https://bugs.winehq.org/show_bug.cgi?id=46568
Bug ID: 46568 Summary: 64-bit msxml6.dll from Microsoft Core XML Services 6.0 redist package fails to load (Wine doesn't respect 44-bit user-mode VA limitation from Windows < 8.1) Product: Wine Version: 4.0 Hardware: x86-64 URL: https://download.microsoft.com/download/2/e/0/2e01308a -e17f-4bf9-bf48-161356cf9c81/msxml6_x64.msi OS: Linux Status: NEW Keywords: download, win64 Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
reported by Louis in https://bugs.winehq.org/show_bug.cgi?id=46107#c2
--- quote --- I tried winetricks msxml3 and msxml6, but somehow it didn`t work out in 64-bit wineprefix; i get errors that msxml is not registered etc,
Does anyone know a workaround to use native msxml on 64-bit prefix? --- quote ---
Relevant part of trace log:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Altium/AD18
$ WINEDEBUG=+seh,+relay,+loaddll,+virtual wine64 ./X2.EXE >>log.txt 2>&1 ... 002a:Call KERNEL32.LoadLibraryExW(0053f2b0 L"C:\windows\system32\msxml6.dll",00000000,00000008) ret=7fbe435d7558 ... 002a:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\msxml6.dll" at 0x7ff79e00000: native 002a:Call PE DLL (proc=0x7ff79e0101c,module=0x7ff79e00000 L"msxml6.dll",reason=PROCESS_ATTACH,res=(nil)) ... 002a:Call KERNEL32.HeapCreate(00000001,00000000,00000000) ret=7ff79e18411 002a:trace:virtual:NtAllocateVirtualMemory 0xffffffffffffffff (nil) 00110000 2000 00000004 002a:trace:virtual:map_view got mem with anon mmap 0x7fbe39819000-0x7fbe39929000 002a:trace:virtual:VIRTUAL_DumpView View: 0x7fbe39820000 - 0x7fbe3992ffff (valloc) 002a:trace:virtual:VIRTUAL_DumpView 0x7fbe39820000 - 0x7fbe3992ffff --rw- 002a:trace:virtual:NtAllocateVirtualMemory 0xffffffffffffffff 0x7fbe39820000 00010000 1000 00000004 002a:trace:virtual:mprotect_exec forcing exec permission on 0x7fbe39820000-0x7fbe3982ffff 002a:trace:virtual:VIRTUAL_DumpView View: 0x7fbe39820000 - 0x7fbe3992ffff (valloc) 002a:trace:virtual:VIRTUAL_DumpView 0x7fbe39820000 - 0x7fbe3982ffff c-rw- 002a:trace:virtual:VIRTUAL_DumpView 0x7fbe39830000 - 0x7fbe3992ffff --rw- 002a:Ret KERNEL32.HeapCreate() retval=7fbe39820000 ret=7ff79e18411 ... 002a:Call ntdll.RtlAllocateHeap(7fbe39820000,00000000,00000060) ret=7ff79e03c10 002a:Ret ntdll.RtlAllocateHeap() retval=7fbe39822730 ret=7ff79e03c10 002a:Call msvcrt.memset(7fbe39822740,00000000,00000042) ret=7ff79e03a5a 002a:Ret msvcrt.memset() retval=7fbe39822740 ret=7ff79e03a5a 002a:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x7ff79e03efe ip=7ff79e03efe tid=002a 002a:trace:seh:NtRaiseException info[0]=0000000000000000 002a:trace:seh:NtRaiseException info[1]=ffffffffffffffff 002a:trace:seh:NtRaiseException rax=000000000011b2d0 rbx=6c61567274736270 rcx=0000000000000008 rdx=0000000000000000 002a:trace:seh:NtRaiseException rsi=0000000000007fbe rdi=0000000000000730 rbp=00000ff7c73044e8 rsp=000000000053ea70 002a:trace:seh:NtRaiseException r8=00007fbe39822740 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 002a:trace:seh:NtRaiseException r12=00007fbe39822740 r13=000007ff79f8dc80 r14=00007fbe436c6160 r15=000000000053f708 ... 002a:exception c0000005 in PE entry point (proc=0x7ff79e0101c,module=0x7ff79e00000,reason=PROCESS_ATTACH,res=(nil)) 002a:Ret PE DLL (proc=0x7ff79e0101c,module=0x7ff79e00000 L"msxml6.dll",reason=PROCESS_ATTACH,res=(nil)) retval=0 002a:Call PE DLL (proc=0x7ff79e0101c,module=0x7ff79e00000 L"msxml6.dll",reason=PROCESS_DETACH,res=(nil)) 002a:Ret PE DLL (proc=0x7ff79e0101c,module=0x7ff79e00000 L"msxml6.dll",reason=PROCESS_DETACH,res=(nil)) retval=1 002a:trace:loaddll:free_modref Unloaded module L"C:\windows\system32\msxml6.dll" : native 002a:Ret KERNEL32.LoadLibraryExW() retval=00000000 ret=7fbe435d7558 002a:err:ole:COMPOBJ_DllList_Add couldn't load in-process dll L"C:\windows\system32\msxml6.dll" --- snip ---
It seems that certain older 64-bit components such as Microsoft XML libs make assumptions about the 64-bit user-mode virtual address space layout. This is different from the usual broken apps a la "I failed at porting my 32-bit app to 64-bit" (pointer truncation).
In this case, pointers from certain allocations are broken into multiple parts and used as indices into multi-level lookup tables. Pitfall: there is a 44-bit user-mode VA limitation (8TB) for 64-bit Windows which was lifted starting with Windows 8.1+.
Wine doesn't respect the 44-bit pre-Windows 8.1 virtual address space limits, allowing process heaps to be placed in 0000'7Fxx'0000'0000 range (128 TB) which causes out-of-bounds access to lookup tables when indices overflow (derived from pointer bits). The exception occurs in entry point, causing 'msxml6.dll' to be unloaded.
One workaround is to move Wine's top-down allocations/heaps into 8 TB VA range (Wine preloader) and impose same user-mode address space bits limits as with all 64-bit Windows versions < 8.1 to stay "compatible". I've tested it and it works for native here. Not sure if it's worth to change though.
I don't know if a separate 64-bit MSXML6 re-distributable package exists that has been fixed wrt Windows 8.1+ address space limits. MSXML6 is part of Windows OS for newer versions and automatically kept up-to-date.
$ sha1sum msxml6_x64.msi 1eb84eeae7729ea5db7fe79779f4e216114261ba msxml6_x64.msi
$ du -sh msxml6_x64.msi 2.6M msxml6_x64.msi
$ wine --version wine-4.0-276-g84459ba94b
Regards