https://bugs.winehq.org/show_bug.cgi?id=45326
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|unimplemented function |Multiple 64-bit kernel |ntoskrnl.exe.__C_specific_h |drivers crash on |andler, aborting |unimplemented function | |ntoskrnl.exe.__C_specific_h | |andler (NoxPlayer 6.x, | |MTA:SA 1.5.x) Hardware|x86 |x86-64
--- Comment #11 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming too.
Taking the example from comment #10 -> NoxPlayer 6.x
NoxPlayer is heavily based on VirtualBox infrastructure, which includes multiple kernel drivers.
Trace log:
--- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl,+service wine net start YSDrv >>log.txt 2>&1 ... 0009:Call KERNEL32.WideCharToMultiByte(000001b5,00000000,00335d80 L"The VBox Support Driver service is starting.\r\n",0000002e,00145688,0000002e,00000000,00000000) ret=7efeb7a7 ... 002f:trace:service:QueryServiceConfigW Image path = L"C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys" 002f:trace:service:QueryServiceConfigW Group = L"" 002f:trace:service:QueryServiceConfigW Dependencies = L"" 002f:trace:service:QueryServiceConfigW Service account name = L"LocalSystem" 002f:trace:service:QueryServiceConfigW Display name = L"VBox Support Driver" 002f:Ret advapi32.QueryServiceConfigW() retval=00000001 ret=7fca4a16a2a6 002f:trace:ntoskrnl:open_driver opened service for driver L"\Registry\Machine\System\CurrentControlSet\Services\YSDrv" ... 002f:trace:ntoskrnl:load_driver loading driver L"C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys" 002f:Call KERNEL32.LoadLibraryW(00027070 L"C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys") ret=7fca4a15cc0c ... 002f:Call driver init 0x1400127e0 (obj=0x26ee0,str=L"\Registry\Machine\System\CurrentControlSet\Services\YSDrv") ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryMaximumGroupCount" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetProcessorIndexFromNumber" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetProcessorNumberFromIndex" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeIpiGenericCall" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeSetTargetProcessorDpcEx" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeInitializeAffinityEx" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeAddProcessorAffinityEx" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetProcessorIndexFromNumber" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetProcessorNumberFromIndex" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetCurrentProcessorNumberEx" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryMaximumProcessorCount" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryMaximumProcessorCountEx" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryMaximumGroupCount" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryActiveProcessorCount" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryActiveProcessorCountEx" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryLogicalProcessorRelationship" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeRegisterProcessorChangeCallback" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeDeregisterProcessorChangeCallback" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryInterruptTimePrecise" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQuerySystemTimePrecise" not found ... 002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"HalRequestIpi" not found ... 002f:Call ntoskrnl.exe.PsGetVersion(0033f5c0,0033f5c8,0033f5d0,00000000) ret=140024c75 002f:Call ntdll.RtlGetVersion(0033f2b0) ret=7fca4a167b5d 002f:Ret ntdll.RtlGetVersion() retval=00000000 ret=7fca4a167b5d 002f:Ret ntoskrnl.exe.PsGetVersion() retval=00000001 ret=140024c75 002f:Call ntoskrnl.exe.RtlGetVersion(0033f490) ret=140024cd1 002f:Call ntdll.RtlGetVersion(0033f490) ret=7bc808ef 002f:Ret ntdll.RtlGetVersion() retval=00000000 ret=7bc808ef 002f:Ret ntoskrnl.exe.RtlGetVersion() retval=00000000 ret=140024cd1 002f:trace:seh:NtRaiseException code=c0000096 flags=0 addr=0x1400251ac ip=1400251ac tid=002f 002f:trace:seh:NtRaiseException rax=0000000000000002 rbx=0000000000027070 rcx=00007fca58290997 rdx=0000000000000000 002f:trace:seh:NtRaiseException rsi=0000000000026ee0 rdi=0000000000027048 rbp=0000000000000000 rsp=000000000033f5c0 002f:trace:seh:NtRaiseException r8=0000000000000000 r9=000000000033ec00 r10=0000000000000000 r11=0000000000000000 002f:trace:seh:NtRaiseException r12=0000000000026ee0 r13=0000000000000000 r14=00000000000259e8 r15=00000001400127e0 002f:trace:seh:call_vectored_handlers calling handler at 0x7fca4a15c1a0 code=c0000096 flags=0 002f:trace:seh:call_vectored_handlers handler at 0x7fca4a15c1a0 returned ffffffff 002f:trace:seh:NtRaiseException code=c0000096 flags=0 addr=0x1400251c5 ip=1400251c5 tid=002f 002f:trace:seh:NtRaiseException rax=0000000000000002 rbx=0000000000027070 rcx=00007fca58290997 rdx=0000000000000000 002f:trace:seh:NtRaiseException rsi=0000000000026ee0 rdi=0000000000027048 rbp=0000000000000000 rsp=000000000033f5c0 002f:trace:seh:NtRaiseException r8=0000000000000000 r9=000000000033ec00 r10=0000000000000000 r11=0000000000000000 002f:trace:seh:NtRaiseException r12=0000000000026ee0 r13=0000000000000000 r14=00000000000259e8 r15=00000001400127e0 002f:trace:seh:call_vectored_handlers calling handler at 0x7fca4a15c1a0 code=c0000096 flags=0 002f:trace:seh:call_vectored_handlers handler at 0x7fca4a15c1a0 returned ffffffff 002f:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x1400251ed ip=1400251ed tid=002f 002f:trace:seh:NtRaiseException info[0]=0000000000000000 002f:trace:seh:NtRaiseException info[1]=0000000000000020 002f:trace:seh:NtRaiseException rax=0000000000000000 rbx=00000000756e6547 rcx=000000006c65746e rdx=0000000049656e69 002f:trace:seh:NtRaiseException rsi=0000000000026ee0 rdi=0000000000027048 rbp=0000000000000000 rsp=000000000033f5c0 002f:trace:seh:NtRaiseException r8=0000000000000000 r9=000000000033ec00 r10=0000000000000000 r11=0000000000000000 002f:trace:seh:NtRaiseException r12=0000000000026ee0 r13=0000000000000000 r14=00000000000259e8 r15=00000001400127e0 002f:trace:seh:call_vectored_handlers calling handler at 0x7fca4a15c1a0 code=c0000005 flags=0 002f:trace:seh:call_vectored_handlers handler at 0x7fca4a15c1a0 returned 0 002f:trace:seh:RtlVirtualUnwind type 1 rip 1400251ed rsp 33f5c0 002f:trace:seh:dump_unwind_info **** func 24e70-2542f 002f:trace:seh:dump_unwind_info unwind info at 0x14003ab6c flags 1 prolog 0x10 bytes function 0x140024e70-0x14002542f 002f:trace:seh:dump_unwind_info 0x10: subq $0x60,%rsp 002f:trace:seh:dump_unwind_info 0xc: pushq %r15 002f:trace:seh:dump_unwind_info 0xa: pushq %r14 002f:trace:seh:dump_unwind_info 0x8: pushq %r13 002f:trace:seh:dump_unwind_info 0x6: pushq %r12 002f:trace:seh:dump_unwind_info 0x4: pushq %rdi 002f:trace:seh:dump_unwind_info 0x3: pushq %rsi 002f:trace:seh:dump_unwind_info 0x2: pushq %rbx 002f:trace:seh:dump_unwind_info handler 0x14002b3e8 data at 0x14003ab84 002f:trace:seh:call_handler calling handler 0x14002b3e8 (rec=0x33f480, frame=0x33f5c0 context=0x33e950, dispatch=0x33e820) 002f:trace:seh:NtRaiseException code=80000100 flags=1 addr=0x7bc5e16c ip=7bc5e16c tid=002f 002f:trace:seh:NtRaiseException info[0]=0000000140057848 002f:trace:seh:NtRaiseException info[1]=00000001400572ee wine: Call from 0x7bc5e16c to unimplemented function ntoskrnl.exe.__C_specific_handler, aborting --- snip ---
Driver registry entry:
--- snip --- [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\YSDrv] "DisplayName"="VBox Support Driver" "ErrorControl"=dword:00000001 "ImagePath"="C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys" "ObjectName"="LocalSystem" "PreshutdownTimeout"=dword:0002bf20 "Start"=dword:00000003 "Type"=dword:00000001 --- snip ---
Dissecting the trace log:
--- snip --- 00000001400251AC mov r8, cr8 ; read old TPR --- snip ---
64-bit TPR access, exception handled (instruction emulated)
https://xem.github.io/minix86/manual/intel-x86-and-64-manual-vol3/o_fe12b1e2...
("Chapter 10.8.3 Interrupt, Task and Processor Priority")
--- snip --- 00000001400251B0 mov [rsp+98h+arg_10], r8 00000001400251B8 mov [rsp+98h+arg_0], r8b 00000001400251C0 mov eax, 2 00000001400251C5 mov cr8, rax ; write new task priority (TPR) --- snip ---
64-bit TPR access, exception handled (instruction emulated)
--- snip --- 00000001400251C9 xor eax, eax 00000001400251CB xor ecx, ecx 00000001400251CD cpuid 00000001400251CF mov [rsp+98h+var_44], eax 00000001400251D3 mov [rsp+98h+var_50], ebx 00000001400251D7 mov [rsp+98h+var_48], ecx 00000001400251DB mov [rsp+98h+var_4C], edx 00000001400251DF mov byte ptr [rsp+98h+var_44], 0 00000001400251E4 mov rax, gs:18h 00000001400251ED mov rdi, [rax+20h] ; *boom* 00000001400251F1 mov [rsp+98h+var_68], rdi 00000001400251F6 jmp short loc_14002520F 00000001400251F8 xor edi, edi 00000001400251FA mov [rsp+98h+var_68], rdi 00000001400251FF movzx eax, [rsp+98h+arg_0] 0000000140025207 mov [rsp+98h+arg_10], rax ... --- snip ---
GS:[0x18] -> NT SubSystemTib
Looks like it's trying to access some unknown member there.
I found the C scope table for the function-specific exception handler here:
--- snip --- ... 000000014003AB88 C_SCOPE_TABLE <rva loc_1400251E4, rva loc_1400251F8, 1, \ 000000014003AB88 rva loc_1400251F8> ... --- snip ---
which indicates a NULL 'NT SubSystemTib' is kinda expected on Win64
---
In case of MTA San Andreas 1.5.x (https://mtasa.com/download/), the driver causing this (due to other Wine insufficiencies):
--- snip --- [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD] "DisplayName"="FairplayKD" "ErrorControl"=dword:00000001 "ImagePath"="C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys" "ObjectName"="LocalSystem" "PreshutdownTimeout"=dword:0002bf20 "Start"=dword:00000003 "Type"=dword:00000001 "WOW64"=dword:00000001 --- snip ---
Regards