https://bugs.winehq.org/show_bug.cgi?id=46804
Bug ID: 46804 Summary: StarForce v3 kernel driver service 'sfhlp02' crashes in driver entry point due to 'ntoskrnl.exe.IoCreateSynchronizationEvent' stub Product: Wine Version: 4.3 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
while revisiting bug 44925 I've noticed the SF driver crashes now in entry point. Technically a regression due to the introduction of "kernel" synchronization objects/functions. Bug 44588 and friends.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/TmSunriseDemoMag
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll,+process wine ./TmSunriseDemoMag.exe
log.txt 2>&1
... 0031:trace:ntoskrnl:load_driver loading driver L"System32\drivers\sfhlp02.sys" 0031:Call KERNEL32.LoadLibraryW(0011d880 L"System32\drivers\sfhlp02.sys") ret=7e97f680 0031:trace:loaddll:load_native_dll Loaded L"C:\windows\System32\drivers\sfhlp02.sys" at 0x550000: native 0031:Ret KERNEL32.LoadLibraryW() retval=00550000 ret=7e97f680 ... 0031:trace:ntoskrnl:load_driver_module L"System32\drivers\sfhlp02.sys": relocating from 0x10000 to 0x550000 ... 0031:Call driver init 0x555300 (obj=0x11d7a8,str=L"\Registry\Machine\System\CurrentControlSet\Services\sfhlp02") ... 0031:Call ntoskrnl.exe.IoCreateSymbolicLink(0042fbe4,0042fbec) ret=0055515b 0031:trace:ntoskrnl:IoCreateSymbolicLink L"\DosDevices\sfhlp02i" -> L"\Device\sfhlp02i" 0031:Call ntdll.NtCreateSymbolicLinkObject(0042fb54,000f0001,0042fb3c,0042fbec) ret=7e97adb0 0031:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7e97adb0 0031:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=0055515b ... 0031:Call ntoskrnl.exe.RtlInitUnicodeString(0042fbf0,00555334 L"\Device\StarForce - {60E30D10-C32F-4845-8477-139131D5E900}") ret=00555406 0031:Call ntdll.RtlInitUnicodeString(0042fbf0,00555334 L"\Device\StarForce - {60E30D10-C32F-4845-8477-139131D5E900}") ret=7bc87f7c 0031:Ret ntdll.RtlInitUnicodeString() retval=0042fbf0 ret=7bc87f7c 0031:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0042fbf0 ret=00555406 0031:Call ntoskrnl.exe.IoCreateSynchronizationEvent(0042fbf0,0042fbfc) ret=00555414 0031:fixme:ntoskrnl:IoCreateSynchronizationEvent (0x42fbf0 0x42fbfc) stub 0031:Ret ntoskrnl.exe.IoCreateSynchronizationEvent() retval=deadbeaf ret=00555414 0031:Call ntoskrnl.exe.KeEnterCriticalRegion() ret=0055542c 0031:fixme:ntoskrnl:KeEnterCriticalRegion : stub 0031:Ret ntoskrnl.exe.KeEnterCriticalRegion() retval=00000031 ret=0055542c 0031:Call ntoskrnl.exe.KeWaitForSingleObject(deadbeaf,00000000,00000000,00000000,00000000) ret=00555437 0031:trace:ntoskrnl:KeWaitForMultipleObjects count 1, objs 0x42fb70, wait_type 1, reason 0, mode 0, alertable 0, timeout (nil), wait_blocks (nil). 0031:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e9817a9 ip=7e9817a9 tid=0031 0031:trace:seh:raise_exception info[0]=00000000 0031:trace:seh:raise_exception info[1]=deadbeb7 0031:trace:seh:raise_exception eax=deadbeb7 ebx=0042fb20 ecx=0042f9b0 edx=00000000 esi=0042fbc4 edi=0042fb84 0031:trace:seh:raise_exception ebp=0042fb08 esp=0042f9c0 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210296 0031:trace:seh:call_vectored_handlers calling handler at 0x7e976ddd code=c0000005 flags=0 0031:trace:seh:call_vectored_handlers handler at 0x7e976ddd returned 0 0031:trace:seh:call_stack_handlers calling handler at 0x7bcbae2a code=c0000005 flags=0 wine: Unhandled page fault on read access to 0xdeadbeb7 at address 0x7e9817a9 (thread 0031), starting debugger... --- snip ---
KeWaitForXXX functions now expect valid handles and can't deal with the fake ones from (semi) stubs.
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl...
--- snip --- 3139 PKEVENT WINAPI IoCreateSynchronizationEvent(PUNICODE_STRING name, PHANDLE handle) 3140 { 3141 FIXME("(%p %p) stub\n", name, handle); 3142 return (KEVENT *)0xdeadbeaf; 3143 } --- snip ---
$ sha1sum tmsunrisedemo_setup.exe 2d44577a71718464c595d9da91a017fb0914afc4 tmsunrisedemo_setup.exe
$ du -sh tmsunrisedemo_setup.exe 210M tmsunrisedemo_setup.exe
$ wine --version wine-4.3-188-gab7756619c
Regards