[Bug 30220] New: Unhandled Priveleged instruction when starting Minitab 16
http://bugs.winehq.org/show_bug.cgi?id=30220 Bug #: 30220 Summary: Unhandled Priveleged instruction when starting Minitab 16 Product: Wine Version: 1.4 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: prabhjotsbhatia(a)gmail.com Classification: Unclassified The following error is printed to the terminal when I startup Minitab 16. However, there is no effect on the GUI and the application continues to work as normal. Bug 30219 could be related. $ env WINEPREFIX=/home/prabhjot/.myWineBottles/Minitab16/ wine "C:\Program Files\Minitab\Minitab 16\Mtb.exe" fixme:ntoskrnl:KeInitializeMutex stub: 0x5b4a80, 0 fixme:ntoskrnl:KeWaitForSingleObject stub: 0x5b4a80, 0, 0, 0, (nil) wine: Unhandled privileged instruction at address 0x5adf59 (thread 0019), starting debugger... err:ole:CoRegisterClassObject object already registered for class {03e42d3f-a029-4137-b411-244c669f3fbd} fixme:richedit:IRichEditOle_fnSetHostNames stub 0x2894338 Minitab Mtb fixme:richedit:IRichEditOle_fnSetHostNames stub 0x2894338 Minitab Project Manager fixme:richedit:ME_HandleMessage EM_SETTARGETDEVICE doesn't use non-NULL target devices fixme:process:GetProcessWorkingSetSize (0xffffffff,0x32f9d8,0x32f9dc): stub fixme:shell:SHGetFileInfoW set icon to shell size, stub fixme:shell:SHGetFileInfoW set icon to shell size, stub fixme:ole:CoResumeClassObjects stub -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 Prabhjot Bhatia <prabhjotsbhatia(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |prabhjotsbhatia(a)gmail.com -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 Vitaliy Margolen <vitaliy-bugzilla(a)kievinfo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |minor --- Comment #1 from Vitaliy Margolen <vitaliy-bugzilla(a)kievinfo.com> 2012-03-19 00:18:19 CDT --- Was it a clean wineprefix? Does this program use any sort of copy protection? Minor - does not affect running the program. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 Prabhjot Bhatia <prabhjotsbhatia(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|1.4 |1.5.0 --- Comment #2 from Prabhjot Bhatia <prabhjotsbhatia(a)gmail.com> 2012-03-20 14:19:03 CDT --- Yes, It is a clean prefix. I found that the program does use a Sentinel HASP copy protection. However, after installing the program, even winecfg generates the same error. Persists in wine 1.5.0 too. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |hardware, obfuscation Status|UNCONFIRMED |NEW CC| |focht(a)gmx.net Component|-unknown |ntoskrnl Summary|Unhandled Priveleged |Unhandled privileged |instruction when starting |instruction when starting |Minitab 16 |Minitab 16 (Sentinel HASP | |hardlock.sys kernel driver | |tries to write to CR4/not | |handled in ntoskrnl | |emulate_instruction) Ever Confirmed|0 |1 --- Comment #3 from Anastasius Focht <focht(a)gmx.net> 2012-03-20 15:21:04 CDT --- Hello, confirming. The kernel driver tries to write to CR4 which is a privileged instruction and not (yet) emulated by Wine. --- snip --- 000f:Call KERNEL32.CreateProcessW(00000000,00118968 L"C:\\windows\\system32\\winedevice.exe hardlock",00000000,00000000,00000000,00000400,00540000,00000000,0033fc58,0033fc9c) ret=7eda060b ... 000f:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7eda060b ... 0019:Call KERNEL32.LoadLibraryW(0011ab48 L"C:\\windows\\system32\\drivers\\hardlock.sys") ret=7effc932 ... 0019:Ret KERNEL32.LoadLibraryW() retval=00540000 ret=7effc932 ... 0019:Call driver init 0x5cac20 (obj=0x7efff9a0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\hardlock") ... 0019:Ret ntoskrnl.exe.KeInitializeMutex() retval=00000038 ret=00556cff 0019:Call ntoskrnl.exe.KeWaitForSingleObject(005b4a80,00000000,00000000,00000000,00000000) ret=005c1707 0019:fixme:ntoskrnl:KeWaitForSingleObject stub: 0x5b4a80, 0, 0, 0, (nil) 0019:Ret ntoskrnl.exe.KeWaitForSingleObject() retval=c0000002 ret=005c1707 0019:trace:seh:raise_exception code=c0000096 flags=0 addr=0x5adf51 ip=005adf51 tid=0019 0019:trace:seh:raise_exception eax=00000001 ebx=00000000 ecx=00000000 edx=0053ef48 esi=00000019 edi=0053e5e4 0019:trace:seh:raise_exception ebp=0053e608 esp=0053e530 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0019:trace:seh:call_vectored_handlers calling handler at 0x7ed1e496 code=c0000096 flags=0 0019:trace:seh:call_vectored_handlers handler at 0x7ed1e496 returned ffffffff 0019:trace:seh:raise_exception code=c0000096 flags=0 addr=0x5adf59 ip=005adf59 tid=0019 0019:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=00000000 edx=0053ef48 esi=00000019 edi=0053e5e4 0019:trace:seh:raise_exception ebp=0053e608 esp=0053e530 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0019:trace:seh:call_vectored_handlers calling handler at 0x7ed1e496 code=c0000096 flags=0 0019:trace:seh:call_vectored_handlers handler at 0x7ed1e496 returned 0 0019:trace:seh:call_stack_handlers calling handler at 0x7bc92029 code=c0000096 flags=0 0019:Call KERNEL32.UnhandledExceptionFilter(0053e008) ret=7bc92063 wine: Unhandled privileged instruction at address 0x5adf59 (thread 0019), starting debugger... --- snip --- The driver contains mostly obfuscated code, debugging reveals: --- snip --- 005ADF50 50 PUSH EAX 005ADF51 0F20E0 MOV EAX,CR4 ; privileged instruction (emulated) 005ADF54 25 F7FFFFFF AND EAX,FFFFFFF7 005ADF59 0F22E0 MOV CR4,EAX ; privileged instruction (not handled) 005ADF5C 58 POP EAX 005ADF5D C3 RETN --- snip --- The read of CR4 is trapped/emulated by Wine - CR4 write not, causing unhandled exception. It seems the kernel driver tries to cancel out CR4.DE (bit 3) which is "Debugging Extensions". --- quote --- I/O breakpoints, including the CR4.DE bit for enabling debug extensions and optional trapping of access to the DR4 and DR5 registers. --- quote --- Code: http://source.winehq.org/git/wine.git/blob/57e4e608dcd73b36f1084e0cfcb7cf092... --- snip --- 249 static DWORD emulate_instruction( EXCEPTION_RECORD *rec, CONTEXT *context ) 250 { ... 310 switch(*instr) 311 { 312 case 0x0f: /* extended instruction */ 313 switch(instr[1]) 314 { 315 case 0x22: /* mov eax, crX */ 316 switch (instr[2]) 317 { 318 case 0xc0: 319 TRACE("mov eax,cr0 at 0x%08x, EAX=0x%08x\n", context->Eip,context->Eax ); 320 context->Eip += prefixlen+3; 321 return ExceptionContinueExecution; 322 default: 323 break; /*fallthrough to bad instruction handling */ 324 } 325 break; /*fallthrough to bad instruction handling */ ... 409 } 410 return ExceptionContinueSearch; /* Unable to emulate it */ 411 } 412 --- snip --- $ du -sh mtben1610su.exe 93M mtben1610su.exe $ sha1sum mtben1610su.exe 3d4d2ead508e6f930583701a335e5db8f9d40b17 mtben1610su.exe $ wine --version wine-1.5.0 Regards -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 Vitaliy Margolen <vitaliy-bugzilla(a)kievinfo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|1.5.0 |1.4 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 Saulius K. <saulius2(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |saulius2(a)gmail.com -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 --- Comment #4 from Stefan Leichter <Stefan.Leichter(a)camLine.com> 2012-06-17 03:49:25 CDT --- Created attachment 40574 --> http://bugs.winehq.org/attachment.cgi?id=40574 emulate write to CR4 Does the patch help? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mimotitolindo(a)gmail.com --- Comment #5 from Anastasius Focht <focht(a)gmx.net> 2013-02-05 15:03:58 CST --- *** Bug 32902 has been marked as a duplicate of this bug. *** -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30220 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fsandoval(a)hotmail.com --- Comment #6 from Anastasius Focht <focht(a)gmx.net> 2013-05-25 16:44:44 CDT --- *** Bug 33659 has been marked as a duplicate of this bug. *** -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=30220 Sebastian Lackner <sebastian(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian(a)fds-team.de --- Comment #7 from Sebastian Lackner <sebastian(a)fds-team.de> --- @Stefan: The attached patch helps (no crash on this instruction anymore), but afterwards the driver immediately hits the next issue (fixmes added to simplify debugging): ``` trace:seh:call_vectored_handlers handler at 0x7ed2fcce returned ffffffff trace:seh:raise_exception code=c0000096 flags=0 addr=0x7ed55181 ip=7ed55181 tid=0018 trace:seh:raise_exception eax=0053e654 ebx=00000000 ecx=0053e594 edx=0053ef4c esi=00000000 edi=0053e654 trace:seh:raise_exception ebp=0053e678 esp=0053e59c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 trace:seh:call_vectored_handlers calling handler at 0x7ed2fcce code=c0000096 flags=0 fixme:int:emulate_instruction emulate_instruction fixme:int:emulate_instruction instr[0] = 6e fixme:int:emulate_instruction instr[1] = 74 fixme:int:emulate_instruction instr[2] = 64 fixme:int:emulate_instruction instr[3] = 6c fixme:int:emulate_instruction instr[4] = 6c fixme:int:emulate_instruction instr[5] = 2e ``` This privileged instruction code corresponds to: ``` .data:0x00000000 6e outs dx,BYTE PTR ds:[esi] .data:0x00000001 7464 je 0x00000067 .data:0x00000003 6c ins BYTE PTR es:[edi],dx .data:0x00000004 6c ins BYTE PTR es:[edi],dx ``` These instructions will also need to be emulated as it seems like the driver tries to directly access IO ports via assembler instructions. Code to emulate outsb/insb already exists in krnl386.exe/instr.c, so a simple stub is pretty easy, but doesn't bring us further: outsb is supposed to read data from ds:esi, but in this case esi = 0x0 ? Most likely some more things are going wrong here. ;) $ du -sh mtben1610su.exe 93M mtben1610su.exe $ sha1sum mtben1610su.exe f457d13475a783a0d2fff5566c0279640ba26bc6 $ git describe origin/master wine-1.7.29-133-g433df0d -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=30220 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Fixed by SHA1| |e729dba55d33adbb7403a03042f | |7637dfcddb980 Status|NEW |RESOLVED URL| |http://www.mesacg.com/Downl | |oads/MTBen1610su.exe Resolution|--- |FIXED --- Comment #8 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/e729dba55d33adbb7403a03042f... Thanks Stefan --- snip --- ... 0018:trace:seh:raise_exception code=c0000096 flags=0 addr=0x5adf51 ip=005adf51 tid=0018 0018:trace:seh:raise_exception eax=00000001 ebx=00000000 ecx=00000000 edx=0053ef8c esi=0053fb40 edi=0053e644 0018:trace:seh:raise_exception ebp=0053e668 esp=0053e590 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0018:trace:seh:call_vectored_handlers calling handler at 0x7ecea8d8 code=c0000096 flags=0 0018:trace:int:emulate_instruction mov cr4,eax at 0x005adf51 0018:trace:seh:call_vectored_handlers handler at 0x7ecea8d8 returned ffffffff ... 0018:trace:seh:raise_exception code=c0000096 flags=0 addr=0x5adf59 ip=005adf59 tid=0018 0018:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=00000000 edx=0053ef8c esi=0053fb40 edi=0053e644 0018:trace:seh:raise_exception ebp=0053e668 esp=0053e590 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0018:trace:seh:call_vectored_handlers calling handler at 0x7ecea8d8 code=c0000096 flags=0 0018:trace:int:emulate_instruction mov eax,cr4 at 0x005adf59, EAX=0x00000000 0018:trace:seh:call_vectored_handlers handler at 0x7ecea8d8 returned ffffffff ... --- snip --- Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=30220 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #9 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 1.7.34. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=30220 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.mesacg.com/Downl |https://web.archive.org/web |oads/MTBen1610su.exe |/20210318190949/http://www. | |mesacg.com/Downloads/MTBen1 | |610su.exe --- Comment #10 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, adding stable download link via Internet Archive for documentation. https://web.archive.org/web/20210318190949/http://www.mesacg.com/Downloads/M... https://www.virustotal.com/gui/file/746d1df6609d0db8b9521861225baf3dfa8ea11e... $ sha1sum MTBen1610su.exe f457d13475a783a0d2fff5566c0279640ba26bc6 MTBen1610su.exe $ du -sh MTBen1610su.exe 93M MTBen1610su.exe Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla