https://bugs.winehq.org/show_bug.cgi?id=51375
Bug ID: 51375 Summary: SCM erroneously tries to start 64-bit kernel drivers as 32-bit service due to incorrect handling of 'IMAGE_FILE_DLL' image characteristics in 'kernel32.dll.GetBinaryTypeW' (Protect DiSC 'acedrv11.sys') Product: Wine Version: 6.11 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: kernel32 Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says.
https://web.archive.org/web/20210701055235/https://dl.4players.de/f1/pc/cobr...
'acedrv11.sys' kernel service from 'Protect DiSC' DRM scheme (continuation of bug 39734) fails to load. It's a 64-bit driver with 'WOW64=1' service entry value set by 32-bit driver installer.
--- snip --- $ pwd /home/focht/.wine/drive_c/windows/system32/drivers
$ winedump acedrv11.sys Contents of acedrv11.sys: 335288 bytes
File Header Machine: 8664 (AMD64) Number of Sections: 7 TimeDateStamp: 4890016E (Wed Jul 30 07:51:42 2008) offset 256 PointerToSymbolTable: 00000000 NumberOfSymbols: 00000000 SizeOfOptionalHeader: 00F0 Characteristics: 0022 EXECUTABLE_IMAGE LARGE_ADDRESS_AWARE
Optional Header (64bit) Magic 0x20B 523 linker version 8.00 size of code 0x24200 147968 size of initialized data 0x2a00 10752 size of uninitialized data 0x0 0 entrypoint RVA 0x29008 167944 base of code 0x1000 4096 image base 0x300000 section align 0x1000 4096 file align 0x200 512 required OS version 6.00 image version 6.00 subsystem version 5.02 Win32 Version 0x0 0 size of image 0x56000 352256 size of headers 0x400 1024 checksum 0x5db88 383880 Subsystem 0x1 (Native) DLL characteristics: 0x0000 stack reserve size 0x40000 stack commit size 0x1000 heap reserve size 0x100000 heap commit size 0x1000 loader flags 0x0 0 RVAs & sizes 0x10 16 ... --- snip ---
--- snip --- $ WINEDEBUG=+seh,+relay,+server,+ntoskrnl,+loaddll,+module wine net start acedrv11 >>log.txt 2>&1 ... 00d8:Call KERNEL32.GetBinaryTypeW(00168450 L"C:\windows\system32\drivers\acedrv11.sys",013df330) ret=140006426 ... 00d8:trace:module:GetBinaryTypeW L"C:\windows\system32\drivers\acedrv11.sys" ... 00d8:Call ntdll.NtQuerySection(00000158,00000001,013df0f0,00000040,00000000) ret=7b61b6dd 00d8: get_mapping_info( handle=0158, access=00000001 ) 00d8: get_mapping_info() = 0 { size=00056000, flags=01800000, shared_file=0000, total=176, image={base=00300000,entry_point=00329008,map_size=00056000,stack_size=00040000,stack_commit=00001000,zerobits=00000000,subsystem=00000001,subsystem_minor=0002,subsystem_major=0005,osversion_major=0006,osversion_minor=0000,image_charact=0022,dll_charact=0000,machine=8664,contains_code=1,image_flags=00,loader_flags=00000000,header_size=00000400,file_size=00051db8,checksum=0005db88}, name=L"" } 00d8:Ret ntdll.NtQuerySection() retval=00000000 ret=7b61b6dd ... 00d8:Ret KERNEL32.GetBinaryTypeW() retval=00000000 ret=140006426 00d8:Call KERNEL32.GetSystemDirectoryW(013df390,00000104) ret=1400065ed 00d8:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=1400065ed ... 00d8:Call KERNEL32.CreateProcessW(00000000,00168630 L"C:\windows\syswow64\winedevice.exe",00000000,00000000,100000000,00000400,00176aa0,00000000,013df080,013df020) ret=140006b7e ... 00d8:Ret KERNEL32.CreateProcessW() retval=00000001 ret=140006b7e ... 0114:trace:ntoskrnl:open_driver opened service for driver L"\Registry\Machine\System\CurrentControlSet\Services\acedrv11" ... 0114:trace:ntoskrnl:load_driver loading driver L"C:\windows\system32\drivers\acedrv11.sys" ... 0114:Call KERNEL32.LoadLibraryExW(0042df50 L"C:\windows\system32\drivers\acedrv11.sys",00000000,00001100) ret=00394979 ... 0114:Call kernelbase.LoadLibraryExW(0042df50 L"C:\windows\system32\drivers ... 0114:Call ntdll.LdrLoadDll(0042e290 L"C:\windows\system32\drivers;C:\windows\syswow64;C:\windows\system32\",00001100,00fcfb14,00fcfafc) ret=7b01c045 0034:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7bc42e5f 0114:trace:module:load_dll looking for L"C:\windows\system32\drivers\acedrv11.sys" in L"C:\windows\system32\drivers;C:\windows\syswow64;C:\windows\system32\" ... 0114:warn:module:load_dll Failed to load module L"C:\windows\system32\drivers\acedrv11.sys"; status=c0000135 ... 0114:Ret ntdll.LdrLoadDll() retval=c0000135 ret=7b01c045 ... 0114:Ret kernelbase.LoadLibraryExW() retval=00000000 ret=7bc3aa34 ... 0114:Ret KERNEL32.LoadLibraryExW() retval=00000000 ret=00394979 ... 0114:err:ntoskrnl:ZwLoadDriver failed to create driver L"\Registry\Machine\System\CurrentControlSet\Services\acedrv11": c0000142 --- snip ---
Workaround: Remove 'WOW64=1' registry key from service (leads to fallback with 'false' setting).
This is actually a regression:
https://source.winehq.org/git/wine.git/commitdiff/1e1f110c99fba4c33ebe85bf11... ("kernel32: Return failure in GetBinaryType() for DLL files.")
--- snip --- 166 BOOL WINAPI GetBinaryTypeW( LPCWSTR name, LPDWORD type ) 167 { 168 HANDLE hfile, mapping; 169 NTSTATUS status; 170 const WCHAR *ptr; 171 172 TRACE("%s\n", debugstr_w(name) ); 173 174 if (type == NULL) return FALSE; 175 176 hfile = CreateFileW( name, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, 0 ); 177 if ( hfile == INVALID_HANDLE_VALUE ) 178 return FALSE; 179 180 status = NtCreateSection( &mapping, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY, 181 NULL, NULL, PAGE_READONLY, SEC_IMAGE, hfile ); 182 CloseHandle( hfile ); 183 184 switch (status) 185 { 186 case STATUS_SUCCESS: 187 { 188 SECTION_IMAGE_INFORMATION info; 189 190 status = NtQuerySection( mapping, SectionImageInformation, &info, sizeof(info), NULL ); 191 CloseHandle( mapping ); 192 if (status) return FALSE; 193 if (!(info.ImageCharacteristics & IMAGE_FILE_DLL)) return FALSE; 194 switch (info.Machine) ... --- snip ---
The condition is reversed. The function shall fail if the driver binary has 'IMAGE_FILE_DLL' image characteristics set.
$ sha1sum BurningWheelsDemo.exe 6dc03653b97a0336a5c57fc4b04af61e3ebcee5e BurningWheelsDemo.exe
$ du -sh BurningWheelsDemo.exe 286M BurningWheelsDemo.exe
$ wine --version wine-6.11-235-g7f1623bc626
Regards