wine-bugs February 2021

wine-bugs@winehq.org

1 participants
6834 discussions

[Bug 45844] New: Battleye' s BEDaisy.sys requires correct KeGetCurrentThread implementation
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=45844 Bug ID: 45844 Summary: Battleye's BEDaisy.sys requires correct KeGetCurrentThread implementation Product: Wine Version: 3.16 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: dereklesho52(a)Gmail.com Distribution: --- Battleye tries to access the KTHREAD structure it gets from KeGetCurrentThread, put because it is not present in our implementation there is a page fault. My implementation on github fixes this issue: https://github.com/Guy1524/wine/commits/battleye-work-stable -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 9

[Bug 44496] New: BattlEye 'BEDaisy' kernel service custom imports resolved can't cope with 'ntoskrnl.exe' low-level (wc)string/copy helpers being forwarded to 'msvcrt.dll'
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=44496 Bug ID: 44496 Summary: BattlEye 'BEDaisy' kernel service custom imports resolved can't cope with 'ntoskrnl.exe' low-level (wc)string/copy helpers being forwarded to 'msvcrt.dll' Product: Wine Version: 3.1 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, follow-up of bug 37355 Small client to reproduce: http://static.tibia.com/download/Tibia_Setup.exe NOTE: Due to a regression with service state/transition handling, the kernel driver service is not started by the helper service anymore (only once upon installation). To work around bug 41670 issue 'wine net stop BEService' command from another console after the window "Starting BattlEye Service..." shows up and wait a bit. The app will detect this and restart the helper service which in turn will start the kernel service. Also suffers from bug 38836 later. --- snip --- $ pwd /home/focht/.wine/drive_c/users/focht/Local Settings/Application Data/Tibia/packages/Tibia/bin $ WINEDEBUG=+tid,+seh,+ntoskrnl,+winedevice,+process,+loaddll,+relay,+module wine ./client_launcher.exe >>log.txt 2>&1 ... 0049:Call ntoskrnl.exe.IoAllocateMdl(00780000,00040409,00000000,00000000,00000000) ret=0080bf37 0049:trace:ntoskrnl:IoAllocateMdl (0x780000, 263177, 0, 0, (nil)) 0049:Call ntdll.RtlAllocateHeap(00110000,00000008,00000120) ret=7ecd1460 0049:Ret ntdll.RtlAllocateHeap() retval=0011cd38 ret=7ecd1460 0049:fixme:ntoskrnl:IoGetCurrentProcess () semi-stub 0049:Ret ntoskrnl.exe.IoAllocateMdl() retval=0011cd38 ret=0080bf37 0049:Call ntoskrnl.exe.MmProbeAndLockPages(0011cd38,00000000,00000001) ret=0080bf37 0049:fixme:ntoskrnl:MmProbeAndLockPages (0x11cd38, 0, 1): stub 0049:Ret ntoskrnl.exe.MmProbeAndLockPages() retval=0000003f ret=0080bf37 0049:Call ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0011cd38,00000000,00000000,00000001,00000000,00000000) ret=0080bf37 0049:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x11cd38, 0, 0, 0x1, 0, 0): stub 0049:Call ntdll.RtlAllocateHeap(00110000,00000000,00040409) ret=7ecd4509 0049:Ret ntdll.RtlAllocateHeap() retval=0011d958 ret=7ecd4509 0049:Call KERNEL32.OpenProcess(001fffff,00000000,00000043) ret=7ecd4534 0049:Ret KERNEL32.OpenProcess() retval=00000040 ret=7ecd4534 0049:Call KERNEL32.ReadProcessMemory(00000040,00780000,0011d958,00040409,00000000) ret=7ecd4567 0049:Ret KERNEL32.ReadProcessMemory() retval=00000001 ret=7ecd4567 0049:Call KERNEL32.CloseHandle(00000040) ret=7ecd458e 0049:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ecd458e 0049:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache Success! 0049:Ret ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=0011d958 ret=0080bf37 0049:Call ntoskrnl.exe.ExAllocatePool(00000000,00000068) ret=0080bf37 0049:Call ntdll.RtlAllocateHeap(00110000,00000000,00000068) ret=7ecd3339 0049:Ret ntdll.RtlAllocateHeap() retval=0015f3a8 ret=7ecd3339 0049:trace:ntoskrnl:ExAllocatePoolWithTag 104 pool 0 -> 0x15f3a8 0049:Ret ntoskrnl.exe.ExAllocatePool() retval=0015f3a8 ret=0080bf37 0049:Call ntdll.NtQuerySystemInformation(0000000b,0065f39c,00000000,0065f398) ret=0080732b 0049:Ret ntdll.NtQuerySystemInformation() retval=c0000004 ret=0080732b 0049:Call ntoskrnl.exe.ExAllocatePool(00000000,00001400) ret=007fe2fc 0049:Call ntdll.RtlAllocateHeap(00110000,00000000,00001400) ret=7ecd3339 0049:Ret ntdll.RtlAllocateHeap() retval=0015f6d0 ret=7ecd3339 0049:trace:ntoskrnl:ExAllocatePoolWithTag 5120 pool 0 -> 0x15f6d0 0049:Ret ntoskrnl.exe.ExAllocatePool() retval=0015f6d0 ret=007fe2fc 0049:Call ntdll.NtQuerySystemInformation(0000000b,0015f6d0,00001400,0065f398) ret=008034e1 0049:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=008034e1 0049:Call ntoskrnl.exe.ExFreePool(0015f6d0) ret=00803229 0049:trace:ntoskrnl:ExFreePoolWithTag 0x15f6d0 0049:Call ntdll.RtlFreeHeap(00110000,00000000,0015f6d0) ret=7ecd3586 0049:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ecd3586 0049:Ret ntoskrnl.exe.ExFreePool() retval=00000001 ret=00803229 0049:Call ntdll.NtQuerySystemInformation(0000000b,0065f39c,00000000,0065f398) ret=0080732b 0049:Ret ntdll.NtQuerySystemInformation() retval=c0000004 ret=0080732b 0049:Call ntoskrnl.exe.ExAllocatePool(00000000,00001400) ret=007fe2fc 0049:Call ntdll.RtlAllocateHeap(00110000,00000000,00001400) ret=7ecd3339 0049:Ret ntdll.RtlAllocateHeap() retval=0015f6d0 ret=7ecd3339 0049:trace:ntoskrnl:ExAllocatePoolWithTag 5120 pool 0 -> 0x15f6d0 0049:Ret ntoskrnl.exe.ExAllocatePool() retval=0015f6d0 ret=007fe2fc 0049:Call ntdll.NtQuerySystemInformation(0000000b,0015f6d0,00001400,0065f398) ret=008034e1 0049:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=008034e1 0049:Call ntoskrnl.exe.ExFreePool(0015f6d0) ret=00803229 0049:trace:ntoskrnl:ExFreePoolWithTag 0x15f6d0 0049:Call ntdll.RtlFreeHeap(00110000,00000000,0015f6d0) ret=7ecd3586 0049:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ecd3586 0049:Ret ntoskrnl.exe.ExFreePool() retval=00000001 ret=00803229 0049:Call ntdll.NtQuerySystemInformation(0000000b,0065f354,00000000,0065f350) ret=0080732b 0049:Ret ntdll.NtQuerySystemInformation() retval=c0000004 ret=0080732b 0049:Call ntoskrnl.exe.ExAllocatePool(00000000,00001400) ret=007fe2fc 0049:Call ntdll.RtlAllocateHeap(00110000,00000000,00001400) ret=7ecd3339 0049:Ret ntdll.RtlAllocateHeap() retval=0015f6d0 ret=7ecd3339 0049:trace:ntoskrnl:ExAllocatePoolWithTag 5120 pool 0 -> 0x15f6d0 0049:Ret ntoskrnl.exe.ExAllocatePool() retval=0015f6d0 ret=007fe2fc 0049:Call ntdll.NtQuerySystemInformation(0000000b,0015f6d0,00001400,0065f350) ret=008034e1 0049:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=008034e1 0049:Call ntoskrnl.exe.ExFreePool(0015f6d0) ret=00803229 0049:trace:ntoskrnl:ExFreePoolWithTag 0x15f6d0 0049:Call ntdll.RtlFreeHeap(00110000,00000000,0015f6d0) ret=7ecd3586 0049:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ecd3586 0049:Ret ntoskrnl.exe.ExFreePool() retval=00000001 ret=00803229 0049:Call ntdll.NtQuerySystemInformation(0000000b,0065f358,00000000,0065f354) ret=0080732b 0049:Ret ntdll.NtQuerySystemInformation() retval=c0000004 ret=0080732b 0049:Call ntoskrnl.exe.ExAllocatePool(00000000,00001400) ret=007fe2fc 0049:Call ntdll.RtlAllocateHeap(00110000,00000000,00001400) ret=7ecd3339 0049:Ret ntdll.RtlAllocateHeap() retval=0015f6d0 ret=7ecd3339 0049:trace:ntoskrnl:ExAllocatePoolWithTag 5120 pool 0 -> 0x15f6d0 0049:Ret ntoskrnl.exe.ExAllocatePool() retval=0015f6d0 ret=007fe2fc 0049:Call ntdll.NtQuerySystemInformation(0000000b,0015f6d0,00001400,0065f354) ret=008034e1 0049:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=008034e1 0049:Call ntoskrnl.exe.ExFreePool(0015f6d0) ret=00803229 0049:trace:ntoskrnl:ExFreePoolWithTag 0x15f6d0 0049:Call ntdll.RtlFreeHeap(00110000,00000000,0015f6d0) ret=7ecd3586 0049:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ecd3586 0049:Ret ntoskrnl.exe.ExFreePool() retval=00000001 ret=00803229 0049:Call ntdll.NtQuerySystemInformation(0000000b,0065f310,00000000,0065f30c) ret=0080732b 0049:Ret ntdll.NtQuerySystemInformation() retval=c0000004 ret=0080732b 0049:Call ntoskrnl.exe.ExAllocatePool(00000000,00001400) ret=007fe2fc 0049:Call ntdll.RtlAllocateHeap(00110000,00000000,00001400) ret=7ecd3339 0049:Ret ntdll.RtlAllocateHeap() retval=0015f6d0 ret=7ecd3339 0049:trace:ntoskrnl:ExAllocatePoolWithTag 5120 pool 0 -> 0x15f6d0 0049:Ret ntoskrnl.exe.ExAllocatePool() retval=0015f6d0 ret=007fe2fc 0049:Call ntdll.NtQuerySystemInformation(0000000b,0015f6d0,00001400,0065f30c) ret=008034e1 0049:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=008034e1 0049:Call ntoskrnl.exe.ExFreePool(0015f6d0) ret=00803229 0049:trace:ntoskrnl:ExFreePoolWithTag 0x15f6d0 0049:Call ntdll.RtlFreeHeap(00110000,00000000,0015f6d0) ret=7ecd3586 0049:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ecd3586 0049:Ret ntoskrnl.exe.ExFreePool() retval=00000001 ret=00803229 --- snip --- The (heavily obfuscated) kernel driver uses its own custom imports resolver. It basically walks the module list using 'NtQuerySystemInformation( SystemModuleInformation, ...)' and processes the export table of 'ntoskrnl.exe' and later 'fltmgr.sys' in order to resolve some needed functions. The resolver is rather simplistic and can't deal with Wine's forwarded exports to 'msvcrt'. Native Windows kernel doesn't do this. --- snip --- ... DbgPrint says: The procedure entry point wcsncmp could not be located in the module ntoskrnl.exe Ret driver init 0x7fdf6e (obj=0x11cb58,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\BEDaisy") retval=c0000183 0049:trace:winedevice:init_driver init done for L"BEDaisy" obj 0x11cb58 0049:trace:winedevice:init_driver - DriverInit = 0x7fdf6e 0049:trace:winedevice:init_driver - DriverStartIo = (nil) 0049:trace:winedevice:init_driver - DriverUnload = (nil) 0049:trace:winedevice:init_driver - MajorFunction[0] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[1] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[2] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[3] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[4] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[5] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[6] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[7] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[8] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[9] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[10] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[11] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[12] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[13] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[14] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[15] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[16] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[17] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[18] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[19] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[20] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[21] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[22] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[23] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[24] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[25] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[26] = 0x7ecd1b10 0049:trace:winedevice:init_driver - MajorFunction[27] = 0x7ecd1b10 0049:Call ntdll.RtlFreeUnicodeString(0011cb74) ret=7ecd1d12 0049:Ret ntdll.RtlFreeUnicodeString() retval=0011cb74 ret=7ecd1d12 0049:Call ntdll.RtlFreeUnicodeString(0011cc0c) ret=7ecd1d26 0049:Ret ntdll.RtlFreeUnicodeString() retval=0011cc0c ret=7ecd1d26 0049:Call ntdll.RtlFreeHeap(00110000,00000000,0011cb48) ret=7ecd1d46 0049:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ecd1d46 0049:Ret ntoskrnl.exe.IoCreateDriver() retval=c0000183 ret=7effb7fc 0049:err:winedevice:async_create_driver failed to create driver L"BEDaisy": c0000183 --- snip --- NOTE: This is a similar problem domain as bug 37852 ("Sentinel HASP 'hardlock.sys' kernel driver custom imports resolver can't cope with many 'ntoskrnl.exe' functions being fowarded to 'ntdll.dll' (Minitab 16 fails to start)". Although this driver requires a much smaller set of (msvcrt) functions. * native API (ntdll) -> bug 37852 * msvcrt -> this one Source: https://source.winehq.org/git/wine.git/blob/354fa7eb7921c3317e7943c18871feb… --- snip --- 1484 @ cdecl -private wcsncmp(wstr wstr long) msvcrt.wcsncmp --- snip --- The driver requires the following set of functions not be forwarded: * wcsncmp * _wcsnicmp * _strnicmp * memcpy * memset * _stricmp Wine should reimplement the low-level string/copy helpers in 'ntoskrnl' in same way as it is done for 'ntdll' core module (NTDLL_foobar). Source: https://source.winehq.org/git/wine.git/blob/354fa7eb7921c3317e7943c18871feb… --- snip --- 1457 @ cdecl -private wcsncmp(wstr wstr long) NTDLL_wcsncmp --- snip --- https://source.winehq.org/git/wine.git/blob/354fa7eb7921c3317e7943c18871feb… --- snip --- 157 /********************************************************************* 158 * wcsncmp (NTDLL.@) 159 */ 160 INT __cdecl NTDLL_wcsncmp( LPCWSTR str1, LPCWSTR str2, INT n ) 161 { 162 return strncmpW( str1, str2, n ); 163 } --- snip --- With these things fixed, the driver runs further - into next problems. $ sha1sum Tibia_Setup.exe 50951008ccc402cc32407bfc56a88da873e3e9bd Tibia_Setup.exe $ du -sh Tibia_Setup.exe 5.2M Tibia_Setup.exe $ wine --version wine-3.1-193-g354fa7eb79 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 10

[Bug 44811] New: BattlEye 'BEDaisy' kernel service requires _chkstk implementation.
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=44811 Bug ID: 44811 Summary: BattlEye 'BEDaisy' kernel service requires _chkstk implementation. Product: Wine Version: 3.4 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: leslie_alistair(a)hotmail.com Distribution: --- When the stack goes over a 4k on x86 or 8k for x64 boundary then this function is used to resolve this issue. https://msdn.microsoft.com/en-us/library/ms648426(v=vs.85).aspx -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 12

[Bug 45843] New: Battleye' s BEDaisy.sys expects memory allocated by ExAllocatePoolWithTag to be executable
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=45843 Bug ID: 45843 Summary: Battleye's BEDaisy.sys expects memory allocated by ExAllocatePoolWithTag to be executable Product: Wine Version: 3.16 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: dereklesho52(a)Gmail.com Distribution: --- In the NT Kernel, non-paged memory is executable, and BEDaisy.sys crashes on a page fault if this is not the case. My patch is located here: https://github.com/Guy1524/wine/commits/battleye-work-stable -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 10

[Bug 44636] New: Sentinel HASP 'hardlock.sys' kernel driver access to CR4 via %ESI register operand not handled in ntoskrnl emulate_instruction
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=44636 Bug ID: 44636 Summary: Sentinel HASP 'hardlock.sys' kernel driver access to CR4 via %ESI register operand not handled in ntoskrnl emulate_instruction Product: Wine Version: 3.2 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, continuation of bug 37852 This time it's another variant of bug 30220 now with %ESI being register operand. --- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Minitab/Minitab 16 $ WINEDEBUG=+seh,+relay,+winedevice,+ntoskrnl wine ./Mtb.exe >>log.txt 2>&1 ... 0019:trace:winedevice:load_driver_module L"C:\\windows\\system32\\drivers\\hardlock.sys": relocating from 0x10000 to 0x780000 ... 0019:Call driver init 0x80ac20 (obj=0x11cb28,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\hardlock") ... 0019:Call ntoskrnl.exe.RtlInitUnicodeString(0065fc74,007efa18 L"\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Services\\HaspNt") ret=00786720 0019:Call ntdll.RtlInitUnicodeString(0065fc74,007efa18 L"\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Services\\HaspNt") ret=7bc7e247 0019:Ret ntdll.RtlInitUnicodeString() retval=0065fc74 ret=7bc7e247 0019:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065fc74 ret=00786720 0019:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000001,00000084,36346b48) ret=00786748 0019:Call ntdll.RtlAllocateHeap(00110000,00000000,00000084) ret=7ecce269 0019:Ret ntdll.RtlAllocateHeap() retval=0011cd08 ret=7ecce269 0019:trace:ntoskrnl:ExAllocatePoolWithTag 132 pool 1 -> 0x11cd08 0019:Ret ntoskrnl.exe.ExAllocatePoolWithTag() retval=0011cd08 ret=00786748 0019:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000001,00000148,34356b48) ret=007879d7 0019:Call ntdll.RtlAllocateHeap(00110000,00000000,00000148) ret=7ecce269 0019:Ret ntdll.RtlAllocateHeap() retval=0011d2e8 ret=7ecce269 0019:trace:ntoskrnl:ExAllocatePoolWithTag 328 pool 1 -> 0x11d2e8 0019:Ret ntoskrnl.exe.ExAllocatePoolWithTag() retval=0011d2e8 ret=007879d7 0019:Call ntoskrnl.exe.RtlInitUnicodeString(0011d2e8,00000000) ret=00787a0f 0019:Call ntdll.RtlInitUnicodeString(0011d2e8,00000000) ret=7bc7e247 0019:Ret ntdll.RtlInitUnicodeString() retval=0011d2e8 ret=7bc7e247 0019:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0011d2e8 ret=00787a0f 0019:trace:seh:raise_exception code=c0000096 flags=0 addr=0x787a18 ip=00787a18 tid=0019 0019:trace:seh:raise_exception eax=00110078 ebx=00000000 ecx=0011d2f0 edx=00000000 esi=0011d2e8 edi=0011cd08 0019:trace:seh:raise_exception ebp=0065fbb4 esp=0065fb64 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0019:trace:seh:call_vectored_handlers calling handler at 0x7ecc9f55 code=c0000096 flags=0 0019:trace:seh:call_vectored_handlers handler at 0x7ecc9f55 returned 0 0019:trace:seh:call_stack_handlers calling handler at 0x7bcb01c8 code=c0000096 flags=0 0019:Call KERNEL32.UnhandledExceptionFilter(0065f664) ret=7bcb0203 wine: Unhandled privileged instruction at address 0x787a18 (thread 0019), starting debugger... --- snip --- Disassembly: --- snip --- .... 00787A16 FFF6 PUSH ESI 00787A18 0F20E6 MOV ESI,CR4 ; unhandled opcode 00787A1B 66:81E6 F7FF AND SI,0FFF7 00787A20 0F22E6 MOV CR4,ESI ; unhandled opcode 00787A23 5E POP ESI 00787A24 66:05 C800 ADD AX,0C8 00787A28 FFF7 PUSH EDI 00787A2A 66:8946 02 MOV WORD PTR DS:[ESI+2],AX 00787A2E E9 F4F40600 JMP hardlock.007F6F27 ... --- snip --- Source: https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/instr.c… --- snip --- 329 switch(*instr) 330 { 331 case 0x0f: /* extended instruction */ 332 switch(instr[1]) 333 { 334 case 0x22: /* mov eax, crX */ 335 switch (instr[2]) 336 { 337 case 0xc0: 338 TRACE("mov eax,cr0 at 0x%08x, EAX=0x%08x\n", context->Eip,context->Eax ); 339 context->Eip += prefixlen+3; 340 return ExceptionContinueExecution; 341 case 0xe0: 342 TRACE("mov eax,cr4 at 0x%08x, EAX=0x%08x\n", context->Eip,context->Eax ); 343 context->Eip += prefixlen+3; 344 return ExceptionContinueExecution; 345 default: 346 break; /*fallthrough to bad instruction handling */ 347 } 348 ERR("Unsupported EAX -> CR register, eip+2 is %02x\n", instr[2]); 349 break; /*fallthrough to bad instruction handling */ 350 case 0x20: /* mov crX, eax */ 351 switch (instr[2]) 352 { 353 case 0xe0: /* mov cr4, eax */ 354 /* CR4 register . See linux/arch/i386/mm/init.c, X86_CR4_ defs 355 * bit 0: VME Virtual Mode Exception ? 356 * bit 1: PVI Protected mode Virtual Interrupt 357 * bit 2: TSD Timestamp disable 358 * bit 3: DE Debugging extensions 359 * bit 4: PSE Page size extensions 360 * bit 5: PAE Physical address extension 361 * bit 6: MCE Machine check enable 362 * bit 7: PGE Enable global pages 363 * bit 8: PCE Enable performance counters at IPL3 364 */ 365 TRACE("mov cr4,eax at 0x%08x\n",context->Eip); 366 context->Eax = 0; 367 context->Eip += prefixlen+3; 368 return ExceptionContinueExecution; --- snip --- %EAX as register operand is handled but %ESI not. 0x0f 0x20-0x2f 20: MOV Rd,Cd 21: MOV Rd,Dd 22: MOV Cd,Rd 23: MOV Dd,Rd $ sha1sum MTBen1610su.exe f457d13475a783a0d2fff5566c0279640ba26bc6 MTBen1610su.exe $ du -sh MTBen1610su.exe 93M MTBen1610su.exe $ wine --version wine-3.2-293-g0a72708126 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 4

[Bug 44749] New: Sentinel HASP 'hardlock.sys' kernel driver expects ntdll.RtlCheckRegistryKey to return STATUS_SUCCESS on empty path
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=44749 Bug ID: 44749 Summary: Sentinel HASP 'hardlock.sys' kernel driver expects ntdll.RtlCheckRegistryKey to return STATUS_SUCCESS on empty path Product: Wine Version: 3.3 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, to separate two different issues from bug 44641 Technically it was https://source.winehq.org/git/wine.git/commitdiff/f07e8ca8f01106b6d41a933f0… ("ntdll: Fix RtlCheckRegistryKey when called with empty path.") which returns 'STATUS_SUCCESS' now, causing the driver to execute a different code path, not calling 'ntoskrnl.exe.RtlCreateRegistryKey' at this point. Bug 44641 is about missing 'ntdll.RtlCreateRegistryKey' API -> fixed by https://source.winehq.org/git/wine.git/commitdiff/535419a2bf8da3fd21cfdede4… Created this ticket to avoid rechristening bug 44641 --- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Minitab/Minitab 16 $ WINEDEBUG=+seh,+relay,+winedevice,+ntoskrnl wine ./Mtb.exe >>log.txt 2>&1 ... 0019:Call ntoskrnl.exe.RtlCheckRegistryKey(00000001,0065fb20) ret=007a8edd 0019:Call ntdll.RtlCheckRegistryKey(00000001,0065fb20) ret=7bc7e2bb 0019:Ret ntdll.RtlCheckRegistryKey() retval=c0000034 ret=7bc7e2bb 0019:Ret ntoskrnl.exe.RtlCheckRegistryKey() retval=c0000034 ret=007a8edd 0019:Call KERNEL32.RaiseException(80000100,00000001,00000002,0065fad4) ret=7ecd21a7 0019:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b44667f ip=7b44667f tid=0019 0019:trace:seh:raise_exception info[0]=7ecd21c0 0019:trace:seh:raise_exception info[1]=7ecd6098 wine: Call from 0x7b44667f to unimplemented function ntoskrnl.exe.RtlCreateRegistryKey, aborting 0019:trace:seh:call_vectored_handlers calling handler at 0x7ecc9e95 code=80000100 flags=1 0019:trace:seh:call_vectored_handlers handler at 0x7ecc9e95 returned 0 0019:trace:seh:call_stack_handlers calling handler at 0x7bcb023c code=80000100 flags=1 --- snip --- $ sha1sum MTBen1610su.exe f457d13475a783a0d2fff5566c0279640ba26bc6 MTBen1610su.exe $ du -sh MTBen1610su.exe 93M MTBen1610su.exe $ wine --version wine-3.2-346-gb1aee9c391 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 5

[Bug 44641] New: Sentinel HASP 'hardlock.sys' kernel driver crashes on unimplemented function ntoskrnl.exe.RtlCreateRegistryKey
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=44641 Bug ID: 44641 Summary: Sentinel HASP 'hardlock.sys' kernel driver crashes on unimplemented function ntoskrnl.exe.RtlCreateRegistryKey Product: Wine Version: 3.2 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, continuation of bug 44636 --- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Minitab/Minitab 16 $ WINEDEBUG=+seh,+relay,+winedevice,+ntoskrnl wine ./Mtb.exe >>log.txt 2>&1 ... 0019:Call ntoskrnl.exe.RtlCheckRegistryKey(00000001,0065fb20) ret=007a8edd 0019:Call ntdll.RtlCheckRegistryKey(00000001,0065fb20) ret=7bc7e2bb 0019:Ret ntdll.RtlCheckRegistryKey() retval=c0000034 ret=7bc7e2bb 0019:Ret ntoskrnl.exe.RtlCheckRegistryKey() retval=c0000034 ret=007a8edd 0019:Call KERNEL32.RaiseException(80000100,00000001,00000002,0065fad4) ret=7ecd21a7 0019:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b44667f ip=7b44667f tid=0019 0019:trace:seh:raise_exception info[0]=7ecd21c0 0019:trace:seh:raise_exception info[1]=7ecd6098 wine: Call from 0x7b44667f to unimplemented function ntoskrnl.exe.RtlCreateRegistryKey, aborting 0019:trace:seh:call_vectored_handlers calling handler at 0x7ecc9e95 code=80000100 flags=1 0019:trace:seh:call_vectored_handlers handler at 0x7ecc9e95 returned 0 0019:trace:seh:call_stack_handlers calling handler at 0x7bcb023c code=80000100 flags=1 --- snip --- Source: https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntdll/ntdll.spec#l511 --- snip --- 511 @ stub RtlCreateRegistryKey --- snip --- MSDN: https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/n… $ sha1sum MTBen1610su.exe f457d13475a783a0d2fff5566c0279640ba26bc6 MTBen1610su.exe $ du -sh MTBen1610su.exe 93M MTBen1610su.exe $ wine --version wine-3.2-346-gb1aee9c391 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 9

[Bug 20291] New: File Maker 10 Advanced installs fine but does not start in Debian 5 wine version 1.01
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

http://bugs.winehq.org/show_bug.cgi?id=20291 Summary: File Maker 10 Advanced installs fine but does not start in Debian 5 wine version 1.01 Product: WineHQ Bugzilla Version: unspecified Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: critical Priority: P2 Component: bugzilla-unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: ialsahili(a)gmail.com Here is the message that appears when I try to run the program in terminal: -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

2 4

[Bug 20289] New: File Maker 10 Advanced installs fine but does not start in Debian 5 wine version 1.01
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

http://bugs.winehq.org/show_bug.cgi?id=20289 Summary: File Maker 10 Advanced installs fine but does not start in Debian 5 wine version 1.01 Product: WineHQ Bugzilla Version: unspecified Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: critical Priority: P2 Component: bugzilla-unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: ialsahili(a)gmail.com Here is the message that appears when I try to run the program in terminal: fixme:heap:HeapSetInformation (nil) 1 (nil) 0 fixme:advapi:RegisterEventSourceW ((null),L"Bonjour Service"): stub fixme:winsock:WS_setsockopt Unknown IPPROTO_IP optname 0x00000013 fixme:winsock:WSAIoctl SIO_GET_EXTENSION_FUNCTION_POINTER {f689d7c8-6f1f-436b-8a53-e54fe351c322}: stub fixme:winsock:WS_setsockopt Unknown level: 0x00000029 fixme:winsock:WS_setsockopt Unknown level: 0x00000029 fixme:winsock:WS_setsockopt Unknown level: 0x00000029 fixme:winsock:WS_setsockopt Unknown level: 0x00000029 fixme:winsock:WSAIoctl SIO_GET_EXTENSION_FUNCTION_POINTER {f689d7c8-6f1f-436b-8a53-e54fe351c322}: stub fixme:winsock:WSAIoctl -> SIO_ADDRESS_LIST_CHANGE request: stub err:module:attach_process_dlls "odbc32.dll" failed to initialize, aborting err:module:LdrInitializeThunk Main exe initialization for L"C:\\Program Files\\FileMaker\\FileMaker Pro 10 Advanced\\FileMaker Pro Advanced.exe" failed, status c0000005 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

2 7

[Bug 49400] New: Multiple Windows 10 applications need IsWow64Process2 to determine real OS architecture (ex: detect WOW64 on ARM64)
by WineHQ Bugzilla 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=49400 Bug ID: 49400 Summary: Multiple Windows 10 applications need IsWow64Process2 to determine real OS architecture (ex: detect WOW64 on ARM64) Product: Wine Version: 5.10 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: kernelbase Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, to track: https://www.winehq.org/pipermail/wine-devel/2020-June/168211.html https://source.winehq.org/patches/data/187205 I've found some apps on Github using it. No idea which app/game Dmitry wants to fix ;-) * https://github.com/joelbyford/WowProcNewVsOld * https://github.com/wixtoolset/dutil * https://github.com/guided-hacking/GuidedHacking-Injector Microsoft docs: https://docs.microsoft.com/en-us/windows/win32/api/wow64apiset/nf-wow64apis… .NET core mentions this as well: https://github.com/dotnet/runtime/issues/26612 --- quote --- When x86 code is executed on an ARM64 Windows, System.Runtime.InteropServices.RuntimeInformation.OSArchitecture returns X86 and System.Environment.Is64BitOperatingSystem returns False. These two properties call GetNativeSystemInfo and IsWow64Process Kernel32.dll functions respectively, which conceal the real OS architecture from x86 code by returning PROCESSOR_ARCHITECTURE_INTEL (meaning x86) and FALSE. To obtain the real OS architecture, Windows 10 introduced a new IsWow64Process2 function in version 1511. We need to make a decision how an app may reliably figure out the real OS architecture it is running on: Should we fix the implementation of the existing CoreFX properties? Or do we recommend resorting to an IsWow64Process2 PInvoke wrapped in a necessary try/catch? --- quote --- $ wine --version wine-5.10-247-gf8955cfb0f Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1 4

[Bug 44718] New: Screenhero 0.14.x (.NET 4.x app) needs 'sas.dll' ( WinLogon Software SAS Library)
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=44718 Bug ID: 44718 Summary: Screenhero 0.14.x (.NET 4.x app) needs 'sas.dll' (WinLogon Software SAS Library) Product: Wine Version: 3.3 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, extracted from https://bugs.winehq.org/show_bug.cgi?id=39201#c7 Louis Lenders: --- quote --- The program itsself Screenhero.exe crashes like below, with the patch (stub sas.dll) it starts fine 0009:err:module:import_dll Library SAS.dll (which is needed by L"C:\\Program Files\\Screenhero, Inc\\Screenhero\\AppSharingClasses.dll") not found 0009:fixme:nls:LCIDToLocaleName unsupported flags 8000000 0009:fixme:advapi:RegisterEventSourceW ((null),L".NET Runtime"): stub 0009:fixme:advapi:ReportEventW (0xcafe4242,0x0001,0x0000,0x00000402,(nil),0x0001,0x00000000,0x32cf38,(nil)): stub 0009:err:eventlog:ReportEventW L"Application: Screenhero.exe\nFramework Version: v4.0.30319\nDescription: The process was terminated due to an unhandled exception.\nException Info: System.IO.FileNotFoundException\nStack:\n at AppSharing.App..ctor()\n at AppSharing.App.Main()\n" --- quote --- The installer requires (install blockers): * .NET Framework 4.0 * Windows 7 setting Depends on: * bug 44704 Tidbits: https://msdn.microsoft.com/en-us/library/windows/desktop/dd979761(v=vs.85).… ("SendSAS function") https://autohotkey.com/boards/viewtopic.php?t=27119 ("SendSAS: Send Ctrl+Alt+Del") $ sha1sum Screenhero014-Latest-setup.exe ae1f5edb400bf7dd93a6730d272d8c1655302ae9 Screenhero014-Latest-setup.exe $ du -sh Screenhero014-Latest-setup.exe 29M Screenhero014-Latest-setup.exe $ wine --version wine-3.3-128-gdfde119538 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 4

[Bug 38018] New: Windows Live Essentials 2012 web installer crashes on unimplemented function ktmw32.dll.RollbackTransaction
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=38018 Bug ID: 38018 Summary: Windows Live Essentials 2012 web installer crashes on unimplemented function ktmw32.dll.RollbackTransaction Product: Wine Version: 1.7.35 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, continuation of bug 32229 --- snip --- $ wine ./wlsetup-web.exe ... fixme:ktmw32:CreateTransaction ((nil) (nil) 0x0 0x0 0x0, 300000, (null)): stub fixme:file:CreateHardLinkTransactedW (L"C:\\users\\Public\\Application Data\\Microsoft\\WLSetup\\CabLogs\\Logs.CAB" L"C:\\users\\focht\\Temp\\02052230-00000008-z9tn964ati\\Logs.CAB" (nil) 0x1): stub wine: Call from 0x7b83b527 to unimplemented function ktmw32.dll.RollbackTransaction, aborting wine: Unimplemented function ktmw32.dll.RollbackTransaction called at address 0x7b83b527 (thread 0009), starting debugger... --- snip --- $ sha1sum wlsetup-web.exe 6d48f1a6734cabd435dc6ec6ba0a94ebfcf15b9f wlsetup-web.exe $ du -sh wlsetup-web.exe 1.2M wlsetup-web.exe $ wine --version wine-1.7.35-89-gbad99c9 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 6

[Bug 32229] New: unimplemented function ktmw32.dll.CreateTransaction needed for the windows live essentials web installer
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

http://bugs.winehq.org/show_bug.cgi?id=32229 Bug #: 32229 Summary: unimplemented function ktmw32.dll.CreateTransaction needed for the windows live essentials web installer Product: Wine Version: 1.5.17 Platform: x86-64 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: wine.dev(a)web.de Classification: Unclassified The windows live essentials web installer need ktmw32.CreateTransaction: wine: Call from 0x7b83b417 to unimplemented function ktmw32.dll.CreateTransaction Application Homepage: http://windows.microsoft.com/en-US/windows-live/photo-gallery-get-started Web Installer Download: http://go.microsoft.com/fwlink/p/?LinkID=255475 0375d8ee2a3f69249c2487696cdd742c525e6fe0 *wlsetup-web.exe -- By by ... Detlef -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

2 10

[Bug 29742] New: Microsoft .NET Framework 4.5 Developer Preview installer crashes due to missing "wevtapi.dll"
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

http://bugs.winehq.org/show_bug.cgi?id=29742 Bug #: 29742 Summary: Microsoft .NET Framework 4.5 Developer Preview installer crashes due to missing "wevtapi.dll" Product: Wine Version: 1.4-rc1 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: focht(a)gmx.net Classification: Unclassified Hello, Microsoft .NET Framework 4.5 Developer Preview crashes due to missing "wevtapi.dll" You need to set WinVer to "Windows 7" before running installer. --- snip --- 002c:Call KERNEL32.LoadLibraryW(0084d4b8 L"C:\\windows\\System32\\wevtapi.dll") ret=1004816b 002c:Ret KERNEL32.LoadLibraryW() retval=00000000 ret=1004816b ... 002c:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,00cec264) ret=1008c0cb 002c:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b839297 ip=7b839297 tid=002c 002c:trace:seh:raise_exception info[0]=19930520 002c:trace:seh:raise_exception info[1]=00cec290 002c:trace:seh:raise_exception info[2]=100a7f84 002c:trace:seh:raise_exception eax=7b8262d1 ebx=7b8a96a8 ecx=19930520 edx=00cec174 esi=00cec250 edi=00cec1d0 002c:trace:seh:raise_exception ebp=00cec1b8 esp=00cec154 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000287 002c:trace:seh:call_stack_handlers calling handler at 0x1009f789 code=e06d7363 flags=1 --- snip --- This dll implements another Windows Event Log API (starting with Windows Vista). MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/aa385785%28v=vs.85%… Download: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=27541 Regards -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

2 13

[Bug 49064] New: Riot Vanguard (Riot Games) v0.3.3 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.RtlDuplicateUnicodeString
by WineHQ Bugzilla 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=49064 Bug ID: 49064 Summary: Riot Vanguard (Riot Games) v0.3.3 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.RtlDuplicateUnicodeString Product: Wine Version: 5.7 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, as it says. Import of 'RtlDuplicateUnicodeString' was added with upgrade to 0.3.3.x https://riot-client.secure.dyn.riotcdn.net/channels/public/rccontent/vangua… https://web.archive.org/web/20200430230307/https://riot-client.secure.dyn.r… --- snip --- $ WINEDEBUG=+seh,+loaddll,+process,+ntoskrnl wine net start vgk >>log.txt 2>&1 ... The vgk service is starting. ... 00bc:trace:ntoskrnl:ZwLoadDriver (L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\vgk") ... 00bc:trace:ntoskrnl:open_driver opened service for driver L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\vgk" 00bc:trace:ntoskrnl:IoCreateDriver (L"\\Driver\\vgk", 0000000000233430) .. 00bc:trace:ntoskrnl:load_driver loading driver L"C:\\Program Files\\Riot Vanguard\\vgk.sys" 00bc:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\cng.sys" at 0x1130000: native 00bc:trace:loaddll:load_native_dll Loaded L"C:\\Program Files\\Riot Vanguard\\vgk.sys" at 0xe00000: native 00bc:trace:ntoskrnl:perform_relocations relocating from 0000000140000000-000000014032D000 to 0000000000E00000-000000000112D000 00bc:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6df8c ip=7bc6df8c tid=00bc 00bc:trace:seh:raise_exception info[0]=0000000000e24458 00bc:trace:seh:raise_exception info[1]=0000000000e242e6 wine: Call from 0x7bc6df8c to unimplemented function ntoskrnl.exe.RtlDuplicateUnicodeString, aborting --- snip --- --- snip --- $ winedump -j import vgk.sys Contents of vgk.sys: 3347944 bytes Import Table size: 00000050 offset 0001f290 cng.sys Hint/Name Table: 00024108 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001C028 Thunk Ordn Name 0001c028 8 BCryptDestroyHash 0001c030 1 BCryptCloseAlgorithmProvider offset 0001f2a4 ntoskrnl.exe Hint/Name Table: 00024120 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001C040 Thunk Ordn Name 0001c040 1081 KeIpiGenericCall 0001c048 2777 __C_specific_handler 0001c050 196 ExFreePoolWithTag 0001c058 2801 _stricmp 0001c060 1941 RtlDuplicateUnicodeString 0001c068 2897 wcscat_s 0001c070 2901 wcscpy_s 0001c078 2060 RtlInitUnicodeString 0001c080 2571 ZwCreateFile 0001c088 2705 ZwReadFile 0001c090 2775 ZwWriteFile 0001c098 2560 ZwClose 0001c0a0 2604 ZwFlushBuffersFile 0001c0a8 2697 ZwQuerySystemInformation 0001c0b0 2259 RtlTimeToTimeFields 0001c0b8 986 KeAreAllApcsDisabled 0001c0c0 302 ExSystemTimeToLocalTime 0001c0c8 2885 swprintf_s 0001c0d0 2895 vswprintf_s 0001c0d8 2818 _vsnwprintf 0001c0e0 1049 KeInitializeApc 0001c0e8 1074 KeInsertQueueApc 0001c0f0 157 ExAllocatePoolWithTag 0001c0f8 990 KeBugCheckEx Done dumping vgk.sys --- snip --- Wine source: https://source.winehq.org/git/wine.git/blob/0c27d244f76ad90301c5db09d738b3a… $ sha1sum setup.exe ea17e2aaddcbb3712945fba2c84f248204a8f72c setup.exe $ du -sh setup.exe 15M setup.exe Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1 4

[Bug 48985] New: Riot Vanguard (Riot Games) 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.ZwFlushBuffersFile
by WineHQ Bugzilla 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=48985 Bug ID: 48985 Summary: Riot Vanguard (Riot Games) 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.ZwFlushBuffersFile Product: Wine Version: 5.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, as it says. It lacks forward to 'ntdll.NtFlushBuffersFile'. --- snip --- ... The vgk service is starting. 005c:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\kernelbase.dll" at 0x7b000000: PE builtin 005c:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\kernel32.dll" at 0x7b410000: builtin 005c:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\winedevice.exe" at 0x140000000: PE builtin 005c:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\advapi32.dll" at 0x7f7915e60000: builtin 005c:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\msvcrt.dll" at 0x7f7915c80000: builtin 005c:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\ntoskrnl.exe" at 0x180000000: PE builtin 005c:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\ucrtbase.dll" at 0x7f7915b50000: builtin 005c:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\rpcrt4.dll" at 0x9b0000: PE builtin 005e:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\cng.sys" at 0x1070000: native 005e:trace:loaddll:load_native_dll Loaded L"C:\\Program Files\\Riot Vanguard\\vgk.sys" at 0xd60000: native wine: Call from 0x7bc6dd4c to unimplemented function ntoskrnl.exe.ZwFlushBuffersFile, aborting wine: Unimplemented function ntoskrnl.exe.ZwFlushBuffersFile called at address 000000007BC6DD4C (thread 005e), starting debugger... --- snip --- --- snip --- $ winedump -j import vgk.sys Contents of vgk.sys: 3196560 bytes Import Table size: 00000050 offset 0001e090 cng.sys Hint/Name Table: 00022108 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001B028 Thunk Ordn Name 0001b028 8 BCryptDestroyHash 0001b030 1 BCryptCloseAlgorithmProvider offset 0001e0a4 ntoskrnl.exe Hint/Name Table: 00022120 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001B040 Thunk Ordn Name 0001b040 1081 KeIpiGenericCall 0001b048 2777 __C_specific_handler 0001b050 196 ExFreePoolWithTag 0001b058 2801 _stricmp 0001b060 2897 wcscat_s 0001b068 2901 wcscpy_s 0001b070 2060 RtlInitUnicodeString 0001b078 2571 ZwCreateFile 0001b080 2705 ZwReadFile 0001b088 2775 ZwWriteFile 0001b090 2560 ZwClose 0001b098 2604 ZwFlushBuffersFile 0001b0a0 2697 ZwQuerySystemInformation 0001b0a8 2259 RtlTimeToTimeFields 0001b0b0 986 KeAreAllApcsDisabled 0001b0b8 302 ExSystemTimeToLocalTime 0001b0c0 2885 swprintf_s 0001b0c8 2895 vswprintf_s 0001b0d0 2818 _vsnwprintf 0001b0d8 1049 KeInitializeApc 0001b0e0 1074 KeInsertQueueApc 0001b0e8 157 ExAllocatePoolWithTag 0001b0f0 990 KeBugCheckEx Done dumping vgk.sys --- snip --- Wine source: https://source.winehq.org/git/wine.git/blob/f31a29b8d1ea478af28f14cdaf3db15… $ sha1sum setup.exe 08deca4c0b46a3481e706926c0217d1c944d22a3 setup.exe $ du -sh setup.exe 15M setup.exe $ wine --version wine-5.6-258-gf31a29b8d1 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1 4

[Bug 48984] New: Riot Vanguard (Riot Games) 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.{vswprintf_s,swprintf_s}
by WineHQ Bugzilla 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=48984 Bug ID: 48984 Summary: Riot Vanguard (Riot Games) 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.{vswprintf_s,swprintf_s} Product: Wine Version: 5.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, as it says. It lacks the imports from msvcrt. --- snip --- ... The vgk service is starting. 002d:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\kernelbase.dll" at 0x7b000000: PE builtin 002d:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\kernel32.dll" at 0x7b410000: builtin 002d:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\winedevice.exe" at 0x140000000: PE builtin 002d:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\advapi32.dll" at 0x7f1b5dfa0000: builtin 002d:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\msvcrt.dll" at 0x7f1b5ddc0000: builtin 002d:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\ntoskrnl.exe" at 0x180000000: PE builtin 002d:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\ucrtbase.dll" at 0x7f1b5dca0000: builtin 002d:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\rpcrt4.dll" at 0x9b0000: PE builtin 002f:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\cng.sys" at 0x1070000: native 002f:trace:loaddll:load_native_dll Loaded L"C:\\Program Files\\Riot Vanguard\\vgk.sys" at 0xd60000: native wine: Call from 0x7bc6dd4c to unimplemented function ntoskrnl.exe.vswprintf_s, aborting wine: Unimplemented function ntoskrnl.exe.vswprintf_s called at address --- snip --- --- snip --- The vgk service is starting. 005d:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\kernelbase.dll" at 0x7b000000: PE builtin 005d:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\kernel32.dll" at 0x7b410000: builtin 005d:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\winedevice.exe" at 0x140000000: PE builtin 005d:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\advapi32.dll" at 0x7f06de310000: builtin 005d:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\msvcrt.dll" at 0x7f06de130000: builtin 005d:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\ntoskrnl.exe" at 0x180000000: PE builtin 005d:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\ucrtbase.dll" at 0x7f06de000000: builtin 005d:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\rpcrt4.dll" at 0x9b0000: PE builtin 005f:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\cng.sys" at 0x1070000: native 005f:trace:loaddll:load_native_dll Loaded L"C:\\Program Files\\Riot Vanguard\\vgk.sys" at 0xd60000: native wine: Call from 0x7bc6dd4c to unimplemented function ntoskrnl.exe.swprintf_s, aborting wine: Unimplemented function ntoskrnl.exe.swprintf_s called at address 000000007BC6DD4C (thread 005f), starting debugger... --- snip --- --- snip --- $ winedump -j import vgk.sys Contents of vgk.sys: 3196560 bytes Import Table size: 00000050 offset 0001e090 cng.sys Hint/Name Table: 00022108 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001B028 Thunk Ordn Name 0001b028 8 BCryptDestroyHash 0001b030 1 BCryptCloseAlgorithmProvider offset 0001e0a4 ntoskrnl.exe Hint/Name Table: 00022120 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001B040 Thunk Ordn Name 0001b040 1081 KeIpiGenericCall 0001b048 2777 __C_specific_handler 0001b050 196 ExFreePoolWithTag 0001b058 2801 _stricmp 0001b060 2897 wcscat_s 0001b068 2901 wcscpy_s 0001b070 2060 RtlInitUnicodeString 0001b078 2571 ZwCreateFile 0001b080 2705 ZwReadFile 0001b088 2775 ZwWriteFile 0001b090 2560 ZwClose 0001b098 2604 ZwFlushBuffersFile 0001b0a0 2697 ZwQuerySystemInformation 0001b0a8 2259 RtlTimeToTimeFields 0001b0b0 986 KeAreAllApcsDisabled 0001b0b8 302 ExSystemTimeToLocalTime 0001b0c0 2885 swprintf_s 0001b0c8 2895 vswprintf_s 0001b0d0 2818 _vsnwprintf 0001b0d8 1049 KeInitializeApc 0001b0e0 1074 KeInsertQueueApc 0001b0e8 157 ExAllocatePoolWithTag 0001b0f0 990 KeBugCheckEx Done dumping vgk.sys --- snip --- Wine source: https://source.winehq.org/git/wine.git/blob/f31a29b8d1ea478af28f14cdaf3db15… You should consider adding with -norelay otherwise you might end up with: --- snip --- ... 002f:trace:ntoskrnl:ExAllocatePoolWithTag 156 pool 512 -> 00000000008A0390 002f:Ret ntoskrnl.exe.ExAllocatePoolWithTag() retval=008a0390 ret=0115fcbe 002f:Call ntoskrnl.exe.swprintf_s(008a0390,0000004d,00d4f450 L"%s%s\\Logs\\%s_%s%s",00d4f420) ret=0115f461 002f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7f40717b2931 ip=7f40717b2931 tid=002f 002f:trace:seh:raise_exception info[0]=0000000000000000 002f:trace:seh:raise_exception info[1]=ffffffffffb50f10 002f:trace:seh:raise_exception rax=ffffffffffb50f10 rbx=0000000000d4eee0 rcx=00000000ffffffff rdx=ffffffffffb50f10 002f:trace:seh:raise_exception rsi=0000000000d4f0e0 rdi=00007f40717aa1c0 rbp=00000000ffffffff rsp=0000000000d4edd0 002f:trace:seh:raise_exception r8=0000000000d4eee0 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 002f:trace:seh:raise_exception r12=00007f40717aa1c0 r13=0000000000d4f0e0 r14=0000000000d4f456 r15=0000000000000000 002f:trace:seh:call_vectored_handlers calling handler at 0x18000ba50 code=c0000005 flags=0 002f:trace:seh:call_vectored_handlers handler at 0x18000ba50 returned 0 002f:trace:seh:dwarf_virtual_unwind function 7f40717b2931 base 0x7f40717b2580 ... --- snip --- $ sha1sum setup.exe 08deca4c0b46a3481e706926c0217d1c944d22a3 setup.exe $ du -sh setup.exe 15M setup.exe $ wine --version wine-5.6-258-gf31a29b8d1 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1 5

[Bug 48997] New: Riot Vanguard (Riot Games) 'vgk.sys' crashes in driver entry (needs more reasonable CR0 register values in instruction emulation)
by WineHQ Bugzilla 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=48997 Bug ID: 48997 Summary: Riot Vanguard (Riot Games) 'vgk.sys' crashes in driver entry (needs more reasonable CR0 register values in instruction emulation) Product: Wine Version: 5.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, as it says. --- snip --- $ WINEDEBUG=+seh,+loaddll,+process,+ntoskrnl wine net start vgc >>log.txt 2>&1 ... 001b:fixme:ntoskrnl:KeIpiGenericCall stub: 0000000000D61D74 0000000000000000 ... 001b:trace:seh:raise_exception code=c0000096 flags=0 addr=0xf38ec7 ip=f38ec7 tid=001b 001b:trace:seh:raise_exception rax=0000000000000078 rbx=fffffffffff49c55 rcx=0000000000000000 rdx=00000000000fda18 001b:trace:seh:raise_exception rsi=0000000000e07fec rdi=00000000000000e8 rbp=000000000002c1d1 rsp=0000000000c3f4f0 001b:trace:seh:raise_exception r8=00000000000f174d r9=0000000000c3f710 r10=00000000000fda18 r11=0000000000f38ec7 001b:trace:seh:raise_exception r12=00000000000fd8b0 r13=00007fffffea4000 r14=00000000000fda18 r15=0000000000000000 001b:trace:seh:call_vectored_handlers calling handler at 0x18000b9f0 code=c0000096 flags=0 001b:trace:seh:call_vectored_handlers handler at 0x18000b9f0 returned ffffffff ... 001b:trace:seh:raise_exception code=c000001d flags=0 addr=0x104bc20 ip=104bc20 tid=001b 001b:trace:seh:raise_exception rax=0000000000b41d20 rbx=00000000000fda18 rcx=0000000000000000 rdx=000000000000004d 001b:trace:seh:raise_exception rsi=0000000000c3f82c rdi=00000000000fda18 rbp=00000000000fc868 rsp=0000000000c3f740 001b:trace:seh:raise_exception r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 001b:trace:seh:raise_exception r12=00000000000fd8b0 r13=00007fffffea4000 r14=00000000000fda18 r15=0000000000000000 001b:trace:seh:call_vectored_handlers calling handler at 0x18000b9f0 code=c000001d flags=0 001b:trace:seh:call_vectored_handlers handler at 0x18000b9f0 returned 0 001b:trace:seh:RtlVirtualUnwind type 1 rip 104bc20 rsp c3f740 001b:trace:seh:dump_unwind_info **** func 2ebbd7-2ebc54 ... --- snip --- Yes, I know 'int' debug channel which shows the faulting/emulated instruction decoding. I forgot to run it in first place before I fixed the problem ;-) The unhandled invalid instruction exception following the CR0 emulation exception is the result of misguided control flow due to Wine's strange default value. Relevant driver disassembly: --- snip --- ... 0000000000F38EC7 | 0F20C2 | mov rdx,cr0 | read CR0 0000000000F38ECA | 81ED 8836F674 | sub ebp,74F63688 | 0000000000F38ED0 | 40:C0F5 36 | shl bpl,36 | 0000000000F38ED4 | 0FB7E9 | movzx ebp,cx | 0000000000F38ED7 | 49:81E9 08000000 | sub r9,8 | 0000000000F38EDE | 40:0F92C5 | setb bpl | 0000000000F38EE2 | 66:0FBAF5 B7 | btr bp,B7 | 0000000000F38EE7 | 66:8BEB | mov bp,bx | 0000000000F38EEA | 49:8911 | mov qword ptr ds:[r9],rdx | save val 0000000000F38EED | 6641:0BEA | or bp,r10w | 0000000000F38EF1 | 48:81EE 04000000 | sub rsi,4 | 0000000000F38EF8 | 48:F7DD | neg rbp | 0000000000F38EFB | 8B2E | mov ebp,dword ptr ds:[rsi] | 0000000000F38EFD | 40:F6C4 F2 | test spl,F2 | 0000000000F38F01 | 41:80FA AD | cmp r10b,AD | 0000000000F38F05 | F8 | clc | 0000000000F38F06 | 41:33E8 | xor ebp,r8d | 0000000000F38F09 | F9 | stc | 0000000000F38F0A | D1CD | ror ebp,1 | 0000000000F38F0C | F9 | stc | 0000000000F38F0D | 0FCD | bswap ebp | 0000000000F38F0F | 6641:3BF3 | cmp si,r11w | 0000000000F38F13 | 81C5 66295D17 | add ebp,175D2966 | 0000000000F38F19 | F9 | stc | 0000000000F38F1A | F8 | clc | 0000000000F38F1B | F7D5 | not ebp | 0000000000F38F1D | E9 D51F0400 | jmp vgk.F7AEF7 | ... --- snip --- I found this interesting document which shows the system/special register values of many Window versions, Linux and even Wine: https://github.com/corkami/docs/blob/master/InitialValues.md --- snip --- Wine tested under Debian Detect Wine: GS (3B/6B) FS (33/63) CR0 (80050033) ... --- snip --- The document was added to Github repo in April 2017. The Wine version at this point was likely Wine 2.6-ish. I couldn't find a place in Wine sources where this value 0x80050033 is set. Git history shows it was always 0x10 (x86 instruction emulation). My guess would be whoever tested under Wine probably used the unprivileged 'smsw' instruction which doesn't cause a trap in usermode (not emulated in Wine). I wrote small test app which is basically 'asm("smsw %0" : "=r"(cr0));' and indeed 0x80050033 value is returned for CR0 in x86_64 Linux. https://source.winehq.org/git/wine.git/blob/709935314458bd0ce27aab3986ae98c… The x86_64 instruction emulation for CRx, DRx was added here: https://source.winehq.org/git/wine.git/commitdiff/ce09790d29630a6a4c0cd4945… ("ntoskrnl: Add emulation of CRn and DRn registers on x86-64.") Tracked by bug 44530 ("64-bit Sentinel HASP hardlock.sys kernel driver tries to access to DR7 (not handled in ntoskrnl emulate_instruction)"). --- Anyway, I think Wine using CR0 default value 0x80050031 or 0x80050033 should be fine. 0x80050031 = '1000'0000'0000'0101'0000'0000'0011'0001 From: https://en.wikipedia.org/wiki/Control_register Only showing the set bits meaning here: | Bit | Name | Full Name | ---------------------------------------- | 0 | PE | Protected Mode Enable | | 4 | ET | Extension type | | 5 | NE | Numeric error | | 16 | WP | Write protect | | 18 | AM | Alignment mask | | 31 | PG | Paging | ---------------------------------------- Wine source: https://source.winehq.org/git/wine.git/blob/f65cfbfe9b20e38537c7cb8608e7f41… --- snip --- ... 691 /* Now look at the actual instruction */ 692 693 switch(*instr) 694 { 695 case 0x0f: /* extended instruction */ 696 switch(instr[1]) 697 { 698 case 0x20: /* mov crX, Rd */ 699 { 700 int reg = REGMODRM_REG( instr[2], rex ); 701 int rm = REGMODRM_RM( instr[2], rex ); 702 DWORD64 *data = get_int_reg( context, rm ); 703 TRACE( "mov cr%u,%s at %lx\n", reg, reg_names[rm], context->Rip ); 704 switch (reg) 705 { 706 case 0: *data = 0x10; break; /* FIXME: set more bits ? */ 707 case 2: *data = 0; break; 708 case 3: *data = 0; break; 709 case 4: *data = 0; break; 710 case 8: *data = 0; break; 711 default: return ExceptionContinueSearch; 712 } 713 context->Rip += prefixlen + 3; 714 return ExceptionContinueExecution; 715 } ... --- snip --- $ sha1sum setup.exe 08deca4c0b46a3481e706926c0217d1c944d22a3 setup.exe $ du -sh setup.exe 15M setup.exe $ wine --version wine-5.6-258-gf31a29b8d1 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1 8

[Bug 48987] New: Riot Vanguard (Riot Games) 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.{wcscat_s,wcscpy_s}
by WineHQ Bugzilla 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=48987 Bug ID: 48987 Summary: Riot Vanguard (Riot Games) 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.{wcscat_s,wcscpy_s} Product: Wine Version: 5.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, as it says. It lacks the imports from msvcrt. --- snip --- ... 002f:Ret ntdll.NtFlushBuffersFile() retval=00000000 ret=7bca1f9f 002f:Ret ntoskrnl.exe.ZwFlushBuffersFile() retval=00000000 ret=0115f5ac 002f:Call ntoskrnl.exe.ExFreePoolWithTag(008a0bc0,656e6f4e) ret=0115fd31 002f:trace:ntoskrnl:ExFreePoolWithTag 00000000008A0BC0 002f:Call KERNEL32.HeapFree(008a0000,00000000,008a0bc0) ret=7bca1f9f 002f:Ret KERNEL32.HeapFree() retval=00000001 ret=7bca1f9f 002f:Ret ntoskrnl.exe.ExFreePoolWithTag() retval=00000001 ret=0115fd31 002f:Call ntoskrnl.exe.ExFreePoolWithTag(008a0b40,656e6f4e) ret=00e73ad4 002f:trace:ntoskrnl:ExFreePoolWithTag 00000000008A0B40 002f:Call KERNEL32.HeapFree(008a0000,00000000,008a0b40) ret=7bca1f9f 002f:Ret KERNEL32.HeapFree() retval=00000001 ret=7bca1f9f 002f:Ret ntoskrnl.exe.ExFreePoolWithTag() retval=00000001 ret=00e73ad4 002f:Call ntoskrnl.exe.ExFreePoolWithTag(008a0330,656e6f4e) ret=00e73ad4 002f:trace:ntoskrnl:ExFreePoolWithTag 00000000008A0330 002f:Call KERNEL32.HeapFree(008a0000,00000000,008a0330) ret=7bca1f9f 002f:Ret KERNEL32.HeapFree() retval=00000001 ret=7bca1f9f 002f:Ret ntoskrnl.exe.ExFreePoolWithTag() retval=00000001 ret=00e73ad4 002f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x115cbbd ip=115cbbd tid=002f 002f:trace:seh:raise_exception info[0]=0000000000000000 002f:trace:seh:raise_exception info[1]=fffff7800000026c 002f:trace:seh:raise_exception rax=0000000001000001 rbx=0000000000728b98 rcx=0000000000000000 rdx=0000000000000048 002f:trace:seh:raise_exception rsi=0000000000d4f7bc rdi=0000000000728b98 rbp=00000000007277d8 rsp=0000000000d4f6a0 002f:trace:seh:raise_exception r8=0000000000000000 r9=0000000000d4ec12 r10=0000000000000000 r11=0000000000000000 002f:trace:seh:raise_exception r12=0000000000728a30 r13=00007fffffea4000 r14=0000000000728b98 r15=0000000000000000 002f:trace:seh:call_vectored_handlers calling handler at 0x18000b9c0 code=c0000005 flags=0 002f:Call KERNEL32.GetTickCount64() ret=18000bd34 002f:Ret KERNEL32.GetTickCount64() retval=01d54298 ret=18000bd34 002f:Call msvcrt.memcpy(00d4f108,7ffe026c,00000004) ret=18000bd60 002f:Ret msvcrt.memcpy() retval=00d4f108 ret=18000bd60 002f:trace:int:vectored_handler next instruction rip=115cbc6 002f:trace:int:vectored_handler rax=0000000000000006 rbx=0000000000728b98 rcx=0000000000000000 rdx=0000000000000048 002f:trace:int:vectored_handler rsi=0000000000d4f7bc rdi=0000000000728b98 rbp=00000000007277d8 rsp=0000000000d4f6a0 002f:trace:int:vectored_handler r8=0000000000000000 r9=0000000000d4ec12 r10=0000000000000000 r11=0000000000000000 002f:trace:int:vectored_handler r12=0000000000728a30 r13=00000000ffea4000 r14=0000000000728b98 r15=0000000000000000 002f:trace:seh:call_vectored_handlers handler at 0x18000b9c0 returned ffffffff 002f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x115cbff ip=115cbff tid=002f 002f:trace:seh:raise_exception info[0]=0000000000000000 002f:trace:seh:raise_exception info[1]=fffff78000000270 002f:trace:seh:raise_exception rax=0000000000000001 rbx=0000000000728b98 rcx=0000000000000006 rdx=fffff78000000270 002f:trace:seh:raise_exception rsi=0000000000d4f7bc rdi=0000000000728b98 rbp=00000000007277d8 rsp=0000000000d4f6a0 002f:trace:seh:raise_exception r8=0000000000000000 r9=0000000000d4ec12 r10=0000000000000000 r11=0000000000000000 002f:trace:seh:raise_exception r12=0000000000728a30 r13=00007fffffea4000 r14=0000000000728b98 r15=0000000000000000 002f:trace:seh:call_vectored_handlers calling handler at 0x18000b9c0 code=c0000005 flags=0 002f:trace:int:emulate_instruction cmp dword ptr ds:[rdx],eax 002f:trace:int:vectored_handler next instruction rip=115cc01 002f:trace:int:vectored_handler rax=0000000000000001 rbx=0000000000728b98 rcx=0000000000000006 rdx=0000000000000270 002f:trace:int:vectored_handler rsi=0000000000d4f7bc rdi=0000000000728b98 rbp=00000000007277d8 rsp=0000000000d4f6a0 002f:trace:int:vectored_handler r8=0000000000000000 r9=0000000000d4ec12 r10=0000000000000000 r11=0000000000000000 002f:trace:int:vectored_handler r12=0000000000728a30 r13=00000000ffea4000 r14=0000000000728b98 r15=0000000000000000 002f:trace:seh:call_vectored_handlers handler at 0x18000b9c0 returned ffffffff 002f:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6dd4c ip=7bc6dd4c tid=002f 002f:trace:seh:raise_exception info[0]=0000000000e92434 002f:trace:seh:raise_exception info[1]=0000000000e922ea wine: Call from 0x7bc6dd4c to unimplemented function ntoskrnl.exe.wcscpy_s, aborting 002f:trace:seh:call_vectored_handlers calling handler at 0x18000b9c0 code=80000100 flags=1 --- snip --- --- snip --- ... 002f:Call ntoskrnl.exe.wcscpy_s(00d4f3f0,00000105,00d4f270 L"\\??\\") ret=0115c8be 002f:Call msvcrt.wcscpy_s(00d4f3f0,00000105,00d4f270 L"\\??\\") ret=7bca1f9f 002f:Ret msvcrt.wcscpy_s() retval=00000000 ret=7bca1f9f 002f:Ret ntoskrnl.exe.wcscpy_s() retval=00000000 ret=0115c8be 002f:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6dd4c ip=7bc6dd4c tid=002f 002f:trace:seh:raise_exception info[0]=0000000000e92434 002f:trace:seh:raise_exception info[1]=0000000000e922de wine: Call from 0x7bc6dd4c to unimplemented function ntoskrnl.exe.wcscat_s, aborting 002f:trace:seh:call_vectored_handlers calling handler at 0x18000b9f0 code=80000100 flags=1 ... --- snip --- --- snip --- $ winedump -j import vgk.sys Contents of vgk.sys: 3196560 bytes Import Table size: 00000050 offset 0001e090 cng.sys Hint/Name Table: 00022108 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001B028 Thunk Ordn Name 0001b028 8 BCryptDestroyHash 0001b030 1 BCryptCloseAlgorithmProvider offset 0001e0a4 ntoskrnl.exe Hint/Name Table: 00022120 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001B040 Thunk Ordn Name 0001b040 1081 KeIpiGenericCall 0001b048 2777 __C_specific_handler 0001b050 196 ExFreePoolWithTag 0001b058 2801 _stricmp 0001b060 2897 wcscat_s 0001b068 2901 wcscpy_s 0001b070 2060 RtlInitUnicodeString 0001b078 2571 ZwCreateFile 0001b080 2705 ZwReadFile 0001b088 2775 ZwWriteFile 0001b090 2560 ZwClose 0001b098 2604 ZwFlushBuffersFile 0001b0a0 2697 ZwQuerySystemInformation 0001b0a8 2259 RtlTimeToTimeFields 0001b0b0 986 KeAreAllApcsDisabled 0001b0b8 302 ExSystemTimeToLocalTime 0001b0c0 2885 swprintf_s 0001b0c8 2895 vswprintf_s 0001b0d0 2818 _vsnwprintf 0001b0d8 1049 KeInitializeApc 0001b0e0 1074 KeInsertQueueApc 0001b0e8 157 ExAllocatePoolWithTag 0001b0f0 990 KeBugCheckEx Done dumping vgk.sys --- snip --- Wine source: https://source.winehq.org/git/wine.git/blob/f31a29b8d1ea478af28f14cdaf3db15… $ sha1sum setup.exe 08deca4c0b46a3481e706926c0217d1c944d22a3 setup.exe $ du -sh setup.exe 15M setup.exe $ wine --version wine-5.6-258-gf31a29b8d1 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1 5

[Bug 43307] New: Wargaming Game Center periodically crashes with msvcp140.dll._Current_get
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=43307 Bug ID: 43307 Summary: Wargaming Game Center periodically crashes with msvcp140.dll._Current_get Product: Wine Version: 2.12 Hardware: x86-64 URL: http://redirect.wargaming.net/WGC/Wargaming_Game_Cente r_Install_EU.exe OS: Linux Status: NEW Keywords: download Severity: minor Priority: P2 Component: msvcp Assignee: wine-bugs(a)winehq.org Reporter: andrey.goosev(a)gmail.com Distribution: --- Application crashes with wgc_watchdog.exe but continue running. After a few seconds crash repeats again. wine: Call from 0x7b43b95c to unimplemented function msvcp140.dll._Current_get wine-2.12-49-g35f82ba -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 3

[Bug 46179] New: Multiple Windows 10 ARM64 apps need ' kernel32.dll.GetCurrentThreadStackLimits' to get stack start address
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=46179 Bug ID: 46179 Summary: Multiple Windows 10 ARM64 apps need 'kernel32.dll.GetCurrentThreadStackLimits' to get stack start address Product: Wine Version: 3.20 Hardware: aarch64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: kernel32 Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, another valuable resource of improving/fixing Wine on ARM64 is the Chrome browser port to Windows 10 ARM64 platform that is currently underway and going to continue for some months. I'm following various Chromium and LLVM/Clang pull requests related to Win10 ARM64 porting activities. Related PR to this ticket: https://chromium-review.googlesource.com/c/chromium/src/+/1344870 https://chromium-review.googlesource.com/c/chromium/src/+/1344870/3/third_p… --- snip --- // On Windows stack limits for the current thread are available in // the thread information block (TIB). Its fields can be accessed through // FS segment register on x86 and GS segment register on x86_64. // On Windows ARM64, stack limits could be retrieved by calling // GetCurrentThreadStackLimits. This API doesn't work on x86 and x86_64 here // because it requires Windows 8+. #if defined(ARCH_CPU_X86_64) return reinterpret_cast<void*>(__readgsqword(offsetof(NT_TIB64, StackBase))); #elif defined(ARCH_CPU_X86) return reinterpret_cast<void*>(__readfsdword(offsetof(NT_TIB, StackBase))); #elif defined(ARCH_CPU_ARM64) ULONG_PTR lowLimit, highLimit; ::GetCurrentThreadStackLimits(&lowLimit, &highLimit); return reinterpret_cast<void*>(highLimit); #endif --- snip --- Microsoft docs: https://docs.microsoft.com/en-us/windows/desktop/api/processthreadsapi/nf-p… Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 4

[Bug 37275] New: Chess Position Trainer 5 (.NET 4.0 app) wants gdiplus.GdipCreateAdjustableArrowCap
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=37275 Bug ID: 37275 Summary: Chess Position Trainer 5 (.NET 4.0 app) wants gdiplus.GdipCreateAdjustableArrowCap Product: Wine Version: 1.7.26 Hardware: x86 OS: Linux Status: NEW Severity: minor Priority: P2 Component: gdiplus Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Hello folks, as the summary says. Prerequisite: 'winetricks -q dotnet40' Doesn't crash but dismissing message boxes is annoying. 'winetricks -q gdiplus' obviously works around. --- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Chess Position Trainer $ WINEDEBUG=+tid,+seh,+relay wine ./Chess\ Position\ Trainer\ 5.exe >>log.txt 2>&1 ... 002a:Call gdiplus.GdipCreateAdjustableArrowCap(40400000,40400000,00000001,0033d498) ret=1de38f31 002a:fixme:gdiplus:GdipCreateAdjustableArrowCap not implemented 002a:Ret gdiplus.GdipCreateAdjustableArrowCap() retval=00000006 ret=1de38f31 ... 002a:trace:seh:raise_exception code=e0434352 flags=1 addr=0x7b83ae8f ip=7b83ae8f tid=002a 002a:trace:seh:raise_exception info[0]=80004001 002a:trace:seh:raise_exception info[1]=00000000 002a:trace:seh:raise_exception info[2]=00000000 002a:trace:seh:raise_exception info[3]=00000000 002a:trace:seh:raise_exception info[4]=79140000 002a:trace:seh:raise_exception eax=7b826d6d ebx=7b8be000 ecx=80004001 edx=0033d2b4 esi=0033d358 edi=0033d320 002a:trace:seh:raise_exception ebp=0033d2f8 esp=0033d294 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000283 002a:trace:seh:call_vectored_handlers calling handler at 0x791f5a7c code=e0434352 flags=1 ... 002a:Call user32.CreateWindowExW(00010001,049639c8 L"WindowsForms10.Window.8.app.0.2bf8098_r8_ad1",057e2af4 L"Error while trying to highlight moves",02c80000,80000000,80000000,000000fe,00000068,000200be,00000000,00400000,00000000) ret=0a36c292 ... --- snip --- MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/ms533967%28v=vs.85%… Source: http://source.winehq.org/git/wine.git/blob/da7fe7ab5513a2db839aba413ebca076… --- snip --- 248 GpStatus WINGDIPAPI GdipCreateAdjustableArrowCap(REAL height, REAL width, BOOL fill, 249 GpAdjustableArrowCap **cap) 250 { 251 static int calls; 252 253 TRACE("(%0.2f,%0.2f,%i,%p)\n", height, width, fill, cap); 254 255 if(!(calls++)) 256 FIXME("not implemented\n"); 257 258 return NotImplemented; 259 } --- snip --- $ sha1sum Chess_Position_Trainer_5-Setup.exe 6ae6364e399590ce634d667ec8696dcdb78c515a Chess_Position_Trainer_5-Setup.exe $ du -sh Chess_Position_Trainer_5-Setup.exe 57M Chess_Position_Trainer_5-Setup.exe $ wine --version wine-1.7.26-60-g0fa8ae7 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 22

[Bug 44971] New: HackShield for Banking Driver 'HSBDrvNt.sys' ( part of Ahnlab Safe Transaction) crashes on unimplemented function ntoskrnl.exe.ExInterlockedPopEntrySList
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=44971 Bug ID: 44971 Summary: HackShield for Banking Driver 'HSBDrvNt.sys' (part of Ahnlab Safe Transaction) crashes on unimplemented function ntoskrnl.exe.ExInterlockedPopEntrySList Product: Wine Version: 3.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, as it says. --- snip --- ... 0084:trace:ntoskrnl:IoCreateDriver (L"\\Driver\\HSBDrvNt", 0x7effb0ae) ... 0084:trace:winedevice:load_driver loading driver L"system32\\drivers\\HSBDrvNt.sys" 0084:Call KERNEL32.LoadLibraryW(0011cce0 L"system32\\drivers\\HSBDrvNt.sys") ret=7effa9de ... 0084:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\drivers\\HSBDrvNt.sys" at 0x780000: native ... 0084:Ret KERNEL32.LoadLibraryW() retval=00780000 ret=7effa9de ... 0084:trace:winedevice:load_driver_module L"system32\\drivers\\HSBDrvNt.sys": relocating from 0x10000 to 0x780000 ... 0084:Call driver init 0x7805fa (obj=0x11cb18,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\HSBDrvNt") ... 0084:trace:ntoskrnl:IoCreateSymbolicLink L"\\DosDevices\\HSBDrvNt" -> L"\\Device\\HSBDrvNt" ... 0084:Call ntoskrnl.exe.KeInitializeEvent(0079df64,00000001,00000000) ret=0078555d 0084:fixme:ntoskrnl:KeInitializeEvent stub: 0x79df64 1 0 0084:Ret ntoskrnl.exe.KeInitializeEvent() retval=00000039 ret=0078555d 0084:Call KERNEL32.RaiseException(80000100,00000001,00000002,0065fa4c) ret=7ec1ad81 0084:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b446e0f ip=7b446e0f tid=0084 0084:trace:seh:raise_exception info[0]=7ec1ada0 0084:trace:seh:raise_exception info[1]=7ec1ae59 0084:trace:seh:call_vectored_handlers calling handler at 0x7ec124b9 code=80000100 flags=1 0084:trace:seh:call_vectored_handlers handler at 0x7ec124b9 returned 0 0084:trace:seh:call_stack_handlers calling handler at 0x7bcb1ba2 code=80000100 flags=1 0084:Call KERNEL32.UnhandledExceptionFilter(0065f504) ret=7bcb1bdd 0084:trace:seh:start_debugger Starting debugger "winedbg --auto 127 68" 0084:Ret KERNEL32.UnhandledExceptionFilter() retval=00000000 ret=7bcb1bdd 0084:trace:seh:call_stack_handlers handler at 0x7bcb1ba2 returned 1 ... wine: Call from 0x7b446e0f to unimplemented function ntoskrnl.exe.ExInterlockedPopEntrySList, aborting --- snip --- $ sha1sum astx_setup.exe 8f3a49eb2664069a0b22d52850df2b7dc3343c8b astx_setup.exe $ du -sh astx_setup.exe 31M astx_setup.exe $ wine --version wine-3.6 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 6

[Bug 45073] New: Many MSI-based installers crash in remote_GetActionInfo while unmarshalling data
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=45073 Bug ID: 45073 Summary: Many MSI-based installers crash in remote_GetActionInfo while unmarshalling data Product: Wine Version: 3.6 Hardware: x86-64 OS: Linux Status: NEW Severity: critical Priority: P2 Component: msi Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, likely affects *all* MSI-based installers. I just run a few winetricks recipes (.NET, ..) and other installers - all of them crashed. This is a critical (potential blocker) issue, Wine 3.7 can't be released in this state. VirtualPC 2007 (bug 29354) --- snip --- Unhandled exception: page fault on read access to 0x00000004 in 32-bit code (0x7e4ae367). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7e4ae367 ESP:0033f838 EBP:0033f848 EFLAGS:00010206( R- -- I - -P- ) EAX:00000004 EBX:0033f8ac ECX:0033f8ac EDX:00000000 ESI:0033f8d0 EDI:0033fc34 ... Backtrace: =>0 0x7e4ae367 align_pointer+0x12(ptr=0x4, align=0x4) [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:103] in rpcrt4 (0x0033f848) 1 0x7e4b160c NdrPointerUnmarshall+0xd8(pStubMsg=<couldn't compute location>, ppMemory=<couldn't compute location>, pFormat=<couldn't compute location>, fMustAlloc='d') [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:1564] in rpcrt4 (0x0033f898) 2 0x7bc7f4e7 relay_call+0x3e() in ntdll (0x0033f8bc) 3 0x7e4a5a54 in rpcrt4 (+0x5a53) (0x0033fab8) 4 0x7ec09214 remote_GetActionInfo+0x27f(guid=<couldn't compute location>, type=<couldn't compute location>, dllname=<couldn't compute location>, function=<couldn't compute location>, hinst=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/build-x86/dlls/msi/winemsi_c.c:2570] in msi (0x0033fab8) 5 0x7ebab091 __wine_msi_call_dll_function+0x165(guid=0x33fc70) [/home/focht/projects/wine/wine.repo/src/dlls/msi/custom.c:525] in msi (0x0033fc28) 6 0x7bc7f4e7 relay_call+0x3e() in ntdll (0x0033fc4c) 7 0x7eb86598 in msi (+0x6597) (0x0033fc88) 8 0x7efee3e8 DoEmbedding+0x23(key="{AD3887D1-245B-4BFF-ADF3-298FD0BFC1FF}") [/home/focht/projects/wine/wine.repo/src/programs/msiexec/msiexec.c:402] in msiexec (0x0033fc88) 9 0x7efee9a4 WinMain+0x18f(hInstance=<couldn't compute location>, hPrevInstance=<couldn't compute location>, lpCmdLine=<couldn't compute location>, nCmdShow=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/programs/msiexec/msiexec.c:599] in msiexec (0x0033fde8) 10 0x7eff059e main+0xeb(argc=<couldn't compute location>, argv=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_main.c:49] in msiexec (0x0033fe68) 11 0x7eff0496 __wine_spec_exe_entry+0x56(peb=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_entry.c:36] in msiexec (0x0033fea8) 12 0x7b46d930 call_process_entry+0xb() in kernel32 (0x0033fec8) 13 0x7b46da71 start_process+0x132(entry=<couldn't compute location>, peb=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/kernel32/process.c:1099] in kernel32 (0x0033ffd8) 14 0x7b46d93e start_process_wrapper+0x9() in kernel32 (0x0033ffec) 0x7e4ae367 align_pointer+0x12 [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:103] in rpcrt4: movl 0x0(%eax),%eax 103 *ptr = (unsigned char *)(((ULONG_PTR)*ptr + mask) & ~mask); ... Modules: Module Address Debug info Name (73 modules) ELF 7b400000-7b7f4000 Dwarf kernel32<elf> \-PE 7b420000-7b7f4000 \ kernel32 ELF 7bc00000-7bd0d000 Dwarf ntdll<elf> \-PE 7bc30000-7bd0d000 \ ntdll ELF 7c000000-7c004000 Deferred <wine-loader> ... Threads: process tid prio (all id:s are in hex) ... 0000002d setup.exe 0000002e 0 0000002f msxml6-KB927977-enu-x86.exe 00000031 0 00000030 0 00000032 msiexec.exe 00000038 0 00000035 0 00000034 0 00000033 0 00000036 (D) C:\windows\system32\msiexec.exe 00000037 0 <== --- snip --- 'winetricks -q dotnet40' --- snip --- Unhandled exception: page fault on write access to 0x00000033 in 32-bit code (0xf7c1fcea). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:f7c1fcea ESP:0033f57c EBP:0033f5a8 EFLAGS:00010203( R- -- I - - -C) EAX:00000000 EBX:00000022 ECX:0000000b EDX:00000000 ESI:00146424 EDI:00000033 ... Backtrace: =>0 0xf7c1fcea memcpy+0x5a() in libc.so.6 (0x0033f5a8) 1 0x7e4af0df safe_copy_from_buffer+0xe0(pStubMsg=0x33f9f8, p=0x33, size=0x17) [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:730] in rpcrt4 (0x0033f5a8) 2 0x7e4b352f array_read_variance_and_unmarshall+0x4d9(fc='"', pStubMsg=0x33f9f8, ppMemory=0x33fbe0, pFormat=""\ \", fMustAlloc=0, fUseBufferMemoryServer=1, fUnmarshall=1) [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:2234] in rpcrt4 (0x0033f638) 3 0x7e4b41c3 NdrConformantStringUnmarshall+0xfe(pStubMsg=<couldn't compute location>, ppMemory=<couldn't compute location>, pFormat=<couldn't compute location>, fMustAlloc=0) [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:2533] in rpcrt4 (0x0033f688) 4 0x7e4afe7f PointerUnmarshall+0x53e(pStubMsg=0x33f9f8, Buffer="", pPointer=0x33fbe0, pSrcPointer=*** invalid address 0x33 ***, pFormat=""\ \", fMustAlloc=0) [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:969] in rpcrt4 (0x0033f758) 5 0x7e4b1644 NdrPointerUnmarshall+0x110(pStubMsg=<couldn't compute location>, ppMemory=<couldn't compute location>, pFormat=<couldn't compute location>, fMustAlloc=0) [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:1569] in rpcrt4 (0x0033f7b8) 6 0x7e4afe7f PointerUnmarshall+0x53e(pStubMsg=0x33f9f8, Buffer="", pPointer=0x33fb0c, pSrcPointer="3", pFormat="", fMustAlloc=0) [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:969] in rpcrt4 (0x0033f888) 7 0x7e4b1644 NdrPointerUnmarshall+0x110(pStubMsg=<couldn't compute location>, ppMemory=<couldn't compute location>, pFormat=<couldn't compute location>, fMustAlloc=0) [/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:1569] in rpcrt4 (0x0033f8e8) 8 0x7ec09214 remote_GetActionInfo+0x27f(guid=<couldn't compute location>, type=<couldn't compute location>, dllname=<couldn't compute location>, function=<couldn't compute location>, hinst=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/build-x86/dlls/msi/winemsi_c.c:2570] in msi (0x0033fae8) 9 0x7ebab091 __wine_msi_call_dll_function+0x165(guid=0x33fc70) [/home/focht/projects/wine/wine.repo/src/dlls/msi/custom.c:525] in msi (0x0033fc58) 10 0x7efee3e8 DoEmbedding+0x23(key="{7E1720C8-F634-46E9-A8D1-FB290A0A8D53}") [/home/focht/projects/wine/wine.repo/src/programs/msiexec/msiexec.c:402] in msiexec (0x0033fc88) 11 0x7efee9a4 WinMain+0x18f(hInstance=<couldn't compute location>, hPrevInstance=<couldn't compute location>, lpCmdLine=<couldn't compute location>, nCmdShow=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/programs/msiexec/msiexec.c:599] in msiexec (0x0033fde8) 12 0x7eff059e main+0xeb(argc=<couldn't compute location>, argv=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_main.c:49] in msiexec (0x0033fe68) 13 0x7eff0496 __wine_spec_exe_entry+0x56(peb=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_entry.c:36] in msiexec (0x0033fea8) 14 0x7b46d930 call_process_entry+0xb() in kernel32 (0x0033fec8) 15 0x7b46da71 start_process+0x132(entry=<couldn't compute location>, peb=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/kernel32/process.c:1099] in kernel32 (0x0033ffd8) 16 0x7b46d93e start_process_wrapper+0x9() in kernel32 (0x0033ffec) 0xf7c1fcea memcpy+0x5a in libc.so.6: movsb (%esi),%es:(%edi) Modules: Module Address Debug info Name (73 modules) ELF 7b400000-7b7f4000 Dwarf kernel32<elf> \-PE 7b420000-7b7f4000 \ kernel32 ELF 7bc00000-7bd0d000 Deferred ntdll<elf> \-PE 7bc30000-7bd0d000 \ ntdll ELF 7c000000-7c004000 Deferred <wine-loader> ... Threads: process tid prio (all id:s are in hex) 00000008 dotNetFx40_Full_x86_x64.exe 00000009 0 ... 00000032 Setup.exe 0000003d 0 0000003c 0 0000003b 0 00000038 0 00000037 0 00000036 0 00000033 0 00000039 (D) C:\windows\system32\msiexec.exe 0000003a 0 <== System information: Wine build: wine-3.6-236-gd6654dbf2b Platform: i386 Version: Windows 5.1 (0) Host system: Linux Host version: 4.15.17-300.fc27.x86_64 --- snip --- $ wine --version wine-3.6-236-gd6654dbf2b Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 10

[Bug 44499] New: BattlEye 'BEDaisy' kernel service crashes on unimplemented function ntoskrnl.exe.PsSetCreateProcessNotifyRoutineEx
by wine-bugs＠winehq.org 18 Mar '21

18 Mar '21

https://bugs.winehq.org/show_bug.cgi?id=44499 Bug ID: 44499 Summary: BattlEye 'BEDaisy' kernel service crashes on unimplemented function ntoskrnl.exe.PsSetCreateProcessNotifyRoutineEx Product: Wine Version: 3.1 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, continuation of bug 44497 The kernel driver uses multiple methods to implement process protection/supervision. * ObRegisterCallbacks * ObUnRegisterCallbacks * ObGetFilterVersion -> covered by bug 44497 Another method: * PsSetCreateProcessNotifyRoutineEx Example kernel driver code to show how the API is being used: https://github.com/Microsoft/Windows-driver-samples/tree/master/general/obc… --- quote --- ObCallback Callback Registration Driver The ObCallback sample driver demonstrates the use of registered callbacks for process protection. The driver registers control callbacks which are called at process creation. Design and Operation The sample exercises both the PsSetCreateProcessNotifyRoutineEx and the ObRegisterCallbacks routines. The first example uses the ObRegisterCallbacks routine and a callback to restrict requested access rights during a open process action. The second example uses the PsSetCreateProcessNotifyRoutineEx routine to reject a process creation by examining the command line. --- quote --- Another article: https://malwaretips.com/threads/av-self-protection-process-c-c.66200/ For BattlEye 'BEDaisy' service to succeed the driver init routine it is enough to implement a stub for 'PsSetCreateProcessNotifyRoutineEx' like it was done with 'PsSetCreateProcessNotifyRoutine' -> return STATUS_SUCCESS https://source.winehq.org/git/wine.git/blob/354fa7eb7921c3317e7943c18871feb… --- snip --- 2381 /*********************************************************************** 2382 * PsSetCreateProcessNotifyRoutine (NTOSKRNL.EXE.@) 2383 */ 2384 NTSTATUS WINAPI PsSetCreateProcessNotifyRoutine( PCREATE_PROCESS_NOTIFY_ROUTINE callback, BOOLEAN remove ) 2385 { 2386 FIXME( "stub: %p %d\n", callback, remove ); 2387 return STATUS_SUCCESS; 2388 } --- snip --- $ sha1sum Tibia_Setup.exe 50951008ccc402cc32407bfc56a88da873e3e9bd Tibia_Setup.exe $ du -sh Tibia_Setup.exe 5.2M Tibia_Setup.exe $ wine --version wine-3.1-193-g354fa7eb79 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2 5

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

wine-bugs February 2021