https://bugs.winehq.org/show_bug.cgi?id=43358
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://www.eveonline.com/d | |ownload Keywords| |download CC| |focht@gmx.net Summary|xaudio crashes in EVE |EVE Online crashes on |Online during launch |startup in Win7+ mode |(OnVoiceProcessingPassStart |(XAudio 2.7 |corrupts %esi register?) |'IXAudio2SourceVoice::GetSt | |ate' called with 'Flags' | |parameter, causing %ESI or | |%EDI register corruption)
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming, it's essentially the same problem as analysed in bug 42520 ("Multiple Wargaming.net games crash on startup in Win7+ mode (XAudio 2.7 'IXAudio2SourceVoice::GetState' called with 'Flags' parameter, causing register corruption) (World of {Tanks, Warships})")
--- snip --- Unhandled exception: page fault on read access to 0x00000f70 in 32-bit code (0xf5cbe795). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:f5cbe795 ESP:0fd1fd14 EBP:0fd1fe68 EFLAGS:00010202( R- -- I - - - ) EAX:0fd1fd48 EBX:00000000 ECX:00000000 EDX:00000008 ESI:f5cce000 EDI:00000000 Stack dump: 0x0fd1fd14: 00001016 0fd1fd48 00000000 00000000 0x0fd1fd24: 00010007 00000000 00000000 00000000 0x0fd1fd34: 00000000 00000000 00000000 0000027f 0x0fd1fd44: 00000000 00000000 00000000 00000000 0x0fd1fd54: 00000000 00000000 00000000 00000000 0x0fd1fd64: 00000000 0fd1fd90 f5cce000 0fd1fd90 Backtrace: =>0 0xf5cbe795 update_source_state+0x25(src=(nil)) [/home/focht/projects/wine/mainline-src/dlls/xaudio2_7/xaudio_dll.c:2308] in xaudio2_7 (0x0fd1fe68) 1 0xf5cbee95 engine_threadproc+0x1b4(arg=<couldn't compute location>) [/home/focht/projects/wine/mainline-src/dlls/xaudio2_7/xaudio_dll.c:2451] in xaudio2_7 (0x0fd1fed8) 2 0x7bc82f24 call_thread_func_wrapper+0xb() in ntdll (0x0fd1feec) 3 0x7bc862f0 call_thread_func+0xcf() [/home/focht/projects/wine/mainline-src/dlls/ntdll/signal_i386.c:2654] in ntdll (0x0fd1ffdc) 4 0x7bc82f16 call_thread_entry+0x9() in ntdll (0x0fd1ffec) 0xf5cbe795 update_source_state+0x25 [/home/focht/projects/wine/mainline-src/dlls/xaudio2_7/xaudio_dll.c:2308] in xaudio2_7: pushl 0xf70(%edi) 2308 alGetSourcei(src->al_src, AL_BUFFERS_PROCESSED, &processed); Modules: Module Address Debug info Name (241 modules) PE 340000- 376000 Deferred _yaml.pyd PE 3d0000- 3e9000 Deferred cairo-script PE 400000- 489000 Deferred exefile PE 3420000- 3517000 Deferred _ssl.pyd PE 3630000- 36d7000 Deferred d3dinfo.pyd PE 36e0000- 3806000 Deferred cairo PE 3810000- 385d000 Deferred tbb PE 3860000- 387e000 Deferred gfsdk_aftermath_lib.x86 PE 38a0000- 38e0000 Deferred _evelocalization PE 38e0000- 3912000 Deferred geo2 PE 3920000- 39e4000 Deferred pyfsd PE 39f0000- 39fd000 Deferred character_colorlocationsloader.pyd PE 3a00000- 471f000 Deferred _trinity_dx11_deploy PE 4720000- 472d000 Deferred character_colornamesloader.pyd PE 4730000- 473d000 Deferred character_modifierlocationsloader.pyd PE 4740000- 474d000 Deferred character_resourcesloader.pyd PE 4750000- 475d000 Deferred character_sculptinglocationsloader.pyd PE 4760000- 4783000 Deferred pyexpat.pyd PE 4790000- 47a3000 Deferred graphicidsloader.pyd PE 47b0000- 47be000 Deferred graphicmaterialsetsloader.pyd PE 47c0000- 484d000 Deferred _destiny PE 4850000- 4863000 Deferred explosionbucketidsloader.pyd PE 4870000- 487d000 Deferred explosionidsloader.pyd PE 4880000- 488e000 Deferred iconidsloader.pyd PE 4890000- 489c000 Deferred soundidsloader.pyd PE 48a0000- 48b2000 Deferred graphiclocationsloader.pyd PE 48c0000- 48cf000 Deferred activitynodesloader.pyd PE 48d0000- 48e2000 Deferred pychartdir27.pyd PE 48f0000- 4903000 Deferred dynamicitemattributesloader.pyd PE 49b0000- 49c4000 Deferred _ime PE 4a20000- 4a32000 Deferred groupgraphicsloader.pyd PE 4a40000- 4c1e000 Deferred _audio2 PE 4d30000- 4d5e000 Deferred _planetresources PE 4d60000- 4d73000 Deferred effectsequencesloader.pyd PE 50c0000- 5274000 Deferred _videoplayer PE 5280000- 532b000 Deferred unicodedata.pyd PE 5330000- 53d9000 Deferred pyevepathfinder PE 53e0000- 53ef000 Deferred effectsloader.pyd PE 53f0000- 5401000 Deferred loginrewardsloader.pyd PE 5da0000- 5fd6000 Deferred chartdir PE 10000000-103f0000 Deferred blue PE 1d1a0000-1d1b7000 Deferred _ctypes.pyd PE 1e000000-1e3c2000 Deferred python27 ELF 7a800000-7a940000 Deferred opengl32<elf> -PE 7a820000-7a940000 \ opengl32 ELF 7b400000-7b7ee000 Deferred kernel32<elf> -PE 7b420000-7b7ee000 \ kernel32 ELF 7bc00000-7bd02000 Dwarf ntdll<elf> -PE 7bc10000-7bd02000 \ ntdll ELF 7c000000-7c004000 Deferred <wine-loader> ... ELF f5ca7000-f5ccf000 Dwarf xaudio2_7<elf> -PE f5cb0000-f5ccf000 \ xaudio2_7 ... ELF f7fee000-f7ff0000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) ... 000001b0 evelauncher.exe 0000011c 0 ... 000001e0 QtWebEngineProcess.exe 0000018f 0 ... 00000118 LogLite.exe 00000141 0 00000119 0 0000011a (D) C:\EVE\SharedCache\tq\bin\exefile.exe 00000188 0 00000172 0 00000171 2 000000db 15 00000170 0 <== ... --- snip ---
Disassembly of 'update_source_state' (crash site):
--- snip --- F6136770 55 PUSH EBP F6136771 89E5 MOV EBP,ESP F6136773 57 PUSH EDI F6136774 89C7 MOV EDI,EAX F6136776 56 PUSH ESI F6136777 8D85 E0FEFFFF LEA EAX,DWORD PTR SS:[EBP-120] F613677D E8 0CE8FFFF CALL xaudio2_.__x86.get_pc_thunk.si F6136782 81C6 7EF80000 ADD ESI,0F87E F6136788 53 PUSH EBX F6136789 81EC 40010000 SUB ESP,140 F613678F 50 PUSH EAX F6136790 68 16100000 PUSH 1016 F6136795 FFB7 700F0000 PUSH DWORD PTR DS:[EDI+F70] ; EDI == NULL -> *boom* F613679B 89F3 MOV EBX,ESI F613679D 89B5 D4FEFFFF MOV DWORD PTR SS:[EBP-12C],ESI F61367A3 E8 28A8FFFF CALL xaudio2_.F6130FD0 F61367A8 8B85 E0FEFFFF MOV EAX,DWORD PTR SS:[EBP-120] F61367AE 83C4 10 ADD ESP,10 F61367B1 85C0 TEST EAX,EAX F61367B3 0F8F 3F030000 JG xaudio2_.F6136AF8 F61367B9 8B77 40 MOV ESI,DWORD PTR DS:[EDI+40] F61367BC 85F6 TEST ESI,ESI F61367BE 75 10 JNZ SHORT xaudio2_.F61367D0 F61367C0 8D65 F4 LEA ESP,DWORD PTR SS:[EBP-C] F61367C3 5B POP EBX F61367C4 5E POP ESI F61367C5 5F POP EDI F61367C6 5D POP EBP F61367C7 C3 RETN --- snip ----
Disassembly of EVE Online client 'XAudio2VoiceCallback::OnVoiceProcessingPassStart' callback (in '_audio2.dll'):
--- snip --- 04B83DF0 55 PUSH EBP 04B83DF1 8BEC MOV EBP,ESP 04B83DF3 83EC 34 SUB ESP,34 04B83DF6 56 PUSH ESI 04B83DF7 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8] 04B83DFA 8B46 18 MOV EAX,DWORD PTR DS:[ESI+18] 04B83DFD 8B08 MOV ECX,DWORD PTR DS:[EAX] 04B83DFF 57 PUSH EDI ; caller local 'src' reg val 04B83E00 6A 00 PUSH 0 ; flags -> problem! 04B83E02 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10] 04B83E05 52 PUSH EDX ; pVoiceState 04B83E06 50 PUSH EAX ; iface 04B83E07 8B41 64 MOV EAX,DWORD PTR DS:[ECX+64] ; xaudio2_.XA27SRC_GetState -> compat wrapper! 04B83E0A FFD0 CALL EAX 04B83E0C 0FB74E 48 MOVZX ECX,WORD PTR DS:[ESI+48] 04B83E10 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] 04B83E13 33D2 XOR EDX,EDX 04B83E15 F7F1 DIV ECX 04B83E17 8B56 44 MOV EDX,DWORD PTR DS:[ESI+44] 04B83E1A 33FF XOR EDI,EDI 04B83E1C 8945 08 MOV DWORD PTR SS:[EBP+8],EAX 04B83E1F 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] 04B83E22 2BD0 SUB EDX,EAX 04B83E24 74 77 JE SHORT _audio2.04B83E9D 04B83E26 EB 08 JMP SHORT _audio2.04B83E30 04B83E28 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] 04B83E2F 90 NOP 04B83E30 0FB70D D8C4BF04 MOVZX ECX,WORD PTR DS:[4BFC4D8] 04B83E37 33C0 XOR EAX,EAX 04B83E39 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX 04B83E3C 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX 04B83E3F 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX 04B83E42 8945 DC MOV DWORD PTR SS:[EBP-24],EAX 04B83E45 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX 04B83E48 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX 04B83E4B 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX 04B83E4E 8945 EC MOV DWORD PTR SS:[EBP-14],EAX 04B83E51 0FB746 48 MOVZX EAX,WORD PTR DS:[ESI+48] 04B83E55 0FAFC1 IMUL EAX,ECX 04B83E58 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX 04B83E5B 0FB746 22 MOVZX EAX,WORD PTR DS:[ESI+22] 04B83E5F C745 CC 00000000 MOV DWORD PTR SS:[EBP-34],0 04B83E66 8B4C86 24 MOV ECX,DWORD PTR DS:[ESI+EAX*4+24] 04B83E6A 40 INC EAX 04B83E6B 894D D4 MOV DWORD PTR SS:[EBP-2C],ECX 04B83E6E 66:8946 22 MOV WORD PTR DS:[ESI+22],AX 04B83E72 66:83F8 08 CMP AX,8 04B83E76 75 06 JNZ SHORT _audio2.04B83E7E 04B83E78 33D2 XOR EDX,EDX 04B83E7A 66:8956 22 MOV WORD PTR DS:[ESI+22],DX 04B83E7E 8B46 18 MOV EAX,DWORD PTR DS:[ESI+18] 04B83E81 8B08 MOV ECX,DWORD PTR DS:[EAX] 04B83E83 6A 00 PUSH 0 04B83E85 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34] 04B83E88 52 PUSH EDX 04B83E89 50 PUSH EAX 04B83E8A 8B41 54 MOV EAX,DWORD PTR DS:[ECX+54] ; xaudio2_.XA27SRC_SubmitSourceBuffer 04B83E8D FFD0 CALL EAX 04B83E8F FF45 F4 INC DWORD PTR SS:[EBP-C] 04B83E92 8B4E 44 MOV ECX,DWORD PTR DS:[ESI+44] 04B83E95 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] 04B83E98 47 INC EDI 04B83E99 2BC8 SUB ECX,EAX 04B83E9B 75 93 JNZ SHORT _audio2.04B83E30 04B83E9D 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] 04B83EA0 0B55 FC OR EDX,DWORD PTR SS:[EBP-4] 04B83EA3 74 13 JE SHORT _audio2.04B83EB8 04B83EA5 0FB70D D8C4BF04 MOVZX ECX,WORD PTR DS:[4BFC4D8] 04B83EAC 0FAFCF IMUL ECX,EDI 04B83EAF 3B4D 08 CMP ECX,DWORD PTR SS:[EBP+8] 04B83EB2 73 04 JNB SHORT _audio2.04B83EB8 04B83EB4 C646 4A 01 MOV BYTE PTR DS:[ESI+4A],1 04B83EB8 0FB715 B064C004 MOVZX EDX,WORD PTR DS:[4C064B0] 04B83EBF 5F POP EDI ; caller EDI -> NULL 04B83EC0 5E POP ESI 04B83EC1 3BC2 CMP EAX,EDX 04B83EC3 73 0E JNB SHORT _audio2.04B83ED3 04B83EC5 8B0D A45FC004 MOV ECX,DWORD PTR DS:[4C05FA4] 04B83ECB 83C1 4C ADD ECX,4C 04B83ECE E8 FD5AF9FF CALL _audio2.04B199D0 04B83ED3 8BE5 MOV ESP,EBP 04B83ED5 5D POP EBP 04B83ED6 C2 0800 RETN 8 --- snip ---
Pretty much the same as in https://bugs.winehq.org/show_bug.cgi?id=42520#c17
In my case %EDI gets corrupted but that's likely due to different GCC version/settings used for building Wine. The assembly wrapper saves both, %ESI and %ESI so most Wine builds should be fine.
I don't see a problem with the Wine-Staging patch being upstreamed as it fixes some major titles with default WINEPREFIX WinVer setting (Windows 7).
ProtectionID scan of CCP Audio Engine for documentation:
--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\EVE\SharedCache\duality\bin_audio2.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 1944456 (01DAB88h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x5BD2AFFB -> Fri 26th Oct 2018 06:11:07 (GMT) [TimeStamp] 0x5BD2AFFB -> Fri 26th Oct 2018 06:11:07 (GMT) | PE Header | - | Offset: 0x00000128 | VA: 0x10000128 | - [TimeStamp] 0x5BD2AFF9 -> Fri 26th Oct 2018 06:11:05 (GMT) | Export | - | Offset: 0x001B54C4 | VA: 0x101B60C4 | - [TimeStamp] 0x5BD2AFFB -> Fri 26th Oct 2018 06:11:07 (GMT) | DebugDirectory | - | Offset: 0x00171C94 | VA: 0x10172894 | - -> File Appears to be Digitally Signed @ Offset 01D9400h, size : 01788h / 06024 byte(s) [LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64) [!] Executable uses SEH Tables (/SAFESEH) (467 calculated 467 recorded... 0 invalid addresses) [LoadConfig] CodeIntegrity -> Flags 0x1 | Catalog 0x0 (0) | Catalog Offset 0x425C3A43 | Reserved 0x646C6975 [LoadConfig] GuardAddressTakenIatEntryTable 0x6E656741 | Count 0x6F775C74 (1870093428) [LoadConfig] GuardLongJumpTargetTable 0x355C6B72 | Count 0x32356466 (842359910) [LoadConfig] HybridMetadataPointer 0x30353437 | DynamicValueRelocTable 0x65396364 [LoadConfig] FailFastIndirectProc 0x5C613466 | FailFastPointer 0x5C657665 [LoadConfig] UnknownZero1 0x67617473 [File Heuristics] -> Flag #1 : 00000100000001001001000100000100 (0x04049104) [Entrypoint Section Entropy] : 6.44 (section #0) ".text " | Size : 0x170FA1 (1511329) byte(s) [DllCharacteristics] -> Flag : (0x0140) -> ASLR | DEP [SectionCount] 5 (0x5) | ImageSize 0x1DE000 (1957888) byte(s) [Export] 98% of function(s) (299 of 305) are in file | 0 are forwarded | 296 code | 9 data | 0 uninit data | 0 unknown | [VersionInfo] Company Name : CCP hf. [VersionInfo] Product Name : EVE Online [VersionInfo] Product Version : 2018.10 [VersionInfo] File Description : CCP Audio Engine [VersionInfo] File Version : 2018.10.140.1189 [VersionInfo] Original FileName : _audio2.dll [VersionInfo] Internal Name : _audio2 [VersionInfo] Legal Copyrights : © 2018 CCP hf. All rights reserved. [ModuleReport] [IAT] Modules -> blue.dll | python27.dll | KERNEL32.dll | USER32.dll | ole32.dll | MSVCP100.dll | MSVCR100.dll | SETUPAPI.dll [Debug Info] (record 1 of 1) (file offset 0x171C90) Characteristics : 0x0 | TimeDateStamp : 0x5BD2AFFB (Fri 26th Oct 2018 06:11:07 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x89 (137) AddressOfRawData : 0x1A8728 | PointerToRawData : 0x1A7B28 CvSig : 0x53445352 | SigGuid C04E1781-FFEE-4A52-BA76922A43FF4345 Age : 0x1 (1) | Pdb : C:\BuildAgent\work\5fd527450dc9ef4a\eve\staging\2018-IRPA\carbon\autobuild\audio2\exefile\Win32\v100_audio2.pdb [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.535 Second(s) [000000217h (535) tick(s)] [246 of 580 scan(s) done] --- snip ---
$ sha1sum EveLauncher-1381807.exe a96c21d62b4789c90fc10606a2a8bc144c7d5e50 EveLauncher-1381807.exe
$ du -sh EveLauncher-1381807.exe 63M EveLauncher-1381807.exe
$ wine --version wine-3.19-77-g78b3848261
Regards