https://bugs.winehq.org/show_bug.cgi?id=15980
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Rhapsody 2 crashes on |Multiple applications |startup (GetSecurityInfo |expect security descriptors |returns NULL DACL for |present in process |process object) |object/token (Rhapsody 2, | |Rockstar Games Social Club | |v1.x)
--- Comment #13 from Anastasius Focht focht@gmx.net --- Hello folks,
I found another victim: 'Rockstar Games Social Club' v1.x (part of their older games)
Download: http://social-club.software.informer.com/download/?ca4ff90
Prerequisite: .NET Framework 3.5+
Managed exception:
--- snip --- System.NullReferenceException: Object reference not set to an instance of an object. at System.Workflow.Runtime.DebugEngine.DebugController.InitializeProcessSecurity() at System.Workflow.Runtime.WorkflowRuntime.PrivateInitialize(WorkflowRuntimeSection settings) at System.Workflow.Runtime.WorkflowRuntime..ctor() at RockStartWorkflows.WorkflowManager..ctor() at RockStartWorkflows.WorkflowManager.get_Current() at RockStart.Program..ctor() at RockStart.Program.a(String[] A_0)0009:Ret KERNEL32.WriteFile() retval=00000001 ret=7a100484 --- snip ---
Relevant part of trace log:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Rockstar Games/Rockstar Games Social Club/1_0_0_0
$ WINEDEBUG=+tid,+seh,+relay,+advapi,+server wine ./RGSC.exe /launch:gta4
log.txt 2>&1
... 0025:Call advapi32.RevertToSelf() ret=0037bab3 0025: set_thread_info( handle=fffffffe, mask=4, priority=0, affinity=00000000, token=0000 ) 0025: set_thread_info() = 0 0025:Ret advapi32.RevertToSelf() retval=00000001 ret=0037bab3 ... 0025:Call advapi32.OpenProcessToken(ffffffff,000f00ff,05bde2fc) ret=0037bbf0 0025: open_token( handle=ffffffff, access=000f00ff, attributes=00000000, flags=00000000 ) 0025: open_token() = 0 { token=0274 } 0025:Ret advapi32.OpenProcessToken() retval=00000001 ret=0037bbf0 ... 0025:Call advapi32.GetKernelObjectSecurity(00000274,00000004,00000000,00000000,05bde2f4) ret=0037bcae 0025:trace:advapi:GetKernelObjectSecurity (0x274,0x00000004,(nil),0x00000000,0x5bde2f4) 0025: get_security_object( handle=0274, security_info=00000004 ) 0025: get_security_object() = 0 { sd_len=00000000, sd={} } 0025:Ret advapi32.GetKernelObjectSecurity() retval=00000000 ret=0037bcae 0025:Call KERNEL32.GetLastError() ret=0037bcb4 0025:Ret KERNEL32.GetLastError() retval=0000007a ret=0037bcb4 ... 0025:Call ole32.CoTaskMemAlloc(00000014) ret=05557e81 0025:Call ntdll.RtlAllocateHeap(00110000,00000000,00000014) ret=7e49d976 0025:Ret ntdll.RtlAllocateHeap() retval=030f9ac0 ret=7e49d976 0025:Ret ole32.CoTaskMemAlloc() retval=030f9ac0 ret=05557e81 0025:Call advapi32.GetKernelObjectSecurity(00000274,00000004,030f9ac0,00000014,05bde2f4) ret=0037bcae 0025:trace:advapi:GetKernelObjectSecurity (0x274,0x00000004,0x30f9ac0,0x00000014,0x5bde2f4) 0025: get_security_object( handle=0274, security_info=00000004 ) 0025: get_security_object() = 0 { sd_len=00000000, sd={} } 0025:Ret advapi32.GetKernelObjectSecurity() retval=00000001 ret=0037bcae 0025:Call KERNEL32.GetLastError() ret=0037bcb4 0025:Ret KERNEL32.GetLastError() retval=0000007a ret=0037bcb4 ... 0025:Call advapi32.CreateWellKnownSid(0000001a,00000000,009ea0d0,05bde2ec) ret=0037bd7b 0025:trace:advapi:CreateWellKnownSid (26, (null), 0x9ea0d0, 0x5bde2ec) 0025:Ret advapi32.CreateWellKnownSid() retval=00000001 ret=0037bd7b 0025:Call KERNEL32.GetLastError() ret=0037bd81 0025:Ret KERNEL32.GetLastError() retval=0000007a ret=0037bd81 ... 0025:trace:seh:raise_exception code=c0000005 flags=0 addr=0x555956d ip=0555956d tid=0025 0025:trace:seh:raise_exception info[0]=00000000 0025:trace:seh:raise_exception info[1]=00000000 0025:trace:seh:raise_exception eax=0544adf0 ebx=009ea054 ecx=00000000 edx=009ea15c esi=009ea15c edi=00000000 0025:trace:seh:raise_exception ebp=05bde320 esp=05bde314 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0025:trace:seh:call_stack_handlers calling handler at 0x79edc3bc code=c0000005 flags=0 ... 0025:Call msvcr80.strcmp(02e65daa "System",79e733d8 "System") ret=79e9bc7c 0025:Ret msvcr80.strcmp() retval=00000000 ret=79e9bc7c 0025:Call msvcr80.strcmp(02e66cad "NullReferenceException",79ecda8c "NullReferenceException") ret=79e9bc94 0025:Ret msvcr80.strcmp() retval=00000000 ret=79e9bc94 ... <marshal/signal exception to other thread> ... 0009:Call KERNEL32.RaiseException(e0434f4d,00000001,00000001,0033f0e4) ret=79eda91c 0009:trace:seh:raise_exception code=e0434f4d flags=1 addr=0x7b83af1f ip=7b83af1f tid=0009 0009:trace:seh:raise_exception info[0]=80004003 0009:trace:seh:raise_exception eax=7b826dfd ebx=7b8be000 ecx=80004003 edx=0033f028 esi=0033f0c4 edi=0033f090 0009:trace:seh:raise_exception ebp=0033f068 esp=0033f004 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000287 0009:trace:seh:call_stack_handlers calling handler at 0x79f908a2 code=e0434f4d flags=1 0009:Call msvcr80._except_handler4_common(7a3b3240,79e72037,0033f010,0033f0fc,0033eca0,0033eb7c) ret=79f908c1 ... --- snip ---
It basically wants to do the following:
1) get DACL for process token 2) add TOKEN_QUERY permissions for the 'Administrators' group 3) set the updated DACL for process token
'GetKernelObjectSecurity' returns an empty SD which causes the exception later.
It seems Joris van der Wel has taken over that part from Erich.
https://source.winehq.org/patches/data/106589
$ sha1sum rgsc.rar af796e8e91c7252f172fb10ce9201fec39e3162c rgsc.rar
$ du -sh rgsc.rar 212M rgsc.rar
$ wine --version wine-1.7.28-90-ga71f25d
Regards