00000000,00000310) ret=0022f1a7 00ec:Ret msvcrt.memset() retval=008e0330 ret=0022f1a7 00ec:trace:seh:raise_exception code=c0000005 flags=0 addr=0x22f9b8 ip=22f9b8 tid=00ec 00ec:trace:seh:raise_exception info[0]=0000000000000001 00ec:trace:seh:raise_exception info[1]=00000000008ddfb8 00ec:trace:seh:raise_exception rax=00000000008de000 rbx=0000000000222004 rcx=00007f2d1af1da0e rdx=0000000000000037 00ec:trace:seh:raise_exception rsi=00000000008e0330 rdi=0000000000000000 rbp=0000000000000000 rsp=0000000000b5f470 00ec:trace:seh:raise_exception r8=0000000000000000 r9=0000000000b5ec02 r10=0000000000000000 r11=0000000000000000 00ec:trace:seh:raise_exception r12=0000000000b5f718 r13=0000000000000004 r14=0000000000000000 r15=0000000000b5f688 00ec:trace:seh:call_vectored_handlers calling handler at 0x22cf50 code=c0000005 flags=0 00ec:trace:seh:call_vectored_handlers handler at 0x22cf50 returned 0 ... --- snip --- The driver is open source so it's rather boring. https://www.veracrypt.fr/code/VeraCrypt/tree/src/Driver/Ntdriver.c?h=VeraCry... --- snip --- NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) { PKEY_VALUE_PARTIAL_INFORMATION startKeyValue; LONG version; int i; Dump ("DriverEntry " TC_APP_NAME " " VERSION_STRING VERSION_STRING_SUFFIX "\n"); DetectX86Features (); PsGetVersion (&OsMajorVersion, &OsMinorVersion, NULL, NULL); Dump ("OsMajorVersion=%d OsMinorVersion=%d\n", OsMajorVersion, OsMinorVersion); // NX pool support is available starting from Windows 8 if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2)) { ExDefaultNonPagedPoolType = (POOL_TYPE) NonPagedPoolNx; ExDefaultMdlProtection = MdlMappingNoExecute; } // KeAreAllApcsDisabled is available starting from Windows Server 2003 if ((OsMajorVersion > 5) || (OsMajorVersion == 5 && OsMinorVersion >= 2)) { UNICODE_STRING KeAreAllApcsDisabledFuncName; RtlInitUnicodeString(&KeAreAllApcsDisabledFuncName, L"KeAreAllApcsDisabled"); KeAreAllApcsDisabledPtr = (KeAreAllApcsDisabledFn) MmGetSystemRoutineAddress(&KeAreAllApcsDisabledFuncName); } // KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7 // KeQueryActiveGroupCount/KeQueryActiveProcessorCountEx/KeSetSystemGroupAffinityThread are available starting from Windows 7 if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1)) { UNICODE_STRING saveFuncName, restoreFuncName, groupCountFuncName, procCountFuncName, setAffinityFuncName; RtlInitUnicodeString(&saveFuncName, L"KeSaveExtendedProcessorState"); RtlInitUnicodeString(&restoreFuncName, L"KeRestoreExtendedProcessorState"); RtlInitUnicodeString(&groupCountFuncName, L"KeQueryActiveGroupCount"); RtlInitUnicodeString(&procCountFuncName, L"KeQueryActiveProcessorCountEx"); RtlInitUnicodeString(&setAffinityFuncName, L"KeSetSystemGroupAffinityThread"); KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName); KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName); KeSetSystemGroupAffinityThreadPtr = (KeSetSystemGroupAffinityThreadFn) MmGetSystemRoutineAddress(&setAffinityFuncName); KeQueryActiveGroupCountPtr = (KeQueryActiveGroupCountFn) MmGetSystemRoutineAddress(&groupCountFuncName); KeQueryActiveProcessorCountExPtr = (KeQueryActiveProcessorCountExFn) MmGetSystemRoutineAddress(&procCountFuncName); } // ExGetFirmwareEnvironmentVariable is available starting from Windows 8 if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2)) { UNICODE_STRING funcName; RtlInitUnicodeString(&funcName, L"ExGetFirmwareEnvironmentVariable"); ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName); } // Load dump filter if the main driver is already loaded if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version)))) return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath); TCDriverObject = DriverObject; memset (VirtualVolumeDeviceObjects, 0, sizeof (VirtualVolumeDeviceObjects)); ... --- snip --- "Load dump filter if the main driver is already loaded". The drivers asks for it's own driver object '\\Device\\VeraCrypt' which isn't created yet (first time driver init/entry). https://www.veracrypt.fr/code/VeraCrypt/tree/src/Driver/Ntdriver.c?h=VeraCry... --- snip --- NTSTATUS TCDeviceIoControl (PWSTR deviceName, ULONG IoControlCode, void *InputBuffer, ULONG InputBufferSize, void *OutputBuffer, ULONG OutputBufferSize) { IO_STATUS_BLOCK ioStatusBlock; NTSTATUS ntStatus; PIRP irp; PFILE_OBJECT fileObject; PDEVICE_OBJECT deviceObject; KEVENT event; UNICODE_STRING name; if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled()) { TCDeviceIoControlWorkItemArgs args; PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject); if (!workItem) return STATUS_INSUFFICIENT_RESOURCES; args.deviceName = deviceName; args.IoControlCode = IoControlCode; args.InputBuffer = InputBuffer; args.InputBufferSize = InputBufferSize; args.OutputBuffer = OutputBuffer; args.OutputBufferSize = OutputBufferSize; KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE); IoQueueWorkItem (workItem, TCDeviceIoControlWorkItemRoutine, DelayedWorkQueue, &args); KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL); IoFreeWorkItem (workItem); return args.Status; } RtlInitUnicodeString(&name, deviceName); ntStatus = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject); if (!NT_SUCCESS (ntStatus)) return ntStatus; KeInitializeEvent(&event, NotificationEvent, FALSE); ... --- snip --- Wine returns a stub driver object in any case which is bad. https://source.winehq.org/git/wine.git/blob/9e26bc811656ad8eb901bffa5528b9ce... --- snip --- 1648 /*********************************************************************** 1649 * IoGetDeviceObjectPointer (NTOSKRNL.EXE.@) 1650 */ 1651 NTSTATUS WINAPI IoGetDeviceObjectPointer( UNICODE_STRING *name, ACCESS_MASK access, PFILE_OBJECT *file, PDEVICE_OBJECT *device ) 1652 { 1653 static DEVICE_OBJECT stub_device; 1654 static DRIVER_OBJECT stub_driver; 1655 1656 FIXME( "stub: %s %x %p %p\n", debugstr_us(name), access, file, device ); 1657 1658 stub_device.StackSize = 0x80; /* minimum value to appease SecuROM 5.x */ 1659 stub_device.DriverObject = &stub_driver; 1660 1661 *file = NULL; 1662 *device = &stub_device; 1663 1664 return STATUS_SUCCESS; 1665 } --- snip --- The crash is in 'IoBuildDeviceIoControlRequest' -> IoGetNextIrpStackLocation() -> irpsp access which is the result of earlier misconception. https://source.winehq.org/git/wine.git/blob/9e26bc811656ad8eb901bffa5528b9ce... --- snip --- 1200 /*********************************************************************** 1201 * IoBuildDeviceIoControlRequest (NTOSKRNL.EXE.@) 1202 */ 1203 PIRP WINAPI IoBuildDeviceIoControlRequest( ULONG code, PDEVICE_OBJECT device, 1204 PVOID in_buff, ULONG in_len, 1205 PVOID out_buff, ULONG out_len, 1206 BOOLEAN internal, PKEVENT event, 1207 PIO_STATUS_BLOCK iosb ) 1208 { 1209 PIRP irp; 1210 PIO_STACK_LOCATION irpsp; 1211 MDL *mdl; 1212 1213 TRACE( "%x, %p, %p, %u, %p, %u, %u, %p, %p\n", 1214 code, device, in_buff, in_len, out_buff, out_len, internal, event, iosb ); 1215 1216 if (device == NULL) 1217 return NULL; 1218 1219 irp = IoAllocateIrp( device->StackSize, FALSE ); 1220 if (irp == NULL) 1221 return NULL; 1222 1223 irpsp = IoGetNextIrpStackLocation( irp ); 1224 irpsp->MajorFunction = internal ? IRP_MJ_INTERNAL_DEVICE_CONTROL : IRP_MJ_DEVICE_CONTROL; 1225 irpsp->Parameters.DeviceIoControl.IoControlCode = code; 1226 irpsp->Parameters.DeviceIoControl.InputBufferLength = in_len; 1227 irpsp->Parameters.DeviceIoControl.OutputBufferLength = out_len; 1228 irpsp->DeviceObject = NULL; 1229 irpsp->CompletionRoutine = NULL; 1230 --- snip --- A similar case is bug 27668 ("SecuROM 4.x/5.x: SpellForce won't recognize original CD during install/play ('IoGetDeviceObjectPointer' needs to return real device/driver object for '\\Device\\CdRom0')"). In any case, this filter driver relies on layered kernel driver architecture. Until Wine has a proper design and implementation of a layered kernel driver concept this can't work. Even then, due to the nature of this kernel driver this not going to work under Wine. FYI there is a native Linux port if dm-crypt / LUKS doesn't fit your requirements. $ sha1sum VeraCrypt\ Portable\ 1.24-Update6.exe 489e85916d2f93f1664110d987132d678178d83b VeraCrypt Portable 1.24-Update6.exe $ du -sh VeraCrypt\ Portable\ 1.24-Update6.exe 35M VeraCrypt Portable 1.24-Update6.exe $ wine --version wine-5.8-173-g9e26bc8116 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.