wine-bugs January 2014

wine-bugs@winehq.org

1 participants
9859 discussions

[Bug 28753] New: AniDB O'Matic shows exception dialog on startup (madcodehook, gcc 4.6.x frame pointer omission in Wine code)
by wine-bugs＠winehq.org 22 Jul '14

22 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=28753 Bug #: 28753 Summary: AniDB O'Matic shows exception dialog on startup (madcodehook, gcc 4.6.x frame pointer omission in Wine code) Product: Wine Version: 1.3.30 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: focht(a)gmx.net Classification: Unclassified Hello, I recently switched to gcc 4.6.x based distro and encountered strange problems with "AniDB O'Matic" (http://anidb.net/ client) and possibly other apps. The app crash handler catches a fault in startup phase and displays a rather exhaustive "crash analysis" dialog. The fault can be acknowledged and the app continues to load. Tracing with +relay yields nothing - the crash never happens. Without +relay but relevant debugging channels: --- snip --- ... 0009:trace:ole:RemUnknown_Release 0x1aaa28 after: 4 0009:trace:ole:stub_manager_ext_addref added 5 refs to 0x1aac30 (oid 1), rc is now 5 0009:trace:ole:RPC_RegisterInterface ({00000131-0000-0000-c000-000000000046}) 0009:trace:ole:RPC_RegisterInterface Creating new interface 0009:trace:rpc:RpcServerRegisterIfEx (0x1aad34,(null),(nil),3,1234,(nil)) 0009:trace:rpc:RpcServerRegisterIf2 (0x1aad34,(null),(nil),3,1234,4294967295,(nil)) 0009:trace:rpc:RpcServerRegisterIf2 interface id: {00000131-0000-0000-c000-000000000046} 0.0 0009:trace:rpc:RpcServerRegisterIf2 transfer syntax: {00000000-0000-0000-0000-000000000000} 0.0 0009:trace:rpc:RpcServerRegisterIf2 dispatch table: 0x7e769c00 0009:trace:rpc:RpcServerRegisterIf2 dispatch table count: 1 0009:trace:rpc:RpcServerRegisterIf2 entry 0: 0x7e6a7010 0009:trace:rpc:RpcServerRegisterIf2 reserved: 0 0009:trace:rpc:RpcServerRegisterIf2 protseq endpoint count: 0 0009:trace:rpc:RpcServerRegisterIf2 default manager epv: (nil) 0009:trace:rpc:RpcServerRegisterIf2 interpreter info: (nil) 0009:trace:rpc:RPCRT4_start_listen 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x44fed3 ip=0044fed3 tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=000006bd 0009:trace:seh:raise_exception eax=000006b9 ebx=00404d74 ecx=00000000 edx=000006b9 esi=00000000 edi=7e63a728 0009:trace:seh:raise_exception ebp=0032f404 esp=0032f258 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010a16 0009:trace:seh:call_vectored_handlers calling handler at 0x7dccdcf0 code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7dccdcf0 returned 0 0009:trace:seh:call_vectored_handlers calling handler at 0x7defb860 code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7defb860 returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x45015e code=c0000005 flags=0 --- snip --- By debugging I found the following: --- snip --- Wine-dbg>bt Backtrace: =>0 0x0044fe24 in aom (+0x4fe24) (0x0033f43c) 1 0x7ed9cf31 CreateThread+0x4b(sa=(nil), stack=0, start=0x7e5f1640, param=0x1aa8c0, flags=0, id=0x0(nil)) [/home/focht/projects/wine/wine-git/dlls/kernel32/thread.c:54] in kernel32 (0x000006b9) 2 0x7e5f1883 RPCRT4_start_listen_protseq.isra+0x82() in rpcrt4 (0x000006b9) 3 0x7e5f1a00 RPCRT4_start_listen+0xdf(auto_listen=<is not available>) [/home/focht/projects/wine/wine-git/dlls/rpcrt4/rpc_server.c:749] in rpcrt4 (0x7e625720) 4 0x7e5f40c1 RpcServerRegisterIf2+0x170(IfSpec=0x1aabb4, MgrTypeUuid=(nil), MgrEpv=0x0(nil), Flags=0x3, MaxCalls=0x4d2, MaxRpcSize=0xffffffff, IfCallbackFn=(nil)) [/home/focht/projects/wine/wine-git/dlls/rpcrt4/rpc_server.c:1149] in rpcrt4 (0x00000000) --- snip --- The app installs some hooks into win32 API using intrusive way. No IAT/API entry/hotpatch is used .. it analyses the API code and patches calls. Example: "CreateThread" snippet: --- snip original --- ... movl 0x38(%esp),%eax movl %eax,0xc(%esp) movl 0x34(%esp),%eax movl %eax,0x8(%esp) movl 0x30(%esp),%eax movl %eax,0x4(%esp) call 0x7edb1d80 CreateRemoteThread [/home/kernel32/thread.c:54] in kernel32: subl $28,%esp addl $40,%esp popl %ebx ret $0x18 --- snip original --- --- snip patched --- ... movl 0x38(%esp),%eax movl %eax,0xc(%esp) movl 0x34(%esp),%eax movl %eax,0x8(%esp) movl 0x30(%esp),%eax movl %eax,0x4(%esp) call 0x0045029c subl $28,%esp addl $40,%esp popl %ebx ret $0x18 --- snip patched --- Although questionable this works (even in earlier Wine versions). Further analysis reveals the app was written in Delphi and makes use of "madCodeHook/madExcept" library (http://madshi.net/). The apps creates several threads which are initialized successfully. The problem is actually an RPC thread that gets created by Wine code. See here: http://source.winehq.org/git/wine.git/blob/7e309601f3cb55deadaab9bd44475748… Disassembly of problematic snippet from function "RPCRT4_start_listen_protseq": --- snip --- ... movl $0x6b9,%ebp movl $0x0,0x14(%esp) movl $0x0,0x10(%esp) movl %esi,0xc(%esp) movl %eax,0x8(%esp) movl $0x0,0x4(%esp) movl $0x0,0x0(%esp) call 0x7e5b9d68 CreateThread in rpcrt4 subl $24,%esp testl %eax,%eax ... --- snip --- Upon entry of CreateRemoteThread "hook", the handler analyses the frame pointer (checks for non-zero) and tries to access the frame location. This fails because GCC emitted code that used EBP as general purpose register for return status (RPC_S_OUT_OF_RESOURCES) in caller. The fault due to EBP dereference is safely caught from app SEH and a dialog shown. Additionally to the RPC thread problem the GUI shows issues which were previously not present: some treeview items are missing/rearranged. I checked the comctl32/treeview code .. even did some tests with older Wine versions (1.3.0, 1.3.20) no regressions found - it behaved similar. In short: these issues are the result of gcc 4.6+ now free to omit frame pointers on x86 (= default), see: http://gcc.gnu.org/onlinedocs/gcc-4.6.1/gcc/Optimize-Options.html I fixed the problems by adding "-fno-omit-frame-pointer" to build flags. The app works as expected (thread hooks = ok, GUI issues = gone). I suspect there will be more apps and games that use code that depends on frame pointer not being abused as general purpose register. The question is: is it worth to hunt down all Wine code and decorate functions with "no optimize" attributes to keep frame pointer from being abused? E.g. something like this: __attribute__((optimize("-fno-omit-frame-pointer"))) Maybe "-fno-omit-frame-pointer" should be default if Wine x86 is built with gcc 4.6. Regards -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 9

[Bug 29130] New: Where's Wally? The Fantastic Journey fails to recognize the CD in the drive
by wine-bugs＠winehq.org 22 Jul '14

22 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=29130 Bug #: 29130 Summary: Where's Wally? The Fantastic Journey fails to recognize the CD in the drive Product: Wine Version: 1.3.32 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs(a)winehq.org ReportedBy: ezekiel000(a)lavabit.com Classification: Unclassified When loading Where's Wally? The Fantastic Journey it fails to recognize the CD in the drive. A dialogue box comes up saying "Please insert the game disk in the drive and try again." and this shows up on the terminal: fixme:ntdll:server_ioctl_file Unsupported ioctl 2d0800 (device=2d access=0 func=200 method=0) fixme:mountmgr:harddisk_ioctl Unsupported ioctl 2d0800 (device=2d access=0 func=200 method=0) fixme:ntdll:server_ioctl_file Unsupported ioctl 2d0800 (device=2d access=0 func=200 method=0) On Debian Squeeze amd64, official nvidia drivers and wine 1.3.32. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 11

[Bug 29136] New: Sins of a Solar Empire (Stardock.com/Steam) does not activate
by wine-bugs＠winehq.org 22 Jul '14

22 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=29136 Bug #: 29136 Summary: Sins of a Solar Empire (Stardock.com/Steam) does not activate Product: WineHQ Apps Database Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: blocker Priority: P2 Component: appdb-unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: vitor.dominor(a)gmail.com Classification: Unclassified Created attachment 37558 --> http://bugs.winehq.org/attachment.cgi?id=37558 Relevant debug ouput with +winhttp when Register button is clicked. When I start Sins of a Solar Empire Trinity from Steam or from an installation downloaded from store.stardock.com, it presents the Stardock Account Registration dialog. After filling in the required details: stardock email, password and serial number, I click on Register and it does nothing, apparently. I've run it also with WINEDEBUG="+winhttp" and attached the relevant output regarding the moment I click Register. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 21

[Bug 29352] New: NightSky HD crashes on startup
by wine-bugs＠winehq.org 22 Jul '14

22 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=29352 Bug #: 29352 Summary: NightSky HD crashes on startup Product: Wine Version: 1.3.34 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: minor Priority: P2 Component: msvcp AssignedTo: wine-bugs(a)winehq.org ReportedBy: RandomAccountName(a)mail.com Classification: Unclassified Created attachment 37978 --> http://bugs.winehq.org/attachment.cgi?id=37978 Terminal output Native msvcp100 works around it (winetricks vcrun2010). -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 15

[Bug 29340] New: Cave Story+ wants msvcp100.dll.??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
by wine-bugs＠winehq.org 22 Jul '14

22 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=29340 Bug #: 29340 Summary: Cave Story+ wants msvcp100.dll.??0?$basic_iostream@DU?$char_traits@D@std @@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std @@@1@@Z Product: Wine Version: 1.3.34 Platform: x86 URL: http://www.humblebundle.com/ OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: msvcp AssignedTo: wine-bugs(a)winehq.org ReportedBy: austinenglish(a)gmail.com Classification: Unclassified wine-1.3.34-295-g4918d91 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 16

[Bug 29757] New: BurracoClient has encountered a user-defined breakpoint.
by wine-bugs＠winehq.org 22 Jul '14

22 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=29757 Bug #: 29757 Summary: BurracoClient has encountered a user-defined breakpoint. Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: blocker Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: forblink182(a)libero.it Classification: Unclassified Created attachment 38633 --> http://bugs.winehq.org/attachment.cgi?id=38633 A screenshot of the bug. At the opening of BurraconlineClient, the message "BurracoClient has encountered a user-defined breakpoint." shows. If I click on Debug, it opens a dialog windows that tells that "the program BurracoClient.exe has encountered an error and has to be closed. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 4

[Bug 29983] New: AVRstudio 4.14 unable to get list of supported device for AVR simulator
by wine-bugs＠winehq.org 22 Jul '14

22 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=29983 Bug #: 29983 Summary: AVRstudio 4.14 unable to get list of supported device for AVR simulator Product: Wine Version: 1.4-rc4 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ole32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: t.kolousek(a)gmail.com Classification: Unclassified Created attachment 39032 --> http://bugs.winehq.org/attachment.cgi?id=39032 Terminal log for clean wineprefix, app corectly closed when simulator target not available. Atmel AVR studio v4.14 (same behaviour for other versions from 4.08 - 4.19) from www.atmel.com correctly installs and run, but simulator is unusable, because list of supported device is unavailable. Always reproducible: Create new assembler project - in second step select AVR simulator (v1 or v2, same result). In messages pane there's only line "Error getting supported devices". Based on terminal info it seems to be related with ole and rpc. Used on 64bit Gentoo linux, compiled using gcc 4.4.5, only 32bit WINEARCH, fresh wineprefix. Log for clean wineprexfix attached, with native msxml3 and vcrun2005 behaviour not changed, only xsl_pattern error (3rd from end) disappeared. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 18

[Bug 30528] New: Tibia bot crashes when connecting to tibia process. K32EnumProcessModules+0x31() in kernel32
by wine-bugs＠winehq.org 20 Jul '14

20 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=30528 Bug #: 30528 Summary: Tibia bot crashes when connecting to tibia process. K32EnumProcessModules+0x31() in kernel32 Product: Wine Version: 1.5.2 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: kernel32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: treaw(a)o2.pl Classification: Unclassified On clean wineprefix: winetricks vcrun6 wine start Downloads/python-2.4.4.msi wine Downloads/tibia952.exe wine Downloads/TibiaAutoSetup_2_19_2.exe wine ./drive_c/Program\ Files/Tibia\ Auto/tibiaauto.exe wine ./drive_c/Program\ Files/Tibia/Tibia.exe After that tibiaauto.exe crashes, with error attached. http://www.python.org/download/releases/2.4.4/ - installed using .msi file http://sourceforge.net/projects/tibiaauto/ https://secure.tibia.com/account/?subtopic=downloadclient -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 15

[Bug 30536] New: Avanquest PDF Experte Ultimate 7.0.x installer crashes with stack overflow because user32.dll AdjustWindowRect, AdjustWindowRectEx, SetWindowLongA are not hotpatchable (DECLSPEC_HOTPATCH)
by wine-bugs＠winehq.org 20 Jul '14

20 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=30536 Bug #: 30536 Summary: Avanquest PDF Experte Ultimate 7.0.x installer crashes with stack overflow because user32.dll AdjustWindowRect, AdjustWindowRectEx, SetWindowLongA are not hotpatchable (DECLSPEC_HOTPATCH) Product: Wine Version: 1.5.3 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: user32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: focht(a)gmx.net Classification: Unclassified Hello, "Avanquest PDF Experte Ultimate 7.0.x" installer dies quickly with a stack overflow. --- snip --- $ WINEDEBUG=+tid,+seh,+process wine ./PDF\ Experte\ 7\ Ultimate.exe 002d:trace:process:init_current_directory starting in L"Z:\\home\\focht\\Downloads\\Avanquest PDF Experte Ultimate 7.0.1370.0\\" 0x4 002d:trace:process:__wine_kernel_init starting process name=L"Z:\\home\\focht\\Downloads\\Avanquest PDF Experte Ultimate 7.0.1370.0\\PDF Experte 7 Ultimate.exe" argv[0]=L"Z:\\home\\focht\\Downloads\\Avanquest PDF Experte Ultimate 7.0.1370.0\\PDF Experte 7 Ultimate.exe" ... 0030:fixme:exec:SHELL_execute flags ignored: 0x00000100 0030:trace:process:create_process_impl app (null) cmdline L"C:\\users\\focht\\Temp\\FCW2111.tmp\\ISAdmin.exe /SETUPAQ:196646" 0030:trace:process:find_exe_file looking for L"C:\\users\\focht\\Temp\\FCW2111.tmp\\ISAdmin.exe" 0030:trace:process:find_exe_file Trying native exe L"C:\\users\\focht\\Temp\\FCW2111.tmp\\ISAdmin.exe" 0030:trace:process:create_process_impl starting L"C:\\users\\focht\\Temp\\FCW2111.tmp\\ISAdmin.exe" as Win32 binary (0x400000-0x4b1000) 0032:trace:process:init_current_directory starting in L"C:\\users\\focht\\Temp\\FCW2111.tmp\\" 0x1c 0032:trace:process:__wine_kernel_init starting process name=L"C:\\users\\focht\\Temp\\FCW2111.tmp\\ISAdmin.exe" argv[0]=L"C:\\users\\focht\\Temp\\FCW2111.tmp\\ISAdmin.exe" 0030:trace:process:create_process_impl started process pid 0031 tid 0032 ... 0032:err:rebar:REBAR_NotifyFormat wrong response to WM_NOTIFYFORMAT (0), assuming ANSI 0032:trace:seh:raise_exception code=c00000fd flags=0 addr=0xa252924 ip=0a252924 tid=0032 0032:trace:seh:raise_exception eax=0a29bc40 ebx=00000000 ecx=00000000 edx=000506f4 esi=0a2a064c edi=00000000 0032:trace:seh:raise_exception ebp=003258b4 esp=00242000 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0032:trace:seh:call_stack_handlers calling handler at 0xa2973ce code=c00000fd flags=0 0032:trace:seh:call_stack_handlers handler at 0xa2973ce returned 1 0032:trace:seh:call_stack_handlers calling handler at 0xa296ceb code=c00000fd flags=0 0032:trace:seh:call_stack_handlers handler at 0xa296ceb returned 1 0032:trace:seh:call_stack_handlers calling handler at 0xa296d18 code=c00000fd flags=0 0032:trace:seh:call_stack_handlers handler at 0xa296d18 returned 1 0032:trace:seh:call_stack_handlers calling handler at 0xb93220 code=c00000fd flags=0 0032:trace:seh:call_stack_handlers handler at 0xb93220 returned 1 0032:trace:seh:call_stack_handlers calling handler at 0xb931c0 code=c00000fd flags=0 0032:trace:seh:call_stack_handlers handler at 0xb931c0 returned 1 0032:trace:seh:call_stack_handlers calling handler at 0xb92ffa code=c00000fd flags=0 0032:trace:seh:call_stack_handlers handler at 0xb92ffa returned 1 0032:trace:seh:call_stack_handlers calling handler at 0x100c503e code=c00000fd flags=0 0032:err:seh:setup_exception_record stack overflow 1360 bytes in thread 0032 eip f747bac7 esp 00240de0 stack 0x240000-0x241000-0x340000 --- snip --- "ISAdmin.exe" can be started from temp folder after extraction to reproduce/debug. Adding WINEDEBUG=+relay works around. By adding more debugging channels (without +relay) and comparing the trace logs, one can converge on certain code/addresses to start debugging. --- snip --- 0025:Call user32.GetActiveWindow() ret=0a2718ad 0025:Ret user32.GetActiveWindow() retval=00000000 ret=0a2718ad 0025:Call user32.IsZoomed(00020092) ret=0a2718c7 0025:Ret user32.IsZoomed() retval=00000000 ret=0a2718c7 0025:Call KERNEL32.LoadLibraryA(0a28bc40 "UxTheme.dll") ret=0a285cb0 0025:Ret KERNEL32.LoadLibraryA() retval=7dd60000 ret=0a285cb0 0025:Call KERNEL32.InterlockedExchange(0a2981f8,7dd60000) ret=0a285d01 0025:Ret KERNEL32.InterlockedExchange() retval=00000000 ret=0a285d01 0025:Call KERNEL32.GetProcAddress(7dd60000,0a2906f6 "IsThemeActive") ret=0a285d87 0025:Ret KERNEL32.GetProcAddress() retval=7dd6af64 ret=0a285d87 0025:Call uxtheme.IsThemeActive() ret=0a271908 0025:Ret uxtheme.IsThemeActive() retval=00000000 ret=0a271908 --- snip --- After user32.IsZoomed() it always goes berserk. The offending code is located in a dll "NewUI.dll": --- snip --- 0025:trace:loaddll:load_native_dll Loaded L"C:\\users\\focht\\Temp\\{0105E420-3327-496D-95E0-756E345AEF72}\\{FC279721-37A6-4777-AFD8-7A56681EBA14}\\Tools.dll" at 0x9fb0000: native 0025:trace:loaddll:load_native_dll Loaded L"C:\\users\\focht\\Temp\\{0105E420-3327-496D-95E0-756E345AEF72}\\{FC279721-37A6-4777-AFD8-7A56681EBA14}\\SerialNumberWrapper.dll" at 0xa120000: native 0025:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\msvfw32.dll" at 0x7d3a0000: builtin 0025:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\gdiplus.dll" at 0x7d320000: builtin 0025:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\imagehlp.dll" at 0x7d300000: builtin 0025:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\dbghelp.dll" at 0x7d290000: builtin 0025:trace:loaddll:load_native_dll Loaded L"C:\\users\\focht\\Temp\\{0105E420-3327-496D-95E0-756E345AEF72}\\{FC279721-37A6-4777-AFD8-7A56681EBA14}\\NewUI.dll" at 0xa250000: native 0025:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\windowscodecs.dll" at 0x7d1f0000: builtin --- snip --- It seems the installer code hooks various user32 API to "skin" dialogs. Part of the hooker code (annotated): --- snip --- ... 0A251C3B 66:813F 8BFF CMP WORD PTR DS:[EDI],0FF8B ; check for "MOV EDI, EDI" 0A251C40 75 39 JNE SHORT 0A251C7B 0A251C42 8A03 MOV AL,BYTE PTR DS:[EBX] ; EBX = [EDI-5] 0A251C44 3C 90 CMP AL,90 ; NOP padding? 0A251C46 75 09 JNE SHORT 0A251C51 0A251C48 817F FC 90909 CMP DWORD PTR DS:[EDI-4],90909090 ; NOP padding? 0A251C4F 74 0D JE SHORT 0A251C5E 0A251C51 3C CC CMP AL,0CC ; INT3 padding? 0A251C53 75 26 JNE SHORT 0A251C7B 0A251C55 817F FC CCCCC CMP DWORD PTR DS:[EDI-4],CCCCCCCC ; INT3 padding? 0A251C5C 75 1D JNE SHORT 0A251C7B 0A251C5E C603 E9 MOV BYTE PTR DS:[EBX],0E9 ; long jump opcode 0A251C61 8B4E 18 MOV ECX,DWORD PTR DS:[ESI+18] 0A251C64 2B4E 14 SUB ECX,DWORD PTR DS:[ESI+14] 0A251C67 894F FC MOV DWORD PTR DS:[EDI-4],ECX ; set address to API hook 0A251C6A 66:C707 EBF9 MOV WORD PTR DS:[EDI],0F9EB ; short jump to long jump 0A251C6F 8B56 14 MOV EDX,DWORD PTR DS:[ESI+14] 0A251C72 83C2 02 ADD EDX,2 0A251C75 8916 MOV DWORD PTR DS:[ESI],EDX ; save real entry addr 0A251C77 C646 20 01 MOV BYTE PTR DS:[ESI+20],1 ; set flag "hooked" 0A251C7B 8B4C24 10 MOV ECX,DWORD PTR SS:[LOCAL.0] 0A251C7F 8D4424 10 LEA EAX,[LOCAL.0] 0A251C83 50 PUSH EAX ; old protect 0A251C84 51 PUSH ECX ; new protect 0A251C85 6A 14 PUSH 14 ; size = 20 0A251C87 53 PUSH EBX ; address 0A251C88 FFD5 CALL EBP ; KERNEL32.VirtualProtect --- snip --- The entry is patched if "hotpatch" prolog is detected: 2 byte relative short jump back to Windows-style long-jump area (which is located before the API using NOPs or INT3s). Due to missing HOTPATCH area, setting hooks for following API fails as above code will not patch these API entries: user32.dll "AdjustWindowRectEx" user32.dll "AdjustWindowRect" user32.dll "SetWindowLongA" After failure a different code path is taken and several other API get patched: kernel32.dll "LoadLibraryA" kernel32.dll "LoadLibraryW" all "Ex" variants. I think that code path is actually bugged which has severe consequences. Later delayed imports are resolved using the stubs: --- snip --- ... 0A281902 FF15 407A2A0A CALL DWORD PTR DS:[0A2A7A40] ; delayed import IsThemeActive ... 0A289678 B8 407A2A0A MOV EAX,OFFSET 0A2A7A40 0A28967D E9 00000000 JMP 0A289682 0A289682 51 PUSH ECX 0A289683 52 PUSH EDX 0A289684 50 PUSH EAX 0A289685 68 4C062A0A PUSH OFFSET 0A2A064C 0A28968A E8 25C50000 CALL 0A295BB4 ; "resolver" code 0A28968F 5A POP EDX 0A289690 59 POP ECX 0A289691 FFE0 JMP EAX --- snip --- The "resolver" code uses kernel32.LoadLibraryA API which got hooked. --- snip --- 0A295CA7 FF75 C8 PUSH DWORD PTR SS:[LOCAL.14] ; filename 0A295CAA FF15 B092290A CALL DWORD PTR DS:[<&KERNEL32.LoadLibraryA>] 0A295CB0 8BF8 MOV EDI,EAX 0A295CB2 85FF TEST EDI,EDI --- snip --- --- snip --- ... 7B8564AA CC INT3 7B8564AB CC INT3 7B8564AC E9 6FC49F8E JMP 0A252920 kernel32.LoadLibraryA: 7B8564B1 EB F9 JMP SHORT 7B8564AC ; LoadLibraryA hook 7B8564B3 55 PUSH EBP 7B8564B4 8BEC MOV EBP,ESP 7B8564B6 53 PUSH EBX ... --- snip --- Out of insanity the wrapper calls kernel32.LoadLibraryA (straight IAT entry!) --- snip --- 0A252920 8B4424 04 MOV EAX,DWORD PTR SS:[ARG.1] ; filename 0A252924 56 PUSH ESI 0A252925 50 PUSH EAX ; filename 0A252926 FF15 B092290A CALL DWORD PTR DS:[<&KERNEL32.LoadLibraryA>] 0A25292C 8BF0 MOV ESI,EAX 0A25292E 6A 00 PUSH 0 0A252930 56 PUSH ESI 0A252931 E8 FAFEFFFF CALL 0A252830 0A252936 8BC6 MOV EAX,ESI 0A252938 5E POP ESI 0A252939 C2 0400 RETN 4 --- snip --- The original IAT entry contains the destination API address which points to first byte of entry (only makes sense *if* the API is *not* hooked). For whatever reason the wrapper doesn't make use of the hook-data (see function that patches the API entries: the +2 address is also saved away to continue on real API). This makes the recursion and subsequent stack overflow complete. --- If you add DECLSPEC_HOTPATCH to all three mentioned user32 API those LoadLibraryX API which cause the recursion don't get hooked, no stack overflow occurs and the installer proceeds to show a dialog. Unfortunately the dialog (that ought to be skinned) isn't redrawn possibly due to other Wine bugs in user32. You can drag it around and if you're lucky you can hit/click "next" button in the dark. $ du -sh PDF\ Experte\ 7\ Ultimate.exe 35M PDF Experte 7 Ultimate.exe $ sha1sum PDF\ Experte\ 7\ Ultimate.exe a06cf16dc98941e333d94111372358ad07286aca PDF Experte 7 Ultimate.exe $ wine --version wine-1.5.3 Regards -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 7

[Bug 30809] New: ConEmu: Fails to start cmd.exe
by wine-bugs＠winehq.org 20 Jul '14

20 Jul '14

http://bugs.winehq.org/show_bug.cgi?id=30809 Bug #: 30809 Summary: ConEmu: Fails to start cmd.exe Product: Wine Version: 1.5.5 Platform: x86 URL: http://code.google.com/p/conemu-maximus5/downloads/det ail?name=ConEmu.120527a.7z&can=2&q= OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: techtonik(a)gmail.com Classification: Unclassified wine ConEmu.exe fails. It should start a console child process with CMD.EXE that connects to the main ConEmu GUI, but child process fails with an error message: ConEmuC.M, PID=39, Injecting hooks into PID=51 FAILED, code=-710:0x00000005 stdout shows: $ wine ConEmu.exe fixme:uxtheme:BufferedPaintInit Stub () fixme:win:RegisterShellHookWindow (0x10072): stub err:rebar:REBAR_WindowProc unknown msg 200b wp=00000000 lp=00495520 fixme:x11drv:sync_window_opacity LWA_COLORKEY not supported fixme:console:GetConsoleProcessList (0x51dbe8,1000): stub fixme:console:GetConsoleProcessList (0x51dbe8,1000): stub fixme:console:GetConsoleProcessList (0x51dbe8,1000): stub fixme:console:GetConsoleProcessList (0x33ec8c,10): stub -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

1 10

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

wine-bugs January 2014