https://bugs.winehq.org/show_bug.cgi?id=48641
--- Comment #7 from qsniyg qsniyg@mail.com --- Sorry for the late response (never got around to compiling staging again...). The bug now happens with wine vanilla as well, I haven't yet bisected the cause.
After applying a rebased version of your test hack, it still doesn't work. However, after doing further research, it's not the cause of the issue.
Before the patch (with a err trace added to display the output):
0398:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x13fffffff, info_class=0, 0x21f760, 48, 0x21f728) 0398:err:virtual:get_basic_memory_info .State=4096, .RegionSize=0x1000 ... 06dc:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x13fff0fff, info_class=0, 0x21f760, 48, 0x21f728) 06dc:err:virtual:get_basic_memory_info .State=65536, .RegionSize=0x10000 , .BaseAddress=0x13fff0000 06dc:trace:virtual:NtAllocateVirtualMemory 0xffffffffffffffff 0x13fff0000 00010000 3000 00000040
After the patch:
... 0398:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x13ffb0fff, info_class=0, 0x21f760, 48, 0x21f728) 0398:err:virtual:get_basic_memory_info .State=65536, .RegionSize=0x10000 , .BaseAddress=0x13ffb0000 0398:trace:virtual:NtAllocateVirtualMemory 0xffffffffffffffff 0x13ffb0000 00010000 3000 00000040
This works fine, and corresponds to the following in src/skse64/skse64/skse64.cpp (https://github.com/JimBeamBeagle/SimplyKnock/blob/e0e64412201c9eac1881377e35... ):
if(!g_branchTrampoline.Create(1024 * 64)) { _ERROR("couldn't create branch trampoline. this is fatal. skipping remainder of init process."); return; }
However, what fails is the line right after in the log:
0398:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x2236ffff, info_class=0, 0x21f760, 48, 0x21f728) 0398:err:virtual:get_basic_memory_info .State=65536, .RegionSize=0x1000 , .BaseAddress=0x2236f000
Source code (the difference here is g_moduleHandle, which is the handle of skse_1_5_97.dll, which loads at 0x22370000):
if(!g_localTrampoline.Create(1024 * 64, g_moduleHandle)) { _ERROR("couldn't create codegen buffer. this is fatal. skipping remainder of init process."); return; }
The reason this fails is because of the following in BranchTrampoline::Create (src/skse64/skse64_common/BranchTrampoline.cpp, link: https://github.com/JimBeamBeagle/SimplyKnock/blob/e0e64412201c9eac1881377e35... ):
uintptr_t lowestOKAddress = moduleBase - 0x80000000 + (1024 * 1024 * 128); // largest 32-bit displacement with 128MB scratch space ... if (addr < lowestOKAddress) { _ERROR("couldn't allocate trampoline, no free space before image"); break; }
lowestOKAddress = 0x22370000 - 0x80000000 + (1024 * 1024 * 128), which is a negative value (and therefore overflows).
Applying an updated version of the SKSE hack (sending MEM_TOP_DOWN to NtMapViewOfSection in open_dll_file) allows it to work fine (loads it at 7FFFFED40000), but this is probably not a proper solution.