https://bugs.winehq.org/show_bug.cgi?id=37585
Bug ID: 37585 Summary: 64-bit Google Chrome 38.x crashes (core dlls must be prelinked at fixed addresses) Product: Wine Version: 1.7.31 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as 64-bit Google Chrome has finally been released I thought to give it a try.
Only useful for improving Wine 64-bit compatibility, not really meant to be used seriously since native port exists.
--- snip --- $ pwd /home/focht/wineprefix64/drive_c/Program Files (x86)/Google/Chrome/Application
$ file chrome.exe chrome.exe: PE32+ executable (GUI) x86-64, for MS Windows
$ WINEDEBUG=+tid,+seh,+relay,+server,+virtual,+module wine64 ./chrome.exe
log.txt 2>&1
... 003f:Call advapi32.CreateProcessAsUserW(000002f8,05fad480 L"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe",0011f680 L""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials=Prerender/PrerenderEnabled/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-P"...,00000000,00000000,00000000,383330300100040c,00000000,00000000,05bbc4d0,05bbbe98) ret=14003e6bb ... 003f: new_process() = 0 { info=0308, pid=0051, phandle=030c, tid=0052, thandle=0310 } 003f: select( flags=2, cookie=05bbadb4, timeout=infinite, prev_apc=0000, result={}, data={WAIT,handles={0308}} ) 003f: select() = PENDING { timeout=infinite, call={APC_NONE}, apc_handle=0000 } 003f: *wakeup* signaled=0 003f: get_new_process_info( info=0308 ) 003f: get_new_process_info() = 0 { success=1, exit_code=259 } 003f: close_handle( handle=0308 ) 003f: close_handle() = 0 003f: close_handle( handle=0304 ) 003f: close_handle() = 0 003f:Ret advapi32.CreateProcessAsUserW() retval=00000001 ret=14003e6bb ... 003f:Call KERNEL32.VirtualAllocEx(0000030c,00000000,0000006c,00001000,00000004) ret=1400443eb 003f:trace:virtual:NtAllocateVirtualMemory 0x30c (nil) 0000006c 1000 00000004 003f: queue_apc( handle=030c, call={APC_VIRTUAL_ALLOC,addr==00000000,size=0000006c,zero_bits=0,op_type=1000,prot=4} ) 003f: queue_apc() = 0 { handle=0304, self=0 } 003f: select( flags=2, cookie=05bbbc14, timeout=infinite, prev_apc=0000, result={}, data={WAIT_ALL,handles={0304}} ) 003f: select() = PENDING { timeout=infinite, call={APC_NONE}, apc_handle=0000 } 003f: *wakeup* signaled=0 003f: get_apc_result( handle=0304 ) 003f: get_apc_result() = 0 { result={APC_VIRTUAL_ALLOC,status=0,addr=00240000,size=00001000} } 003f:Ret KERNEL32.VirtualAllocEx() retval=00240000 ret=1400443eb 003f:Call KERNEL32.WriteProcessMemory(0000030c,00240000,00113070,0000006c,05bbc350) ret=14004440f 003f: write_process_memory( handle=030c, addr=00240000, data={01,00,00,00,00,00,00,00,00,00,00,00,60,00,00,00,00,00,00,00,30,00,00,00,00,00,00,00,01,00,00,00,00,33,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00,30,00,00,00,00,00,00,00,02,00,00,00,0e,00,00,00,78,e0,04,40,01,00,00,00,43,72,65,61,74,65,4e,61,6d,65,64,50,69,70,65,57,00,00,00,00,01,00,11,00} ) 003f: write_process_memory() = 0 003f:Ret KERNEL32.WriteProcessMemory() retval=00000001 ret=14004440f .... 003f:Call KERNEL32.VirtualAllocEx(0000030c,0025c000,00001000,00001000,100000040) ret=140044b18 003f:trace:virtual:NtAllocateVirtualMemory 0x30c 0x25c000 00001000 1000 00000040 003f: queue_apc( handle=030c, call={APC_VIRTUAL_ALLOC,addr==0025c000,size=00001000,zero_bits=0,op_type=1000,prot=40} ) 003f: queue_apc() = 0 { handle=0304, self=0 } 003f: select( flags=2, cookie=05bbbb94, timeout=infinite, prev_apc=0000, result={}, data={WAIT_ALL,handles={0304}} ) 003f: select() = PENDING { timeout=infinite, call={APC_NONE}, apc_handle=0000 } 003f: *wakeup* signaled=0 003f: get_apc_result( handle=0304 ) 003f: get_apc_result() = 0 { result={APC_VIRTUAL_ALLOC,status=0,addr=0025c000,size=00001000} } 003f:Ret KERNEL32.VirtualAllocEx() retval=0025c000 ret=140044b18 003f:Call KERNEL32.GetModuleHandleW(14007d2b0 L"ntdll.dll") ret=1400447aa 003f:trace:module:LdrGetDllHandle L"ntdll.dll" -> 0x7fa7c6270000 (load path L"C:\Program Files (x86)\Google\Chrome\Application;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem") 003f:Ret KERNEL32.GetModuleHandleW() retval=7fa7c6270000 ret=1400447aa 003f:Call KERNEL32.GetModuleHandleExW(00000006,7fa7c6273fe0,05bbc0e0) ret=1400447f5 003f:Ret KERNEL32.GetModuleHandleExW() retval=00000001 ret=1400447f5 ... 003f:Call KERNEL32.ReadProcessMemory(0000030c,7fa7c627462c,05bbc010,00000020,05bbc040) ret=14004e728 003f: read_process_memory( handle=030c, addr=7fa7c627462c ) 003f: read_process_memory() = ACCESS_VIOLATION { data={} } 003f:Ret KERNEL32.ReadProcessMemory() retval=00000000 ret=14004e728 ... 003f:Call KERNEL32.GetLastError() ret=14003bb29 003f:Ret KERNEL32.GetLastError() retval=000003e6 ret=14003bb29 003f:Call KERNEL32.TerminateProcess(0000030c,00000000) ret=14003eafd 003f: terminate_process( handle=030c, exit_code=0 ) 003f: terminate_process() = 0 { self=0 } 003f:Ret KERNEL32.TerminateProcess() retval=00000001 ret=14003eafd 003f:Call KERNEL32.WaitForSingleObject(0000030c,00000032) ret=14003e406 003f: select( flags=2, cookie=05bbbdc4, timeout=+0.0500000, prev_apc=0000, result={}, data={WAIT,handles={030c}} ) 003f: select() = 0 { timeout=1d0037eb30ca43e (+0.0500000), call={APC_NONE}, apc_handle=0000 } 003f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=14003e406 003f:Call KERNEL32.GetExitCodeProcess(0000030c,05bbc3d0) ret=14003e414 003f: get_process_info( handle=030c ) 003f: get_process_info() = 0 { pid=0051, ppid=0008, affinity=0000000f, peb=7fffff7ef000, start_time=1d0037eb2fe710c (-0.0431540), end_time=1d0037eb304b832 (-0.0020110), exit_code=0, priority=2, cpu=x86_64, debugger_present=0 } 003f:Ret KERNEL32.GetExitCodeProcess() retval=00000001 ret=14003e414 ... 003f:trace:seh:raise_exception code=80000003 flags=0 addr=0x14001d86d ip=14001d86d tid=003f 003f:trace:seh:raise_exception rax=0000000000000000 rbx=00000001400a3f88 rcx=0000000005bbeb1f rdx=0000000005bbeae0 003f:trace:seh:raise_exception rsi=0000000000110980 rdi=000000000000dead rbp=0000000005bbc500 rsp=0000000005bbc3d0 003f:trace:seh:raise_exception r8=0000003071e48cfd r9=000000000000001e r10=0000000000000000 r11=0000003071f811c0 003f:trace:seh:raise_exception r12=0000000000101160 r13=0000000000101140 r14=0000000000075680 r15=000000000000dead --- snip ---
Child process address space for 64-bit 'ntdll.dll':
--- snip --- 0054:trace:module:load_dll looking for L"ntdll.dll" in L"C:\Program Files (x86)\Google\Chrome\Application;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem" 0054:trace:module:load_dll Found L"C:\windows\system32\ntdll.dll" for L"ntdll.dll" at 0x7f3184050000, count=3 0054:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0x7f317d8f9bc0 000002d0 00000004 0054:trace:virtual:VIRTUAL_SetProt 0x7f317d8f9000-0x7f317d8f9fff c-rW- 0054:trace:virtual:VIRTUAL_DumpView View: 0x7f317d680000 - 0x7f317d8fbfff (system) 0054:trace:virtual:VIRTUAL_DumpView 0x7f317d680000 - 0x7f317d680fff c-r-- 0054:trace:virtual:VIRTUAL_DumpView 0x7f317d681000 - 0x7f317d8f4fff c-r-x 0054:trace:virtual:VIRTUAL_DumpView 0x7f317d8f5000 - 0x7f317d8f8fff c-rw- 0054:trace:virtual:VIRTUAL_DumpView 0x7f317d8f9000 - 0x7f317d8f9fff c-rW- 0054:trace:virtual:VIRTUAL_DumpView 0x7f317d8fa000 - 0x7f317d8fbfff c-rw- --- snip ---
App sandboxing scheme at work, setting up intermediate trampoline code in the child and then patch out the API entries.
Unfortunately the code relies on 64-bit Windows core dlls being mapped at the same (fixed) locations across processes hence it fails here, triggering abort in the parent. Probably same rationale applies here as for 32-bit Windows core dlls.
$ sha1sum googlechromestandaloneenterprise64.msi 586f91c05925e22fd5f891aa3e99e1cb9762950a googlechromestandaloneenterprise64.msi
$ du -sh googlechromestandaloneenterprise64.msi 47M googlechromestandaloneenterprise64.msi
$ wine --version wine-1.7.31-47-g516ed8e
Regards