[Bug 44588] Many kernel drivers need support for kernel synchronization objects ( event, semaphore, mutex) (BattleEye's 'bedaisy.sys', Franson VSerial service 'bizvserialnt.sys')

https://bugs.winehq.org/show_bug.cgi?id=44588

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|STAGED |RESOLVED Keywords| |obfuscation Fixed by SHA1| |b9e556d5e8a47a23e8d3d919f73 | |f260de8a10eb9

--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,

this is fixed by commits:

* https://source.winehq.org/git/wine.git/commitdiff/b9e556d5e8a47a23e8d3d919f7... ("ntoskrnl.exe: Implement KeClearEvent().") * https://source.winehq.org/git/wine.git/commitdiff/af0c6b5caea8970e5caebb0304... ("ntoskrnl.exe: Implement KeWaitForMutexObject().") * https://source.winehq.org/git/wine.git/commitdiff/1aaabb781b6c1a59ea0573a57d... ("ntoskrnl.exe: Implement KeReleaseMutex() and waiting on mutexes.") * https://source.winehq.org/git/wine.git/commitdiff/e3223f30aa298044dcf5c72e0a... ("ntoskrnl.exe: Implement KeInitializeMutex().") * https://source.winehq.org/git/wine.git/commitdiff/4824d7217b61111da499ea003b... ("ntoskrnl.exe: Implement KeReleaseSemaphore() and waiting on semaphores.") * https://source.winehq.org/git/wine.git/commitdiff/8589d094ff576db6d733c74412... ("ntoskrnl.exe: Implement KeInitializeSemaphore().")

* https://source.winehq.org/git/wine.git/commitdiff/05b278675f4b213fe881bbc617... ("ntoskrnl.exe: Implement KeWaitForSingleObject().") * https://source.winehq.org/git/wine.git/commitdiff/6345787cf48dac02c17fb8848c... ("ntoskrnl.exe: Implement KeResetEvent().") * https://source.winehq.org/git/wine.git/commitdiff/469c2fd4d73ae84c716a61630e... ("ntoskrnl.exe: Implement KeSetEvent().") * https://source.winehq.org/git/wine.git/commitdiff/a29204cb1326f8344bde20a273... ("ntoskrnl.exe: Implement KeInitializeEvent().") * https://source.winehq.org/git/wine.git/commitdiff/d3b2517c8864c5cc4bc35dccc3... ("ntoskrnl.exe: Implement KeWaitForMultipleObjects().")

Thanks Zebediah

--- snip --- $ WINEDEBUG=+seh,+loaddll,+process,+service,+ntoskrnl wineboot >>log.txt 2>&1 ... 000f:trace:service:scmdatabase_load_services Loading service L"bizVSerial" 000f:trace:service:load_service_config Image path = L"System32\drivers\bizVSerialNT.sys" 000f:trace:service:load_service_config Group = (null) 000f:trace:service:load_service_config Service account name = L"LocalSystem" 000f:trace:service:load_service_config Display name = L"Franson VSerial" 000f:trace:service:load_service_config Service dependencies : (none) 000f:trace:service:load_service_config Group dependencies : (none) ... 0017:trace:service:service_thread 0x10d60 0017:trace:service:SERV_OpenSCManagerW ((null),(null),0x00000001) 0015:trace:service:svcctl_OpenSCManagerW ((null), (null), 1) 0017:trace:service:SERV_OpenSCManagerW returning 0x11920 0017:trace:service:RegisterServiceCtrlHandlerExW L"winedevice" 0x7f47d7011ab0 0x11800 0017:trace:service:SetServiceStatus 0x110c0 30 4 5 0 0 0 0 ... 000f:trace:service:process_send_start_message 0x143b0 L"bizVSerial" (nil) 0 0016:trace:service:service_handle_control L"winedevice" control 2147483648 data 0x11bb2 data_size 22 0016:trace:ntoskrnl:ZwLoadDriver (L"\Registry\Machine\System\CurrentControlSet\Services\bizVSerial") ... 0016:trace:service:QueryServiceConfigW Image path = L"System32\drivers\bizVSerialNT.sys" 0016:trace:service:QueryServiceConfigW Group = L"" 0016:trace:service:QueryServiceConfigW Dependencies = L"" 0016:trace:service:QueryServiceConfigW Service account name = L"LocalSystem" 0016:trace:service:QueryServiceConfigW Display name = L"Franson VSerial" 0016:trace:ntoskrnl:open_driver opened service for driver L"\Registry\Machine\System\CurrentControlSet\Services\bizVSerial" 0016:trace:service:SetServiceStatus 0x12e50 30 2 0 0 0 0 2710 0014:trace:service:svcctl_SetServiceStatus (0x15e80, 0x15754) 0016:trace:ntoskrnl:IoCreateDriver (L"\Driver\bizVSerial", 0x7f47c8c949c0) 0016:trace:ntoskrnl:load_driver loading driver L"System32\drivers\bizVSerialNT.sys" 0016:trace:loaddll:load_native_dll Loaded L"C:\windows\System32\drivers\bizVSerialNT.sys" at 0x460000: native 0016:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x468034 ip=468034 tid=0016 0016:trace:seh:NtRaiseException info[0]=0000000000000000 0016:trace:seh:NtRaiseException info[1]=fffff78000000320 0016:trace:seh:NtRaiseException rax=fffff78000000320 rbx=0000000000013178 rcx=0000000000013010 rdx=0000000000013178 0016:trace:seh:NtRaiseException rsi=00007f47d73b84b1 rdi=00007f47c8cd1c71 rbp=000000000033f8a0 rsp=000000000033f788 0016:trace:seh:NtRaiseException r8=0000000000466100 r9=00002b992ddfa232 r10=000000000000a000 r11=0000000000012ee0 0016:trace:seh:NtRaiseException r12=0000000000013010 r13=0000000000000000 r14=0000000000011b18 r15=0000000000468008 0016:trace:seh:call_vectored_handlers calling handler at 0x7f47c8c93260 code=c0000005 flags=0 0016:trace:seh:call_vectored_handlers handler at 0x7f47c8c93260 returned ffffffff 0016:trace:ntoskrnl:IoCreateDevice (0x13010, 496, L"\Device\bizvSerialMgr", 34, 0, 0, 0x33f790) 0016:trace:ntoskrnl:IoCreateSymbolicLink L"\DosDevices\bizSerialMgr" -> L"\Device\bizvSerialMgr" 0016:trace:ntoskrnl:KeInitializeEvent event 0x136e8, type 0, state 0. 0016:trace:ntoskrnl:KeInitializeEvent event 0x136c8, type 0, state 0. 0016:fixme:ntoskrnl:ObReferenceObjectByHandle stub: 0x3c 1fffff (nil) 0 0x136e0 (nil) 0016:trace:ntoskrnl:init_driver init done for L"bizVSerial" obj 0x13010 0016:trace:ntoskrnl:init_driver - DriverInit = 0x468008 0016:trace:ntoskrnl:init_driver - DriverStartIo = (nil) 0016:trace:ntoskrnl:init_driver - DriverUnload = 0x4613c0 0016:trace:ntoskrnl:init_driver - MajorFunction[0] = 0x461180 0016:trace:ntoskrnl:init_driver - MajorFunction[1] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[2] = 0x461228 0016:trace:ntoskrnl:init_driver - MajorFunction[3] = 0x46133c 0016:trace:ntoskrnl:init_driver - MajorFunction[4] = 0x461304 0016:trace:ntoskrnl:init_driver - MajorFunction[5] = 0x461398 0018:trace:ntoskrnl:KeWaitForMultipleObjects count 2, objs 0x56fd80, wait_type 1, reason 0, mode 0, alertable 0, timeout (nil), wait_blocks 0x56fd90. 0016:trace:ntoskrnl:init_driver - MajorFunction[6] = 0x461398 0016:trace:ntoskrnl:init_driver - MajorFunction[7] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[8] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[9] = 0x461398 0016:trace:ntoskrnl:init_driver - MajorFunction[10] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[11] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[12] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[13] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[14] = 0x4612e0 0016:trace:ntoskrnl:init_driver - MajorFunction[15] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[16] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[17] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[18] = 0x461374 0016:trace:ntoskrnl:init_driver - MajorFunction[19] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[20] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[21] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[22] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[23] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[24] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[25] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[26] = 0x7f47c8c997b0 0016:trace:ntoskrnl:init_driver - MajorFunction[27] = 0x7f47c8c997b0 0016:trace:service:SetServiceStatus 0x12e50 30 4 5 0 0 0 0 0015:trace:service:svcctl_SetServiceStatus (0x15e80, 0x15cf4) ... 0017:trace:ntoskrnl:unload_driver L"\Driver\bizVSerial" 0017:trace:service:SetServiceStatus 0x12e50 30 3 0 0 0 0 0 ... 0017:trace:ntoskrnl:KeSetEvent event 0x136c8, increment 0, wait 0. 0017:trace:ntoskrnl:KeWaitForMultipleObjects count 1, objs 0x44f900, wait_type 1, reason 6, mode 0, alertable 0, timeout (nil), wait_blocks (nil). 0018:trace:ntoskrnl:KeResetEvent event 0x136c8. 0017:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x7f47c8ca3183 ip=7f47c8ca3183 tid=0017 0017:trace:seh:NtRaiseException info[0]=0000000000000001 0017:trace:seh:NtRaiseException info[1]=00000000deadbeb7 0017:trace:seh:NtRaiseException rax=00000000deadbeaf rbx=000000000044f900 rcx=00007f47d6aed879 rdx=0000000000000000 0017:trace:seh:NtRaiseException rsi=000000000044f5c0 rdi=0000000000000000 rbp=000000000044f8a0 rsp=000000000044f580 0017:trace:seh:NtRaiseException r8=0000000000000000 r9=0000000000000000 r10=000000000044f340 r11=0000000000000246 0017:trace:seh:NtRaiseException r12=0000000000013010 r13=0000000000000001 r14=000000000044f908 r15=000000000044f900 0017:trace:seh:call_vectored_handlers calling handler at 0x7f47c8c93260 code=c0000005 flags=0 ... wine: Unhandled page fault on write access to 0xdeadbeb7 at address 0x7f47c8ca3183 (thread 0017), starting debugger... 0017:trace:seh:start_debugger Starting debugger "winedbg --auto 17 60" 0017:trace:process:CreateProcessInternalW app (null) cmdline L"winedbg --auto 17 60" 0017:trace:process:find_exe_file looking for L"winedbg" 0017:trace:process:find_exe_file Trying native exe L"C:\windows\system32\winedbg.exe" 0017:trace:process:CreateProcessInternalW starting L"C:\windows\system32\winedbg.exe" as Win64 binary (10000000-10018000, x86_64) 0017:err:seh:start_debugger Couldn't start debugger ("winedbg --auto 17 60") (1115) --- snip ---

The crash during unloading of driver(s) is a different issue ('ObReferenceObjectByHandle' has to return a proper kernel object). I will create a new ticket for that.

$ wine --version wine-3.21-87-g65677e2b2f

Regards