http://bugs.winehq.org/show_bug.cgi?id=23207
Krzysztof Nowicki krissn@op.pl changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |krissn@op.pl
--- Comment #14 from Krzysztof Nowicki krissn@op.pl 2011-06-14 13:09:11 CDT --- The closing of this bug was a bit premature in my opinion. After some battle with winedbg I think I got to the bottom of it:
Wine-dbg>bt Backtrace: =>0 0x7ec1c81f GetSysColor+0x1e(nIndex=0x5) [sysparams.c:2916] in user32 (0x0440efe0) 1 0x002583f4 in skinmagic (+0x183f3) (0x0440f07c) 2 0x7eba8375 BITMAP_Load+0x2d5(instance=0x7eb80000, name=*** invalid address 0x7ff7 ***, desiredx=0, desiredy=0, loadflags=0) [cursoricon.c:2512] in user32 (0x0440f14c) 3 0x7eba898f LoadImageW+0xde(hinst=(nil), name=*** invalid address 0x7ff7 ***, type=0, desiredx=0, desiredy=0, loadflags=0) [cursoricon.c:2633] in user32 (0x0440f19c) 4 0x7eba937a LoadBitmapW+0x44(instance=(nil), name=*** invalid address 0x7ff7 ***) [cursoricon.c:2906] in user32 (0x0440f1cc)
Wine-dbg>disassemble ($eip-30),($eip+10) 0x7ec1c801 GetSysColor [sysparams.c:2914] in user32: jmp 0x00258393 0x7ec1c806 GetSysColor+0x5 [sysparams.c:2914] in user32: int $3 0x7ec1c807 GetSysColor+0x6 [sysparams.c:2914] in user32: int $3 0x7ec1c808 GetSysColor+0x7 [sysparams.c:2914] in user32: int $3 0x7ec1c809 GetSysColor+0x8 [sysparams.c:2914] in user32: popl %ecx 0x7ec1c80a GetSysColor+0x9 [sysparams.c:2914] in user32: addl $0x3a7eb,%ecx 0x7ec1c810 GetSysColor+0xf [sysparams.c:2915] in user32: cmpl $0,0x8(%ebp) 0x7ec1c814 GetSysColor+0x13 [sysparams.c:2915] in user32: js 0x7ec1c828 GetSysColor+0x27 [sysparams.c:2918] in user32 0x7ec1c816 GetSysColor+0x15 [sysparams.c:2915] in user32: cmpl $30,0x8(%ebp) 0x7ec1c81a GetSysColor+0x19 [sysparams.c:2915] in user32: jnle 0x7ec1c828 GetSysColor+0x27 [sysparams.c:2918] in user32 0x7ec1c81c GetSysColor+0x1b [sysparams.c:2916] in user32: movl 0x8(%ebp),%eax 0x7ec1c81f GetSysColor+0x1e [sysparams.c:2916] in user32: movl 0x3ef4c(%ecx,%eax,4),%eax 0x7ec1c826 GetSysColor+0x25 [sysparams.c:2916] in user32: jmp 0x7ec1c82d GetSysColor+0x2c [sysparams.c:2919] in user32 0x7ec1c828 GetSysColor+0x27 [sysparams.c:2918] in user32: movl $0x0,%eax
It looks like the skinmagic DLL has hooked the call to GetSysColor. This would have worked, except that the function is PIC and in place of the int $3 instructions there used to be a call $+5 instruction. This instruction was executed by the hook code, but obviously it's results were completely wrong.
I remember that GCC has a __attribute__((ms_hook_prologue)) for generating functions with the hot-patchable prologue. Is Wine using this option?