https://bugs.winehq.org/show_bug.cgi?id=47017
Bug ID: 47017 Summary: Symantec Eraser Control Driver 'eeCtrl64.sys' (Norton 360) crashes on unimplemented function ntoskrnl.exe.IoGetStackLimits Product: Wine Version: 4.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says. Happens during installation (first time kernel service/driver install/load).
--- snip --- $ WINEDEBUG=+seh,+relay,+msi,+ntoskrnl wine ./N360-TW-21.1.0-EN.exe >>log.txt 2>&1 ... 002d:Call advapi32.CreateServiceW(0d8d87d0,0d9bb980 L"eeCtrl",1f9177f0 L"Symantec Eraser Control driver",80000002,00000001,00000001,00000001,0d9c7018 L"C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys",00000000,00000000,00000000,00000000,00000000) ret=1f87019e ... 007c:trace:ntoskrnl:load_driver_module L"C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys": relocating from 0x10000 to 0x450000 ... 007c:Call driver init 0x4b6118 (obj=0x278c0,str=L"\Registry\Machine\System\CurrentControlSet\Services\eeCtrl") ... 007c:trace:ntoskrnl:IoCreateSymbolicLink L"\??\EraserCtrlDrv" -> L"\Device\EraserCtrlDrv" ... 007c:Call ntoskrnl.exe.RtlInitUnicodeString(0032f370,0002f750 L"C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT") ret=0046a48a ... 007c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=00000092 ret=0046a48a 007c:Call ntoskrnl.exe.ZwOpenKey(0032f350,00020019,0032f2b0) ret=0046ca8d 007c:Call ntdll.NtOpenKey(0032f350,00020019,0032f2b0) ret=7bc8de2f 007c:Ret ntdll.NtOpenKey() retval=00000000 ret=7bc8de2f 007c:Ret ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=0046ca8d 007c:Call ntoskrnl.exe.RtlInitUnicodeString(0032f2a0,004565b8 L"Started") ret=0046c9ee 007c:Call ntdll.RtlInitUnicodeString(0032f2a0,004565b8 L"Started") ret=7bc8de2f ... 007c:Ret ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=0046ca8d 007c:Call KERNEL32.RaiseException(80000100,00000001,00000002,0032f220) ret=7fe82b71c7a9 007c:trace:seh:NtRaiseException code=80000100 flags=1 addr=0x7b452d3c ip=7b452d3c tid=007c 007c:trace:seh:NtRaiseException info[0]=00007fe82b71c7cd 007c:trace:seh:NtRaiseException info[1]=00007fe82b71e2b4 wine: Call from 0x7b452d3c to unimplemented function ntoskrnl.exe.IoGetStackLimits, aborting ... --- snip ---
On WINEPREFIX bootstrapping after installation it runs into bug 47014 (service is autostart).
One purpose/use-case of the function is mentioned here:
https://community.osr.com/discussion/280922
--- quote --- I want to know, what is stack based file object? In my minifilter, I am using file object from post-create callback for reading file, I used IoGetStackLimit to check if it is stack based file object or not. --- quote ---
An actual usage example can be found in Microsoft driver examples on Github:
https://github.com/Microsoft/Windows-driver-samples/blob/6c1981b850432952134...
--- snip ---
/*++ Routine Description: Frees the buffer of an string (STRING, UNICODE_STRING, ANSI_STRING, OEM_STRING) structure if it is not within the current thread's stack limits. Regardless of action performed, on exit String->Buffer will be set to NULL and String->MaximumLength to zero. Arguments: String - pointer to string structure --*/
{ ULONG_PTR High, Low; PSTRING LocalString = String;
PAGED_CODE();
if (NULL != LocalString->Buffer) {
IoGetStackLimits( &Low, &High );
if (((ULONG_PTR)(LocalString->Buffer) < Low) || ((ULONG_PTR)(LocalString->Buffer) > High)) {
ExFreePool( LocalString->Buffer); }
LocalString->Buffer = NULL; }
LocalString->MaximumLength = LocalString->Length = 0; } --- snip ---
https://github.com/Microsoft/Windows-driver-samples/blob/6c1981b850432952134...
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl...
--- snip --- 408 @ stub IoGetStackLimits --- snip ---
$ sha1sum N360-TW-21.1.0-EN.exe aa05ccf9668e166ef28923d451f1c2ecad6f75f1 N360-TW-21.1.0-EN.exe
$ du -sh N360-TW-21.1.0-EN.exe 203M N360-TW-21.1.0-EN.exe
$ wine --version wine-4.6
Regards