[Bug 47017] New: Symantec Eraser Control Driver 'eeCtrl64.sys' (Norton 360 ) crashes on unimplemented function ntoskrnl.exe.IoGetStackLimits
https://bugs.winehq.org/show_bug.cgi?id=47017 Bug ID: 47017 Summary: Symantec Eraser Control Driver 'eeCtrl64.sys' (Norton 360) crashes on unimplemented function ntoskrnl.exe.IoGetStackLimits Product: Wine Version: 4.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, as it says. Happens during installation (first time kernel service/driver install/load). --- snip --- $ WINEDEBUG=+seh,+relay,+msi,+ntoskrnl wine ./N360-TW-21.1.0-EN.exe >>log.txt 2>&1 ... 002d:Call advapi32.CreateServiceW(0d8d87d0,0d9bb980 L"eeCtrl",1f9177f0 L"Symantec Eraser Control driver",80000002,00000001,00000001,00000001,0d9c7018 L"C:\\Program Files (x86)\\Common Files\\Symantec Shared\\EENGINE\\eeCtrl64.sys",00000000,00000000,00000000,00000000,00000000) ret=1f87019e ... 007c:trace:ntoskrnl:load_driver_module L"C:\\Program Files (x86)\\Common Files\\Symantec Shared\\EENGINE\\eeCtrl64.sys": relocating from 0x10000 to 0x450000 ... 007c:Call driver init 0x4b6118 (obj=0x278c0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\eeCtrl") ... 007c:trace:ntoskrnl:IoCreateSymbolicLink L"\\??\\EraserCtrlDrv" -> L"\\Device\\EraserCtrlDrv" ... 007c:Call ntoskrnl.exe.RtlInitUnicodeString(0032f370,0002f750 L"C:\\Program Files (x86)\\Common Files\\Symantec Shared\\EENGINE\\EPERSIST.DAT") ret=0046a48a ... 007c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=00000092 ret=0046a48a 007c:Call ntoskrnl.exe.ZwOpenKey(0032f350,00020019,0032f2b0) ret=0046ca8d 007c:Call ntdll.NtOpenKey(0032f350,00020019,0032f2b0) ret=7bc8de2f 007c:Ret ntdll.NtOpenKey() retval=00000000 ret=7bc8de2f 007c:Ret ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=0046ca8d 007c:Call ntoskrnl.exe.RtlInitUnicodeString(0032f2a0,004565b8 L"Started") ret=0046c9ee 007c:Call ntdll.RtlInitUnicodeString(0032f2a0,004565b8 L"Started") ret=7bc8de2f ... 007c:Ret ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=0046ca8d 007c:Call KERNEL32.RaiseException(80000100,00000001,00000002,0032f220) ret=7fe82b71c7a9 007c:trace:seh:NtRaiseException code=80000100 flags=1 addr=0x7b452d3c ip=7b452d3c tid=007c 007c:trace:seh:NtRaiseException info[0]=00007fe82b71c7cd 007c:trace:seh:NtRaiseException info[1]=00007fe82b71e2b4 wine: Call from 0x7b452d3c to unimplemented function ntoskrnl.exe.IoGetStackLimits, aborting ... --- snip --- On WINEPREFIX bootstrapping after installation it runs into bug 47014 (service is autostart). One purpose/use-case of the function is mentioned here: https://community.osr.com/discussion/280922 --- quote --- I want to know, what is stack based file object? In my minifilter, I am using file object from post-create callback for reading file, I used IoGetStackLimit to check if it is stack based file object or not. --- quote --- An actual usage example can be found in Microsoft driver examples on Github: https://github.com/Microsoft/Windows-driver-samples/blob/6c1981b850432952134... --- snip --- /*++ Routine Description: Frees the buffer of an string (STRING, UNICODE_STRING, ANSI_STRING, OEM_STRING) structure if it is not within the current thread's stack limits. Regardless of action performed, on exit String->Buffer will be set to NULL and String->MaximumLength to zero. Arguments: String - pointer to string structure --*/ { ULONG_PTR High, Low; PSTRING LocalString = String; PAGED_CODE(); if (NULL != LocalString->Buffer) { IoGetStackLimits( &Low, &High ); if (((ULONG_PTR)(LocalString->Buffer) < Low) || ((ULONG_PTR)(LocalString->Buffer) > High)) { ExFreePool( LocalString->Buffer); } LocalString->Buffer = NULL; } LocalString->MaximumLength = LocalString->Length = 0; } --- snip --- https://github.com/Microsoft/Windows-driver-samples/blob/6c1981b850432952134... Wine source: https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl... --- snip --- 408 @ stub IoGetStackLimits --- snip --- $ sha1sum N360-TW-21.1.0-EN.exe aa05ccf9668e166ef28923d451f1c2ecad6f75f1 N360-TW-21.1.0-EN.exe $ du -sh N360-TW-21.1.0-EN.exe 203M N360-TW-21.1.0-EN.exe $ wine --version wine-4.6 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47017 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://web.archive.org/web | |/20190410163558/http://buy- | |download.norton.com/downloa | |ds/2014/21.1/N360/US/N360-T | |W-21.1.0-EN.exe Keywords| |download -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47017 Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |8b787945ef0073b4fd886b347d9 | |e22e7e40ff3fe Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> --- Fixed by https://source.winehq.org/git/wine.git/?a=commit;h=8b787945ef0073b4fd886b347... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47017 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 4.12. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org