https://bugs.winehq.org/show_bug.cgi?id=56501
Bug ID: 56501 Summary: nProtect Anti-Virus/Spyware 4.0 'tkpl2k64.sys' crashes on unimplemented function 'fltmgr.sys.FltCreateCommunicationPort' Product: Wine Version: 9.5 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: fltmgr Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
continuation of bug 49089 ("nProtect Anti-Virus/Spyware 4.0 'tkpl2k64.sys' crashes on unimplemented function 'fltmgr.sys.FltBuildDefaultSecurityDescriptor'").
To come that far one needs to work around multiple problems:
* Bug 50208 ("Multiple kernel drivers need NtQuerySystemInformation(SystemModuleInformation) to return correct ImageBaseAddress and ImageSize for modules (Sentinel HASP 'hardlock.sys', SmartGaga 'AndroidKernelX64.sys')"), otherwise the driver crashes early.
* Support of particular 'ImagePath' path variant: 'system32\foobar.sys'. I mentioned some of them in https://bugs.winehq.org/show_bug.cgi?id=47175#c4
* wineserver crash in enum_handles() callback while handling 'NtQuerySystemInformation(SystemHandleInformation,...)' request for app AV autostart-services
Download:
https://web.archive.org/web/20160510225518/http://avsd.nprotect.net/avs40/se...
--- snip --- $ WINEDEBUG=+seh,+loaddll,+ntoskrnl,+relay wine net start tkpl >>log.txt 2>&1 ... 0100:trace:ntoskrnl:load_driver loading driver L"c:\windows\system32\tkpl2k64.sys" ... 0100:trace:loaddll:build_module Loaded L"C:\windows\system32\drivers\FLTMGR.SYS" at 00006FFFFE500000: builtin 0100:trace:loaddll:build_module Loaded L"c:\windows\system32\tkpl2k64.sys" at 0000000000010000: native ... 0100:Call ntoskrnl.exe.ZwQuerySystemInformation(0000000b,7ffffe900970,00001000,7ffffeb1f878) ret=0001ff22 ... 0100:Ret ntoskrnl.exe.ZwQuerySystemInformation() retval=00000000 ret=0001ff22 ... 0100:Call ntoskrnl.exe.IoCreateSymbolicLink(7ffffeb1f948,7ffffeb1f930) ret=000115c3 0100:trace:ntoskrnl:IoCreateSymbolicLink L"\DosDevices\tkpl" -> L"\Device\tkpl" ... 0100:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=000115c3 0100:Call fltmgr.sys.FltRegisterFilter(7ffffe265110,00024d30,00026228) ret=00012f08 ... 0100:fixme:fltmgr:FltRegisterFilter Call KERNEL32.GetModuleHandleW(6ffffe504254 L"ntdll.dll") ret=6ffffe5028e2 ... 0100:Ret fltmgr.sys.FltRegisterFilter() retval=00000000 ret=00012f08 0100:Call fltmgr.sys.FltStartFiltering(deadbeaf) ret=00012f24 0100:fixme:fltmgr:FltStartFiltering (00000000DEADBEAF): stub 0100:Ret fltmgr.sys.FltStartFiltering() retval=00000000 ret=00012f24 0100:Call fltmgr.sys.FltBuildDefaultSecurityDescriptor(7ffffeb1f928,001f0001) ret=00012f43 ... 0100:Ret fltmgr.sys.FltBuildDefaultSecurityDescriptor() retval=00000000 ret=00012f43 0100:Call ntoskrnl.exe.RtlInitUnicodeString(7ffffeb1f910,00022310 L"\TKPL_Port") ret=00012f65 0100:Call ntdll.RtlInitUnicodeString(7ffffeb1f910,00022310 L"\TKPL_Port") ret=6ffffff927df 0100:Ret ntdll.RtlInitUnicodeString() retval=00000016 ret=6ffffff927df 0100:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=00000016 ret=00012f65 0100:Call KERNEL32.RaiseException(80000100,00000001,00000002,7ffffeb1f870) ret=6ffffe503195 0100:trace:seh:dispatch_exception code=80000100 (EXCEPTION_WINE_STUB) flags=1 addr=00006FFFFFC64177 ... wine: Call from 00006FFFFFC64177 to unimplemented function fltmgr.sys.FltCreateCommunicationPort, aborting --- snip ---
Microsoft docs:
https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/fltkernel/nf-...
$ sha1sum nProtectSetup_AVS40.exe 913b33ab5c9477539d4d65b9f89e67be1a6b6c13 nProtectSetup_AVS40.exe
$ du -sh nProtectSetup_AVS40.exe 36M nProtectSetup_AVS40.exe
$ wine --version wine-9.5-95-g8568848ba83
Regards