[Bug 50405] New: Missing ability to read Evironment Block and Environment Block Size from any Process ID kernel32
https://bugs.winehq.org/show_bug.cgi?id=50405 Bug ID: 50405 Summary: Missing ability to read Evironment Block and Environment Block Size from any Process ID kernel32 Product: Wine Version: 5.0 Hardware: x86-64 OS: FreeBSD Status: UNCONFIRMED Severity: normal Priority: P2 Component: kernel32 Assignee: wine-bugs(a)winehq.org Reporter: samuelvenable(a)hotmail.com This works on Windows for me, but in WINE I get an empty string: https://github.com/time-killer-games/libprocinfo/blob/57ca23b1896a68f7b349bf... Requires using a private API. I noticed you guys implemented a different private API which allows you to get the Current Working Directory from an arbitrary Process ID, so that shows you guys aren't against implementing private API's. So anyway, it would be nice to have this, as my libprocinfo library relies on this as one of its core features. It can also help debugging Windows processes runing through WINE, for those who need that sort of thing. I use it for inter-process communication and to avoid sockets, personally. See the function env_from_pid(process_t pid) in that source file, for more details on the implementation. Who knows, maybe I'm doing something wrong and it could be pure luck it works on Windows natively, but I really doubt that. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #1 from Nikolay Sivov <bunglehead(a)gmail.com> --- Hi, have you tried with 6.0-rc3? Also please attach compiled executable, preferably with source code that demonstrates the issue. Have you verified that ReadProcessMemory() works at all on your system? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |focht(a)gmx.net --- Comment #2 from Anastasius Focht <focht(a)gmx.net> --- Hello Samuel, you're most likely doing something wrong. There are many libraries/frameworks/applications using that "undocumented" approach. Also you didn't tell if you're running a WoW64 environment which has some restrictions (32-bit -> 64-bit process). https://stackoverflow.com/questions/7446887/get-command-line-string-of-64-bi... 'PhGetProcessPebString': https://github.com/processhacker/processhacker/blob/04f18ea9a98374fb5aa4fc0d... 'PhGetProcessCommandLine': https://github.com/processhacker/processhacker/blob/04f18ea9a98374fb5aa4fc0d... 'PhGetProcessEnvironment': https://github.com/processhacker/processhacker/blob/04f18ea9a98374fb5aa4fc0d... --- ProcessHacker 2.x works as intended with Wine, showing remote process' command line and environment using that approach (see previous code references). https://github.com/processhacker/processhacker/releases/download/v2.39/proce... Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #3 from Samuel Venable <samuelvenable(a)hotmail.com> --- (In reply to Anastasius Focht from comment #2)
Hello Samuel,
you're most likely doing something wrong. There are many libraries/frameworks/applications using that "undocumented" approach. Also you didn't tell if you're running a WoW64 environment which has some restrictions (32-bit -> 64-bit process).
https://stackoverflow.com/questions/7446887/get-command-line-string-of-64- bit-process-from-32-bit-process
'PhGetProcessPebString':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L580
'PhGetProcessCommandLine':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L733
'PhGetProcessEnvironment':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L913
---
ProcessHacker 2.x works as intended with Wine, showing remote process' command line and environment using that approach (see previous code references).
https://github.com/processhacker/processhacker/releases/download/v2.39/ processhacker-2.39-setup.exe
Regards
Hi, what my code does is it creates an output executable, one built for x86 and one for x64, and depending on the architecture of the target executable based on its process id, that will determine which exe is launched and used for reading the printed standard output printing, which will print the environment block. the null characters \o are replaced and it ends up forming a string that looks like this, when the code is behaving as it should: NAME1="VALUE1" NAME2="VALUE2" NAME3="VALUE3" ...and so on. I use most of the same exact code to retrieve the working directory, and as i said before that does work in WINE, but retrieving the environment block is not. My guess is that EnvironmentSize isn't implemented yet, as many users I've seen are getting the size of the Environment block by other means than the actual struct member for that. Perhaps that is why it is working in those other applications? I'm going to debug this further by seeing what EnvironmentSize returns, and if zero, then that's probably the issue. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #4 from Samuel Venable <samuelvenable(a)hotmail.com> --- (In reply to Nikolay Sivov from comment #1)
Hi,
have you tried with 6.0-rc3? Also please attach compiled executable, preferably with source code that demonstrates the issue. Have you verified that ReadProcessMemory() works at all on your system?
Hi, I was reporting what was on my FreeBSD system as that was what I was on when I posted this, and I couldn't remember whether I tried it on my Linux machine or if it was on the FreeBSD one. If it was the Linux machine, it would be a newer version, but not by much, specifically wine-5.0.3. I compile a test case to and with the version you mentioned and will get back to you. Thanks for everything, both of you! -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #5 from Zebediah Figura <z.figura12(a)gmail.com> --- This bug actually does seem to be valid. According to [1], we're missing the following fields of RTL_USER_PROCESS_PARAMETERS: ULONG EnvironmentSize; ULONG EnvironmentVersion; PVOID PackageDependencyData; ULONG ProcessGroupId; ULONG LoaderThreads; [1] https://processhacker.sourceforge.io/doc/ntrtl_8h_source.html I'm not sure what the point of EnvironmentSize is, since the environment is doubly null-terminated, but there you go... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #6 from Samuel Venable <samuelvenable(a)hotmail.com> --- (In reply to Anastasius Focht from comment #2)
Hello Samuel,
you're most likely doing something wrong. There are many libraries/frameworks/applications using that "undocumented" approach. Also you didn't tell if you're running a WoW64 environment which has some restrictions (32-bit -> 64-bit process).
https://stackoverflow.com/questions/7446887/get-command-line-string-of-64- bit-process-from-32-bit-process
'PhGetProcessPebString':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L580
'PhGetProcessCommandLine':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L733
'PhGetProcessEnvironment':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L913
---
ProcessHacker 2.x works as intended with Wine, showing remote process' command line and environment using that approach (see previous code references).
https://github.com/processhacker/processhacker/releases/download/v2.39/ processhacker-2.39-setup.exe
Regards
Also I'm getting a 404 with all of those links except the stackoverflow one. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #7 from Samuel Venable <samuelvenable(a)hotmail.com> --- (In reply to Samuel Venable from comment #6)
(In reply to Anastasius Focht from comment #2)
Hello Samuel,
you're most likely doing something wrong. There are many libraries/frameworks/applications using that "undocumented" approach. Also you didn't tell if you're running a WoW64 environment which has some restrictions (32-bit -> 64-bit process).
https://stackoverflow.com/questions/7446887/get-command-line-string-of-64- bit-process-from-32-bit-process
'PhGetProcessPebString':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L580
'PhGetProcessCommandLine':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L733
'PhGetProcessEnvironment':
https://github.com/processhacker/processhacker/blob/ 04f18ea9a98374fb5aa4fc0d8c51b93a708eafc4/phlib/native.c#L913
---
ProcessHacker 2.x works as intended with Wine, showing remote process' command line and environment using that approach (see previous code references).
https://github.com/processhacker/processhacker/releases/download/v2.39/ processhacker-2.39-setup.exe
Regards
Also I'm getting a 404 with all of those links except the stackoverflow one.
Sorry, i see now, i have to copy and paste it into the browser because link was trimmed. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #8 from Zebediah Figura <z.figura12(a)gmail.com> --- I'm guessing, though, that those parameters aren't valid for all versions of Windows. You may want to check the second (size) parameter in your library before trying to use it. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #9 from Samuel Venable <samuelvenable(a)hotmail.com> --- So i was correct. It appears it works for them because they used their own method to get the environment size manually, rather than using a real and exist Microsoft API to do it. My code on the other hand uses a real ms api, probably one that wasn't added by you guys, just as I thought. But it will take testing the value of EnvironmentSize to know that for sure. environmentLength = (ULONG)(mbi.RegionSize - ((ULONG_PTR)environmentRemote - (ULONG_PTR)mbi.BaseAddress)); -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #10 from Samuel Venable <samuelvenable(a)hotmail.com> --- (In reply to Zebediah Figura from comment #8)
I'm guessing, though, that those parameters aren't valid for all versions of Windows. You may want to check the second (size) parameter in your library before trying to use it.
I've tested it on Windows 7 and 10. I don't own any other versions of Windows, and the compatibility setting i have for wine is Windows 7. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #11 from Samuel Venable <samuelvenable(a)hotmail.com> --- (In reply to Zebediah Figura from comment #5)
This bug actually does seem to be valid. According to [1], we're missing the following fields of RTL_USER_PROCESS_PARAMETERS:
ULONG EnvironmentSize; ULONG EnvironmentVersion; PVOID PackageDependencyData; ULONG ProcessGroupId; ULONG LoaderThreads;
[1] https://processhacker.sourceforge.io/doc/ntrtl_8h_source.html
I'm not sure what the point of EnvironmentSize is, since the environment is doubly null-terminated, but there you go...
Ah, so mystery solved? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #12 from Nikolay Sivov <bunglehead(a)gmail.com> --- Created attachment 69091 --> https://bugs.winehq.org/attachment.cgi?id=69091 patch Please try this patch. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 Samuel Venable <samuelvenable(a)hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #13 from Samuel Venable <samuelvenable(a)hotmail.com> --- It's working now. Pastebin of sample program output: https://pastebin.com/bXUJmpsp Test program can be downloaded from here: https://drive.google.com/file/d/14XfDUnNh-0ELQsu9RsHK8qKzqbQjT6Py/view?usp=s... Source code to test program here (in case i delete the binary link): https://gist.github.com/time-killer-games/60c355d329cf96a20c4ea7cc3f169ad7 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 Nikolay Sivov <bunglehead(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Component|kernel32 |ntdll Ever confirmed|0 |1 Resolution|FIXED |--- --- Comment #14 from Nikolay Sivov <bunglehead(a)gmail.com> --- Patch is not in Wine yet, so let's keep this open. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 Nikolay Sivov <bunglehead(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Missing ability to read |RTL_USER_PROCESS_PARAMETERS |Evironment Block and |.EnvironmentSize field is |Environment Block Size from |not set in process |any Process ID kernel32 |parameters -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 dmex04(a)gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dmex04(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #15 from Gijs Vermeulen <gijsvrm(a)gmail.com> --- This should be fixed by <https://source.winehq.org/git/wine.git/commit/dc90fe9a947cb04d2ea80acd0770514845e93989>, please retest with wine-6.1. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #16 from dmex04(a)gmail.com --- (In reply to Gijs Vermeulen from comment #15)
This should be fixed by <https://source.winehq.org/git/wine.git/commit/ dc90fe9a947cb04d2ea80acd0770514845e93989>, please retest with wine-6.1.
These types are incorrect for 64-bit. The EnvironmentSize and EnvironmentVersion fields should be ULONG_PTR. https://github.com/processhacker/phnt/blob/e9c8121f41b00cd24e31eb466c9795785... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 François Gouget <fgouget(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch CC| |fgouget(a)codeweavers.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #17 from Gijs Vermeulen <gijsvrm(a)gmail.com> --- (In reply to dmex from comment #16)
These types are incorrect for 64-bit. The EnvironmentSize and EnvironmentVersion fields should be ULONG_PTR.
https://github.com/processhacker/phnt/blob/ e9c8121f41b00cd24e31eb466c9795785096b764/ntrtl.h#L2572-L2573
It seems the types were changed again in <https://source.winehq.org/git/wine.git/commit/78cbc269572b4a7e5e7cfcf4e063a023fcff2cba>, could we call this bug fixed now? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 --- Comment #18 from dmex <dmex04(a)gmail.com> --- (In reply to Gijs Vermeulen from comment #17)
(In reply to dmex from comment #16)
These types are incorrect for 64-bit. The EnvironmentSize and EnvironmentVersion fields should be ULONG_PTR.
https://github.com/processhacker/phnt/blob/ e9c8121f41b00cd24e31eb466c9795785096b764/ntrtl.h#L2572-L2573
It seems the types were changed again in <https://source.winehq.org/git/wine.git/commit/ 78cbc269572b4a7e5e7cfcf4e063a023fcff2cba>, could we call this bug fixed now?
Yep, fixed :) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 Gijs Vermeulen <gijsvrm(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|REOPENED |RESOLVED Fixed by SHA1| |78cbc269572b4a7e5e7cfcf4e06 | |3a023fcff2cba --- Comment #19 from Gijs Vermeulen <gijsvrm(a)gmail.com> --- This is fixed now. <https://source.winehq.org/git/wine.git/commit/dc90fe9a947cb04d2ea80acd0770514845e93989> <https://source.winehq.org/git/wine.git/commit/78cbc269572b4a7e5e7cfcf4e063a023fcff2cba> -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=50405 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #20 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 6.16. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla