[Bug 29460] Ruijie Supplicant Su1xDriver.sys crashes in driver entry due to ntoskrnl.exe IoGetCurrentProcess() being a stub

28 Dec 2011


      http://bugs.winehq.org/show_bug.cgi?id=29460
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                URL|                            |http://115.com/file/cmr79xx
                   |                            |h
                 CC|                            |focht@gmx.net
          Component|-unknown                    |ntoskrnl
            Summary|Ruijie Supplicant crash at  |Ruijie Supplicant
                   |start                       |Su1xDriver.sys crashes in
                   |                            |driver entry due to
                   |                            |ntoskrnl.exe
                   |                            |IoGetCurrentProcess() being
                   |                            |a stub
     Ever Confirmed|0                           |1
--- Comment #1 from Anastasius Focht focht@gmx.net 2011-12-28 06:23:24 CST ---
Hello,
--- snip ---
0026:Call KERNEL32.LoadLibraryW(0011ab00
L"C:\windows\system32\DRIVERS\Su1xDriver.sys") ret=6819f8bd 
...
0026:Ret  KERNEL32.LoadLibraryW() retval=00540000 ret=6819f8bd 
...
0026:Call driver init 0x540b85
(obj=0x681a28e0,str=L"\Registry\Machine\System\CurrentControlSet\Services\Su1xDriver")
0026:Call ntoskrnl.exe.IoGetCurrentProcess() ret=00540496
0026:fixme:ntoskrnl:IoGetCurrentProcess () stub
0026:Ret  ntoskrnl.exe.IoGetCurrentProcess() retval=00000000 ret=00540496
0026:trace:seh:raise_exception code=c0000005 flags=0 addr=0x78010765
ip=78010765 tid=0026
0026:trace:seh:raise_exception  info[0]=00000000
0026:trace:seh:raise_exception  info[1]=00000000
0026:trace:seh:raise_exception  eax=00000000 ebx=00000006 ecx=00000006
edx=0053ef48 esi=00000000 edi=00540480
0026:trace:seh:raise_exception  ebp=0053e5e8 esp=0053e5dc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
0026:trace:seh:call_vectored_handlers calling handler at 0x6822f416
code=c0000005 flags=0
0026:trace:seh:call_vectored_handlers handler at 0x6822f416 returned 0 
...
--- snip ---
the driver tries to access the EPROCESS structure returned by
IoGetCurrentProcess().
The process name is checked for "System" but due to IoGetCurrentProcess() being
a stub returning NULL the code crashes in driver entry.
It also peeks into low level stuff like SSDT (system service descriptor table)
and hooks ZwOpenProcess API to control userspace access to processes.
Anyway what are you trying to accomplish?
Even getting that small helper "protection" driver to work requires
considerable infrastructure - that is not going to happen in Wine in near
future.
There are NDIS protocol drivers contained in this installation that are not
going to work.
The purpose of this package seems to be to provide/allow access to restricted
networks in China and ensuring "filtering".
This "Ruijie Network Supplicant" also has a GNU/Linux project:
https://code.google.com/p/ruijieclient/
although not that maintained like Windows (guess why).
Regards
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 29460] Ruijie Supplicant Su1xDriver.sys crashes in driver entry due to ntoskrnl.exe IoGetCurrentProcess() being a stub