[Bug 48817] New: Module_InitDLL fails if LDR_MODULE.Flags was modified
https://bugs.winehq.org/show_bug.cgi?id=48817 Bug ID: 48817 Summary: Module_InitDLL fails if LDR_MODULE.Flags was modified Product: Wine Version: 5.4 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs(a)winehq.org Reporter: qsniyg(a)mail.com Distribution: --- I've created a test case here: https://github.com/qsniyg/wine_dll_load_test. I would have made a patch to add this in wine's test suite, but it's rather complex (requiring multiple DLLs), so I'm not sure how to do this. dll1.dll depends on dll2.dll, which therefore will have its DllMain run before dll1's. dll2.dll looks for dll1's LDR_MODULE, then blanks out the Flags attribute, alongside a few others. Since MODULE_InitDLL reads the flags from dll1's now-modified LDR_MODULE, it fails to find the LDR_IMAGE_IS_DLL flag, which prevents dll1's DllMain from being run. The test case runs fine under Windows 10, but not under wine. This is used by certain code protection systems in order to confuse debuggers. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, obfuscation, | |testcase -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #1 from qsniyg <qsniyg(a)mail.com> --- Created attachment 66836 --> https://bugs.winehq.org/attachment.cgi?id=66836 initdll.patch Since AJ stated the patch I had written was more of a hack, I'm guessing I'll need to modify it in some way in order for it to be accepted upstream. I'll try to get it stable enough to be sent upstream, but in case this takes a while, could this patch be added to wine-staging in the meantime? It might also be helpful in case it adds any regressions (there were a few major ones with an earlier version of the patch, which are fixed in this version). -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 qsniyg <qsniyg(a)mail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |leslie_alistair(a)hotmail.com | |, z.figura12(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #2 from qsniyg <qsniyg(a)mail.com> --- Since a bunch of the emails regarding the patch were done without wine-devel CC'd, I'll update the status of it here: The patch I wrote adds a new variable to a wine structure, something that doesn't exist under Windows, so while it works, it almost certainly isn't the proper solution. According to AJ, a proper solution would likely require only calling Module_InitDLL when wine is sure that it's a DLL. I'm not very familiar with this however, so I don't yet know exactly how to do this without possibly introducing regressions. I'll have to look into this further. For the moment, the attached patch should be functional enough without introducing regressions, but it's not the correct way to do it either. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Staged patchset| |https://github.com/wine-sta | |ging/wine-staging/tree/mast | |er/patches/ntdll-LDR_IMAGE_ | |IS_DLL Ever confirmed|0 |1 Status|UNCONFIRMED |STAGED -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4(a)web.de --- Comment #3 from Fabian Maurer <dark.shadow4(a)web.de> --- Is this fixed with https://source.winehq.org/git/wine.git/?a=commit;h=fd7992972b252ed262d33ef60... ? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 rawfox <rawfox(a)freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rawfox(a)freenet.de --- Comment #4 from rawfox <rawfox(a)freenet.de> --- Since this fix, StarCitizen is not working anymore. We are not sure yet, but its calling EtwEventRegister() . I cant find a function like that, but there is EtwEventEnabled(), according to Microsoft docs in wdm.h, not existing in wine's wdm.h yet. Is EtwRegister() and EtwUnregister() missing in wine yet ? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #5 from qsniyg <qsniyg(a)mail.com> --- (In reply to Fabian Maurer from comment #3)
Is this fixed with https://source.winehq.org/git/wine.git/?a=commit; h=fd7992972b252ed262d33ef604e9e1235d2108c5 ?
Yes, it works! :) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #6 from qsniyg <qsniyg(a)mail.com> --- (In reply to rawfox from comment #4)
Since this fix, StarCitizen is not working anymore.
We are not sure yet, but its calling EtwEventRegister() .
I cant find a function like that, but there is EtwEventEnabled(), according to Microsoft docs in wdm.h, not existing in wine's wdm.h yet.
Is EtwRegister() and EtwUnregister() missing in wine yet ?
Could you attach a +module,+loaddll,+seh,+ntdll log? (+module,+loaddll for tracing the code related to this, +ntdll for Etw*, and +seh for exceptions) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #7 from rawfox <rawfox(a)freenet.de> --- Created attachment 66957 --> https://bugs.winehq.org/attachment.cgi?id=66957 requested log wine-5.6-193-g59987bc9ec StarCitizen froze while loading export WINEDEBUG=-all,+module,+loaddll,+seh,+ntdll Ive interrupted the gameprocess with strg-c This is only ht ebottom part of the file. The original logfile is about 152mb. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #8 from qsniyg <qsniyg(a)mail.com> --- (In reply to rawfox from comment #7)
Created attachment 66957 [details] requested log
wine-5.6-193-g59987bc9ec StarCitizen froze while loading export WINEDEBUG=-all,+module,+loaddll,+seh,+ntdll Ive interrupted the gameprocess with strg-c This is only ht ebottom part of the file. The original logfile is about 152mb.
Could you send the entire logfile (gzip it and upload it to somewhere like google drive)? The issue is more likely to be at the top than at the bottom. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 rawfox <rawfox(a)freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #66957|0 |1 is obsolete| | --- Comment #9 from rawfox <rawfox(a)freenet.de> --- Created attachment 66958 --> https://bugs.winehq.org/attachment.cgi?id=66958 full log compressed here is the full log compressed -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #10 from qsniyg <qsniyg(a)mail.com> --- (In reply to rawfox from comment #9)
Created attachment 66958 [details] full log compressed
here is the full log compressed
Does wine-staging 5.6 work for you? It contains a similar version of the patch, though it doesn't rework quite as much. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #11 from rawfox <rawfox(a)freenet.de> --- Yes, wine-5.6 staging works 100% :) I still dont have an idea, whats wrong, but its confirmed crashing for others as well. I found this point by bisecting the commits. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #12 from rawfox <rawfox(a)freenet.de> --- Todays commits are crashing: wine-5.6-299-gf65cfbfe9b (Staging) Wine-5.6 (Staging) release is working 100%. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 Vijay Kamuju <infyquest(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |infyquest(a)gmail.com --- Comment #13 from Vijay Kamuju <infyquest(a)gmail.com> --- The staged patchset removed from the staging git as an alternate solution is in place in vanilla wine git. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 --- Comment #14 from Alexandre Julliard <julliard(a)winehq.org> --- Created attachment 66965 --> https://bugs.winehq.org/attachment.cgi?id=66965 TLS callbacks for main exe Does this make any difference? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 Tk <ti3nou(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ti3nou(a)gmail.com --- Comment #15 from Tk <ti3nou(a)gmail.com> --- (In reply to Alexandre Julliard from comment #14)
Created attachment 66965 [details] TLS callbacks for main exe
Does this make any difference?
That patch fixes https://bugs.winehq.org/show_bug.cgi?id=48971 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|STAGED |RESOLVED Fixed by SHA1| |fd7992972b252ed262d33ef604e | |9e1235d2108c5 Resolution|--- |FIXED --- Comment #16 from Alexandre Julliard <julliard(a)winehq.org> --- Original issue fixed by fd7992972b252ed262d33ef604e9e1235d2108c5. Please file new bugs if there are still issues with some apps. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48817 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #17 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 5.7. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla