[Bug 27668] SecuROM 4.x/5.x: SpellForce won' t recognize original CD during install/play ('IoGetDeviceObjectPointer' needs to return real device/driver object for '\\Device\\CdRom0')

2 Jun 2018


      https://bugs.winehq.org/show_bug.cgi?id=27668
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|SecuROM 4.X: SpellForce     |SecuROM 4.x/5.x: SpellForce
                   |won't recognize original CD |won't recognize original CD
                   |during install/play         |during install/play
                   |                            |('IoGetDeviceObjectPointer'
                   |                            |needs to return real
                   |                            |device/driver object for
                   |                            |'\Device\CdRom0')
                 CC|                            |focht@gmx.net
          Component|ntdll                       |ntoskrnl
           Keywords|Abandoned?                  |
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
--- Comment #7 from Anastasius Focht focht@gmx.net ---
Hello folks,
confirming, still present.
Bought the original media myself for a few bucks.
Content of CD:
--- snip ---
$ iso-info -f /dev/cdrom 
iso-info version 2.0.0 x86_64-redhat-linux-gnu
Copyright (c) 2003-2005, 2007-2008, 2011-2015, 2017 R. Bernstein
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
__________________________________
ISO 9660 image: /dev/cdrom
Application : JOWOOD
Volume      : SF_CD1
Joliet Level: 3
__________________________________
ISO-9660 Information
  1327104 /Autorun.exe
     3638 /Autorun.ico
       47 /Autorun.inf
    15855 /ReadMe.rtf
     2048 /Shfolder
731136000 /SpellForce-Setup.exe
  1327104 /Shfolder/1.bin
  1327104 /Shfolder/2.bin
      726 /Shfolder/ReadMe.Txt
   117288 /Shfolder/ShFolder.Exe
--- snip ---
ProtectionID scan of installer and temps:
--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> D:\SpellForce-Setup.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 731136000 (02B944000h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT)
[TimeStamp] 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT) | PE Header | - |
Offset: 0x000000D8 | VA: 0x004000D8 | -
[TimeStamp] 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT) | Export | - |
Offset: 0x00002D14 | VA: 0x00404714 | -
-> File has 731121152 (02B940600h) bytes of appended data starting at offset
03A00h
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001001100000100000100 (0x0004C104)
[Entrypoint Section Entropy] : 6.28 (section #0) ".text   " | Size : 0x2126
(8486) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 4 (0x4) | ImageSize 0x7000 (28672) byte(s)
[Export] 100% of function(s) (2 of 2) are in file | 0 are forwarded | 2 code |
0 data | 0 uninit data | 0 unknown | 
[VersionInfo] Company Name : JoWooD
[VersionInfo] File Description : SpellForce - The Order of Dawn
[VersionInfo] File Version : 1.0
[VersionInfo] Legal Copyrights : 2003
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll |
ADVAPI32.dll
[-= Installer =-] Wise Installation Wizard Module !
- Scan Took : 0.809 Second(s) [000000329h (809) tick(s)] [566 of 580 scan(s)
done]
...
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> C:\users\focht\Temp\CmdLineExt03.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 43520 (0AA00h) Byte(s)
| Machine: 0x14C (I386)
Compilation TimeStamp : 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT)
[TimeStamp] 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT) | PE Header | - |
Offset: 0x00000138 | VA: 0x10000138 | -
[TimeStamp] 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT) | Export | - |
Offset: 0x00001BF0 | VA: 0x100187F0 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123)
[Entrypoint Section Entropy] : 6.45 (section #3) ".petite " | Size : 0x1893
(6291) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 5 (0x5) | ImageSize 0x1A000 (106496) byte(s)
[Export] 100% of function(s) (4 of 4) are in file | 0 are forwarded | 4 code |
0 data | 0 uninit data | 0 unknown | 
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | ADVAPI32.dll |
SHELL32.dll | ole32.dll | OLEAUT32.dll
[!] Petite v2.2 compressed !
- Scan Took : 0.283 Second(s) [00000011Bh (283) tick(s)] [246 of 580 scan(s)
done]
Scanning -> C:\users\focht\Temp\pfsvgae.sys
File Type : 32-Bit Driver (good checksum) (Subsystem : Native / 1), Size :
18944 (04A00h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x3FA25AD8 -> Fri 31st Oct 2003 12:51:36 (GMT)
[TimeStamp] 0x3FA25AD8 -> Fri 31st Oct 2003 12:51:36 (GMT) | PE Header | - |
Offset: 0x000000C8 | VA: 0x000100C8 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001001100000000000000 (0x0004C000)
[Entrypoint Section Entropy] : 6.32 (section #0) ".text   " | Size : 0x358E
(13710) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 5 (0x5) | ImageSize 0x9000 (36864) byte(s)
[ModuleReport] [IAT] Modules -> ntoskrnl.exe | HAL.dll
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.218 Second(s) [0000000DAh (218) tick(s)] [135 of 580 scan(s)
done]
Scanning -> C:\users\focht\Temp\SIntf32.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 20020 (04E34h) Byte(s)
| Machine: 0x14C (I386)
Compilation TimeStamp : 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT)
[TimeStamp] 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT) | PE Header | - |
Offset: 0x00000120 | VA: 0x30000120 | -
[TimeStamp] 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT) | Export | - |
Offset: 0x00001B20 | VA: 0x3000B720 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123)
[Entrypoint Section Entropy] : 6.42 (section #1) ".petite " | Size : 0x18D5
(6357) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 3 (0x3) | ImageSize 0xD000 (53248) byte(s)
[Export] 57% of function(s) (19 of 33) are in file | 0 are forwarded | 20 code
| 0 data | 0 uninit data | 0 unknown | 
[ModuleReport] [IAT] Modules -> KERNEL32.dll | user32.dll
[!] SecuROM 5 or lower sintf32.dll module
[!] Petite v2.2 compressed !
- Scan Took : 0.226 Second(s) [0000000E2h (226) tick(s)] [246 of 580 scan(s)
done]
Scanning -> C:\users\focht\Temp\SIntfNT.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 24740 (060A4h) Byte(s)
| Machine: 0x14C (I386)
Compilation TimeStamp : 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT)
[TimeStamp] 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT) | PE Header | - |
Offset: 0x00000108 | VA: 0x20000108 | -
[TimeStamp] 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT) | Export | - |
Offset: 0x00001B20 | VA: 0x2000D720 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123)
[Entrypoint Section Entropy] : 6.44 (section #1) ".petite " | Size : 0x1863
(6243) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 3 (0x3) | ImageSize 0xF000 (61440) byte(s)
[Export] 100% of function(s) (17 of 17) are in file | 0 are forwarded | 17 code
| 0 data | 0 uninit data | 0 unknown | 
[ModuleReport] [IAT] Modules -> KERNEL32.dll | user32.dll
[!] SecuROM 5 or lower cms32_nt.dll module
[!] Petite v2.2 compressed !
- Scan Took : 0.236 Second(s) [0000000ECh (236) tick(s)] [246 of 580 scan(s)
done] 
--- snip ---
Relevant part of trace log:
--- snip ---
$ pwd
/run/media/focht/SF_CD1
$ WINEDEBUG=+seh,+relay,+ntoskrnl wine ./SpellForce-Setup.exe >> ~/log.txt 2>&1
...
0032:Call KERNEL32.CreateFileA(0033ce8c
"C:\users\focht\Temp\pfsvgae.sys",40000000,00000000,00000000,00000002,00000000,00000000)
ret=0047be84
0032:Ret  KERNEL32.CreateFileA() retval=00000080 ret=0047be84
0032:Call KERNEL32.WriteFile(00000080,0053e0cc,00004a00,0033ca54,00000000)
ret=0047beaf
0032:Ret  KERNEL32.WriteFile() retval=00000001 ret=0047beaf
0032:Call KERNEL32.CloseHandle(00000080) ret=0047beb9
0032:Ret  KERNEL32.CloseHandle() retval=00000001 ret=0047beb9 
...
0032:Call advapi32.CreateServiceA(001d3ef8,0033d08c "pfsvgae",0033d08c
"pfsvgae",000f01ff,00000001,00000003,00000001,0033ce8c
"C:\users\focht\Temp\pfsvgae.sys",00000000,00000000,00000000,00000000,00000000)
ret=0047d73e 
...
0032:Ret  advapi32.CreateServiceA() retval=001c4f28 ret=0047d73e
0032:Call advapi32.StartServiceA(001c4f28,00000000,00000000) ret=0047d79e 
...
0034:Call KERNEL32.CreateProcessW(00000000,0011c918
L"C:\windows\system32\winedevice.exe",00000000,00000000,00000000,00000400,00450000,00000000,00ccf7ec,00ccf830)
ret=7efe4bda
...
0037:Call KERNEL32.__wine_kernel_init() ret=7bc6cfaa
0034:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7efe4bda 
...
003c:Call KERNEL32.LoadLibraryW(0011ce10
L"C:\users\focht\Temp\pfsvgae.sys") ret=7effaa36 
...
003c:Ret  KERNEL32.LoadLibraryW() retval=00780000 ret=7effaa36 
...
003c:Call driver init 0x781650
(obj=0x11cc58,str=L"\Registry\Machine\System\CurrentControlSet\Services\pfsvgae")
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f894,0065f89c
L"\Registry\Machine\System\CurrentControlSet\Services\pfsvgae")
ret=007816a9
003c:Call ntdll.RtlInitUnicodeString(0065f894,0065f89c
L"\Registry\Machine\System\CurrentControlSet\Services\pfsvgae")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f894 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f894 ret=007816a9
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f534,0078608c
L"\SystemRoot\System32\Drivers\") ret=00781d09
003c:Call ntdll.RtlInitUnicodeString(0065f534,0078608c
L"\SystemRoot\System32\Drivers\") ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f534 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f534 ret=00781d09
003c:Call ntoskrnl.exe.ZwOpenKey(0065f4d8,00000000,0065f4f8) ret=00781b90
003c:Call ntdll.NtOpenKey(0065f4d8,00000000,0065f4f8) ret=7bc80343
003c:Ret  ntdll.NtOpenKey() retval=00000000 ret=7bc80343
003c:Ret  ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=00781b90
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f4dc,0065f4e4 L"ImagePath")
ret=00781bb9
003c:Call ntdll.RtlInitUnicodeString(0065f4dc,0065f4e4 L"ImagePath")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f4dc ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f4dc ret=00781bb9
003c:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000000,00000218,206b6444)
ret=00781bca
003c:Call ntdll.RtlAllocateHeap(00110000,00000000,00000218) ret=7e988a9a
003c:Ret  ntdll.RtlAllocateHeap() retval=00120c00 ret=7e988a9a
003c:trace:ntoskrnl:ExAllocatePoolWithTag 536 pool 0 -> 0x120c00
003c:Ret  ntoskrnl.exe.ExAllocatePoolWithTag() retval=00120c00 ret=00781bca
003c:Call
ntoskrnl.exe.ZwQueryValueKey(00000044,0065f4dc,00000001,00120c00,00000218,0065f51c)
ret=00781bf9
003c:Call
ntdll.NtQueryValueKey(00000044,0065f4dc,00000001,00120c00,00000218,0065f51c)
ret=7bc80343
003c:Ret  ntdll.NtQueryValueKey() retval=c0000022 ret=7bc80343
003c:Ret  ntoskrnl.exe.ZwQueryValueKey() retval=c0000022 ret=00781bf9
003c:Call ntoskrnl.exe.ZwClose(00000044) ret=00781cb3
003c:Call ntdll.NtClose(00000044) ret=7bc80343
003c:Ret  ntdll.NtClose() retval=00000000 ret=7bc80343
003c:Ret  ntoskrnl.exe.ZwClose() retval=00000000 ret=00781cb3
003c:Call ntoskrnl.exe.RtlAppendUnicodeToString(0065f534,0065f578
L"pfsvgae.sys") ret=00781d5a
003c:Call ntdll.RtlAppendUnicodeToString(0065f534,0065f578 L"pfsvgae.sys")
ret=7bc80343
003c:Ret  ntdll.RtlAppendUnicodeToString() retval=00000000 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlAppendUnicodeToString() retval=00000000 ret=00781d5a
003c:Call ntoskrnl.exe.RtlInitUnicodeString(007862a8,007862b0
L"\SystemRoot\System32\Drivers\pfsvgae.sys") ret=00781a30
003c:Call ntdll.RtlInitUnicodeString(007862a8,007862b0
L"\SystemRoot\System32\Drivers\pfsvgae.sys") ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=007862a8 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=007862a8 ret=00781a30
003c:Call
ntoskrnl.exe.ZwCreateFile(0065f850,80000000,0065f85c,0065f854,00000000,00000080,00000000,00000001,00000004,00000000,00000000)
ret=00781e0b
003c:Call
ntdll.NtCreateFile(0065f850,80000000,0065f85c,0065f854,00000000,00000080,00000000,00000001,00000004,00000000,00000000)
ret=7bc80343
003c:Ret  ntdll.NtCreateFile() retval=c000003a ret=7bc80343
003c:Ret  ntoskrnl.exe.ZwCreateFile() retval=c000003a ret=00781e0b
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f7f0,0065f7f8
L"\Device\pfsvgae") ret=00781809
003c:Call ntdll.RtlInitUnicodeString(0065f7f0,0065f7f8 L"\Device\pfsvgae")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f7f0 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f7f0 ret=00781809
003c:Call
ntoskrnl.exe.IoCreateDevice(0011cc58,00000040,0065f7f0,00000022,00000000,00000001,0065f7ec)
ret=00781829
003c:trace:ntoskrnl:IoCreateDevice (0x11cc58, 64, L"\Device\pfsvgae", 34, 0,
1, 0x65f7ec)
003c:Call ntdll.RtlAllocateHeap(00110000,00000008,000000f8) ret=7e9876cf
003c:Ret  ntdll.RtlAllocateHeap() retval=0011ce10 ret=7e9876cf
003c:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=00781829
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f84c,0065f854
L"\Device\CdRom0") ret=00781439
003c:Call ntdll.RtlInitUnicodeString(0065f84c,0065f854 L"\Device\CdRom0")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f84c ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f84c ret=00781439
003c:Call
ntoskrnl.exe.IoGetDeviceObjectPointer(0065f84c,00000000,0065f844,0065f848)
ret=0078144f
003c:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\Device\CdRom0" 0
0x65f844 0x65f848
003c:Ret  ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=0078144f
003c:trace:ntoskrnl:ObDereferenceObject ((nil)): stub
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f840,0065f854
L"\Device\CdRom0") ret=007814a0
003c:Call ntdll.RtlInitUnicodeString(0065f840,0065f854 L"\Device\CdRom0")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f840 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f840 ret=007814a0
003c:Call
ntoskrnl.exe.IoGetDeviceObjectPointer(0065f840,00000000,0065f83c,0065f838)
ret=007814b7
003c:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\Device\CdRom0" 0
0x65f83c 0x65f838
003c:Ret  ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=007814b7
003c:Call ntoskrnl.exe.KeInitializeEvent(0065f808,00000000,00000000)
ret=00781933
003c:fixme:ntoskrnl:KeInitializeEvent stub: 0x65f808 0 0
003c:Ret  ntoskrnl.exe.KeInitializeEvent() retval=00000039 ret=00781933
003c:Call
ntoskrnl.exe.IoBuildSynchronousFsdRequest(0000001b,7e9b6600,00000000,00000000,00000000,0065f808,0065f800)
ret=00781950
003c:trace:ntoskrnl:IoBuildSynchronousFsdRequest (27 0x7e9b6600 (nil) 0 (nil)
0x65f808 0x65f800)
003c:trace:ntoskrnl:IoAllocateIrp -128, 0
003c:Call ntdll.RtlAllocateHeap(00110000,00000000,00000190) ret=7e988a9a
003c:Ret  ntdll.RtlAllocateHeap() retval=00120e20 ret=7e988a9a
003c:trace:ntoskrnl:ExAllocatePoolWithTag 400 pool 0 -> 0x120e20
003c:trace:ntoskrnl:IoInitializeIrp 0x120e20, 400, -128
003c:Ret  ntoskrnl.exe.IoBuildSynchronousFsdRequest() retval=00120e20
ret=00781950
003c:trace:ntoskrnl:__regs_IofCallDriver 0x7e9b6600 0x120e20
003c:Call driver dispatch (nil) (device=0x7e9b6600,irp=0x120e20)
003c:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000
tid=003c
003c:trace:seh:raise_exception  info[0]=00000000
003c:trace:seh:raise_exception  info[1]=00000000
003c:trace:seh:raise_exception  eax=00000000 ebx=0065f7c0 ecx=00000000
edx=00662f44 esi=7e9b6600 edi=0078601a
003c:trace:seh:raise_exception  ebp=0065f7a8 esp=0065f76c cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010216
003c:trace:seh:call_vectored_handlers calling handler at 0x7e984625
code=c0000005 flags=0
003c:trace:seh:call_vectored_handlers handler at 0x7e984625 returned 0
003c:trace:seh:call_stack_handlers calling handler at 0x7bcb2a96 code=c0000005
flags=0
003c:Call KERNEL32.UnhandledExceptionFilter(0065f264) ret=7bcb2ad1
wine: Unhandled page fault on read access to 0x00000000 at address (nil)
(thread 003c), starting debugger... 
...
0032:Call user32.MessageBoxA(00000000,00561240 "Incompatible system
configuration.",00497bd8 "SpellForce - The Order of Dawn",00010010)
ret=004823ac 
--- snip ---
Disassembly:
--- snip ---
00781920   83EC 18          SUB ESP,18
00781923   8D4424 08        LEA EAX,DWORD PTR SS:[ESP+8]
00781927   56               PUSH ESI
00781928   6A 00            PUSH 0
0078192A   6A 00            PUSH 0
0078192C   50               PUSH EAX
0078192D   FF15 48507800    CALL DWORD PTR DS:[<&ntoskrnl.KeInitializeEvent>]
00781933   8D4C24 04        LEA ECX,DWORD PTR SS:[ESP+4]
00781937   8D5424 0C        LEA EDX,DWORD PTR SS:[ESP+C]
0078193B   8B7424 20        MOV ESI,DWORD PTR SS:[ESP+20]
0078193F   51               PUSH ECX
00781940   52               PUSH EDX
00781941   6A 00            PUSH 0
00781943   6A 00            PUSH 0
00781945   6A 00            PUSH 0
00781947   56               PUSH ESI
00781948   6A 1B            PUSH 1B
0078194A   FF15 44507800    CALL DWORD PTR
DS:[<&ntoskrnl.IoBuildSynchronousFsdRequest>]    ; 
00781950   85C0             TEST EAX,EAX
00781952   75 0C            JNZ SHORT pfsvgae.00781960
00781954   B8 9A0000C0      MOV EAX,C000009A
00781959   5E               POP ESI
0078195A   83C4 18          ADD ESP,18
0078195D   C2 0800          RETN 8
00781960   8B48 60          MOV ECX,DWORD PTR DS:[EAX+60]
00781963   C641 DD 07       MOV BYTE PTR DS:[ECX-23],7
00781967   83E9 24          SUB ECX,24
0078196A   8BD0             MOV EDX,EAX
0078196C   C741 04 04000000 MOV DWORD PTR DS:[ECX+4],4
00781973   8BCE             MOV ECX,ESI
00781975   C740 18 BB0000C0 MOV DWORD PTR DS:[EAX+18],C00000BB
0078197C   FF15 40507800    CALL DWORD PTR DS:[<&ntoskrnl.IofCallDriver>]
00781982   8BF0             MOV ESI,EAX
00781984   81FE 03010000    CMP ESI,103
0078198A   75 17            JNZ SHORT pfsvgae.007819A3
...
--- snip ---
Currently 'IoGetDeviceObjectPointer()' returns a stub device and driver.
The driver fields (dispatch table) are empty, hence the crash.
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl...
--- snip ---
1211 NTSTATUS  WINAPI IoGetDeviceObjectPointer( UNICODE_STRING *name,
ACCESS_MASK access, PFILE_OBJECT *file, PDEVICE_OBJECT *device )
1212 {
1213     static DEVICE_OBJECT stub_device;
1214     static DRIVER_OBJECT stub_driver;
1215 
1216     FIXME( "stub: %s %x %p %p\n", debugstr_us(name), access, file, device
);
1217 
1218     stub_device.StackSize = 0x80; /* minimum value to appease SecuROM 5.x
*/
1219     stub_device.DriverObject = &stub_driver;
1220 
1221     *file  = NULL;
1222     *device = &stub_device;
1223 
1224     return STATUS_SUCCESS;
1225 }
--- snip ---
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl...
--- snip ---
1317 NTSTATUS WINAPI IoCallDriver( DEVICE_OBJECT *device, IRP *irp )
1318 {
1319     PDRIVER_DISPATCH dispatch;
1320     IO_STACK_LOCATION *irpsp;
1321     NTSTATUS status;
1322 
1323     --irp->CurrentLocation;
1324     irpsp = --irp->Tail.Overlay.s.u2.CurrentStackLocation;
1325     dispatch = device->DriverObject->MajorFunction[irpsp->MajorFunction];
1326 
1327     TRACE_(relay)( "\1Call driver dispatch %p (device=%p,irp=%p)\n",
dispatch, device, irp );
1328 
1329     status = dispatch( device, irp );
1330 
1331     TRACE_(relay)( "\1Ret  driver dispatch %p (device=%p,irp=%p)
retval=%08x\n",
1332                    dispatch, device, irp, status );
1333 
1334     return status;
1335 }
--- snip ---
On could argue there should be a NULL ptr check before calling the dispatch
function. In a real driver setup this wouldn't be necessary though.
Anway, a real device/driver instance has to be returned for '\Device\CdRom0'
because the driver issues ioctls via 'IoBuildSynchronousFsdRequest()' +
'IoCallDriver()' and expects them to succeed (return data).
$ wine --version
wine-3.9-149-ge3648c7a61
Regards
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 27668] SecuROM 4.x/5.x: SpellForce won' t recognize original CD during install/play ('IoGetDeviceObjectPointer' needs to return real device/driver object for '\\Device\\CdRom0')