[Bug 33127] Thunder 7.9 installer gets stuck at 93 percent with Thunder.exe live looping, trying to find free vm region

https://bugs.winehq.org/show_bug.cgi?id=33127

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Component|-unknown |ntdll Summary|installer of Thunder 7.9 |Thunder 7.9 installer gets |hangs |stuck at 93 percent with | |Thunder.exe live looping, | |trying to find free vm | |region

--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming.

Since Michael already did the analysis part, just backing with some snippets.

ProtectionID scan:

--- snip --- -=[ ProtectionID v0.6.6.7 DECEMBER]=- (c) 2003-2015 CDKiLLER & TippeX Build 24/12/14-22:48:13 Ready... Scanning -> Z:\home\focht\Downloads\Thunder.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 11856840 (0B4EBC8h) Byte(s) Compilation TimeStamp : 0x512B5AE0 -> Mon 25th Feb 2013 12:36:48 (GMT) [TimeStamp] 0x512B5AE0 -> Mon 25th Feb 2013 12:36:48 (GMT) | PE Header | - | Offset: 0x00000118 | VA: 0x00400118 | - [TimeStamp] 0x512B5AE0 -> Mon 25th Feb 2013 12:36:48 (GMT) | DebugDirectory | - | Offset: 0x000E65D4 | VA: 0x004E71D4 | - -> File Appears to be Digitally Signed @ Offset 0B4D200h, size : 019C8h / 06600 byte(s) [!] Executable uses SEH Tables (/SAFESEH) (1001 calculated 1001 recorded... 0 invalid addresses) [File Heuristics] -> Flag #1 : 00000100000001001001000000000100 (0x04049004) [Entrypoint Section Entropy] : 6.46 (section #0) ".text " | Size : 0xE4E70 (937584) byte(s) [DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA [SectionCount] 7 (0x7) | ImageSize 0xB96000 (12148736) byte(s) [VersionInfo] Company Name : ????????????? [VersionInfo] Product Name : ??7 [VersionInfo] Product Version : 7.9.1.4304 [VersionInfo] File Description : ??7 [VersionInfo] File Version : 7.9.1.4304 [VersionInfo] Original FileName : Thunder [VersionInfo] Internal Name : Thunder 2 [VersionInfo] Legal Trademarks : ?? [VersionInfo] Legal Copyrights : ???? (C) 2013 ????????????? [Debug Info] (record 1 of 1) (file offset 0xE65D0) Characteristics : 0x0 | TimeDateStamp : 0x512B5AE0 (Mon 25th Feb 2013 12:36:48 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x4F (79) AddressOfRawData : 0xFD3F8 | PointerToRawData : 0xFC7F8 CvSig : 0x53445352 | SigGuid 343D115E-D22D-4638-A1A796AA7FB17A4C Age : 0x1 | Pdb : e:\Thunder8\trunk\build\pdb\ProductRelease\Thunder.pdb [CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008) [!] File appears to have no protection or is using an unknown protection - Scan Took : 2.223 Second(s) [000000AD9h (2777) tick(s)] [499 of 573 scan(s) done] --- snip ---

To reproduce:

--- snip --- $ WINEDEBUG=+tid,+seh,+relay wine "C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe" -associate:all -regprotocol:all -inittaskdb:all >>log.txt 2>&1 --- snip ---

Live loop:

--- snip --- ... 0027:Call msvcr90.??2@YAPAXI@Z(00000018) ret=00481fbe 0027:Call ntdll.RtlAllocateHeap(012c0000,00000000,00000018) ret=7e7c6e08 0027:Ret ntdll.RtlAllocateHeap() retval=012c3330 ret=7e7c6e08 0027:Ret msvcr90.??2@YAPAXI@Z() retval=012c3330 ret=00481fbe 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Call KERNEL32.VirtualQuery(3b830000,0033f128,0000001c) ret=004826fc 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Call KERNEL32.VirtualQuery(45cf0000,0033f128,0000001c) ret=004826fc 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc ... 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Call KERNEL32.VirtualQuery(45cf0000,0033f128,0000001c) ret=004826fc 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Call KERNEL32.VirtualQuery(45ce2000,0033f128,0000001c) ret=004826fc 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 ... <sequence repeats> --- snip ---

--- snip --- Wine-dbg> info share

Module Address Debug info Name (147 modules) PE 340000- 37d000 Deferred xlluaruntime PE 380000- 3c6000 Deferred xlgraphicplus PE 400000- f96000 Export thunder PE fa0000- 105e000 Deferred xlgraphic PE 1060000- 12b2000 Deferred xlue PE 10000000-10035000 Deferred xlfsio PE 21490000-214ed000 Deferred basecommunity PE 218a0000-21ad5000 Deferred downloadkernel PE 21ea0000-21f8f000 Deferred libexpat PE 22040000-2206b000 Deferred libpng13 PE 220e0000-220e9000 Deferred minizip PE 222b0000-22329000 Deferred sqlite3 PE 22660000-2268a000 Deferred xlstat PE 226c0000-22709000 Deferred xlusers PE 22760000-22773000 Deferred zlib1 PE 45cf0000-45d04000 Deferred wlanapi PE 72fa0000-72fb0000 Deferred wzcsapi ELF 7b800000-7ba71000 Dwarf kernel32<elf> -PE 7b820000-7ba71000 \ kernel32 ELF 7bc00000-7bd04000 Dwarf ntdll<elf> -PE 7bc20000-7bd04000 \ ntdll ELF 7bf00000-7bf04000 Deferred <wine-loader> ... --- snip ---

The app considers the following ranges in search for regions marked as 'MEM_FREE' (0x10000).

--- snip --- (Kernel32_LoadLibraryA_addr & ~(PAGESIZE-1))-0x40000000 ... 0x50000000 <reserved> 0x80000000 <reserved> 0x80010000 ... 0xfff80000 --- snip ---

The hang could theoretically happen even on Windows if the first iteration doesn't find a free region (either module mappings or other types).

Regards