http://bugs.winehq.org/show_bug.cgi?id=33849
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Keywords| |download, obfuscation, | |win64 URL| |http://www.tagesprotection. | |com/5.5/TagesSetup_x64.exe Platform|arm64 |x86-64 Component|-unknown |ntdll CC| |focht@gmx.net Resolution|DUPLICATE | Ever Confirmed|0 |1 Summary|Unhandled exception: page |Tages 64-bit software |fault on read access to |protection driver crashes |0xfffff78000000014 in |on access to |64-bit code |KI_USER_SHARED_DATA range |(0x000000000048e10f). |(0xfffff78000000000)
--- Comment #5 from Anastasius Focht focht@gmx.net 2013-06-21 15:09:47 CDT --- Hello folks,
just closing bugs as dupe of some metabug because of "it looks like" won't do any good.
The problem here can be indeed treated as isolated issue.
--- snip --- Unhandled exception: page fault on read access to 0xfffff78000000320 in 64-bit code (0x00000000004561b0). Register dump: rip:00000000004561b0 rsp:000000000043ddc8 rbp:000000000043deb0 eflags:00010246 ( R- -- I Z- -P- ) rax:fffff78000000320 rbx:00007fffff7ef000 rcx:0000000000452100 rdx:00002b992ddfa232 rsi:000000000043e100 rdi:00007f1fc06ea580 r8:000000000043e100 r9:00007f1fc06ea5e0 r10:0000000000000008 r11:0000003be2f7c950 r12:0000000000000000 r13:00007ffff3cd3cb0 r14:000000000043f700 r15:0000000000000000 Stack dump: ... Backtrace: =>0 0x00000000004561b0 in atksgt.sys (+0x161b0) (0x000000000043deb0) 1 0x00000000004561ef in atksgt.sys (+0x161ee) (0x000000000043deb0) 2 0x00007f1fc04e8167 init_driver+0x138(module=0x440000, keyname=0x43e100) [/home/focht/projects/wine/wine-git/programs/winedevice/device.c:154] in winedevice (0x000000000043deb0) 3 0x00007f1fc04e8929 load_driver+0x569() [/home/focht/projects/wine/wine-git/programs/winedevice/device.c:254] in winedevice (0x000000000043e1b0) 4 0x00007f1fc04e8cc3 ServiceMain+0x16b(argc=0x1, argv=0x118f0) [/home/focht/projects/wine/wine-git/programs/winedevice/device.c:308] in winedevice (0x000000000043e2e0) 5 0x00007f1fc029fe84 service_thread+0x238(arg=0x10d70) [/home/focht/projects/wine/wine-git/dlls/advapi32/service.c:302] in advapi32 (0x000000000043e480) 6 0x00007f1fc6d84c7b call_thread_func+0x4e(entry=0x7f1fc029fc4b, arg=0x10d70, frame=0x43e5e0) [/home/focht/projects/wine/wine-git/dlls/ntdll/signal_x86_64.c:3230] in ntdll (0x000000000043e5d0) ... 0x00000000004561b0: movq (%rax),%rax Modules: Module Address Debug info Name (28 modules) PE 440000- 457000 Export atksgt.sys ELF 7b800000- 7bb3e000 Deferred kernel32<elf> -PE 7b820000- 7bb3e000 \ kernel32 ... Threads: process tid prio (all id:s are in hex) ... 00000012 (D) C:\windows\system32\winedevice.exe 00000019 0 <== 00000017 0 00000013 0 --- snip ---
Disassembly of relevant driver code snippet:
--- snip --- ... 00000000004561A6 mov rax, 0FFFFF78000000320h 00000000004561B0 mov rax, [rax] 00000000004561B3 xor rax, rcx ... --- snip ---
The address lies within the range of kernel mode shadow mapping of USER_SHARED_DATA for x64.
See: http://www.virtualbox.org/svn/vbox/trunk/src/VBox/Debugger/DBGPlugInWinNt.cp...
--- snip --- /** KI_USER_SHARED_DATA for i386 */ #define NTKUSERSHAREDDATA_WINNT32 UINT32_C(0xffdf0000) /** KI_USER_SHARED_DATA for AMD64 */ #define NTKUSERSHAREDDATA_WINNT64 UINT64_C(0xfffff78000000000) --- snip ---
Unfortunately that memory range can't be mapped in Linux user process address space. One way could be to handle traps specifically for this address range and emulate member accesses (shadow data structure).
The driver seems to access only two members of KI_USER_SHARED_DATA:
KI_USER_SHARED_DATA+0x014 -> SharedSystemTime KI_USER_SHARED_DATA+0x320 -> SharedTickCount
Regards