[Bug 49059] Crash while opening regedit.exe due to unimplemented function kernel32.dll.ResolveDelayLoadedAPI

https://bugs.winehq.org/show_bug.cgi?id=49059

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net

--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,

--- quote --- Very old version of WINE, it has been long fixed. --- quote ---

if you look closely there are suspicious things in his backtrace.

--- snip --- Unhandled exception: unimplemented function kernel32.dll.ResolveDelayLoadedAPI called in 32-bit code (0x7bc4cf69). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7bc4cf69 ESP:006ff834 EBP:006ff8a8 EFLAGS:00000212( - -- I -A- - ) EAX:00417c62 EBX:7bcbe000 ECX:006ffd10 EDX:00113ee0 ESI:006ff84c EDI:00111f98 Stack dump: 0x006ff834: 00000000 00000000 7bc4cf43 00000000 0x006ff844: 00000000 00000000 80000100 00000001 0x006ff854: 00000000 7bc4cf69 00000002 00418868 0x006ff864: 00417c62 00000000 00000000 00000000 0x006ff874: 00000000 00000000 00000000 00000002 0x006ff884: 00220000 00000728 7bcbe000 00000000 Backtrace: =>0 0x7bc4cf69 call_dll_entry_point+0x449() in ntdll (0x006ff8a8) 0x7bc4cf69 call_dll_entry_point+0x449 in ntdll: addl $12,%esp Modules: Module Address Debug info Name (21 modules) PE 400000- 4f2000 Deferred regedit ELF 7b800000-7ba54000 Deferred kernel32<elf> -PE 7b810000-7ba54000 \ kernel32 ELF 7bc00000-7bcda000 Dwarf ntdll<elf> -PE 7bc10000-7bcda000 \ ntdll ELF 7bf00000-7bf04000 Deferred <wine-loader> ELF 7ec33000-7ece2000 Deferred msvcrt<elf> -PE 7ec50000-7ece2000 \ msvcrt ELF 7ece2000-7ed4e000 Deferred advapi32<elf> -PE 7ecf0000-7ed4e000 \ advapi32 ELF 7ed4e000-7ed61000 Deferred libnss_files.so.2 ELF 7ed61000-7ed6e000 Deferred libnss_nis.so.2 ELF 7ed6e000-7ed89000 Deferred libnsl.so.1 ELF 7ed89000-7ed93000 Deferred libnss_compat.so.2 ELF 7ef93000-7efe8000 Deferred libm.so.6 ELF f7406000-f740b000 Deferred libdl.so.2 ELF f740b000-f75c1000 Deferred libc.so.6 ELF f75c1000-f75de000 Deferred libpthread.so.0 ELF f75f6000-f77ab000 Dwarf libwine.so.1 ELF f77ac000-f77d1000 Deferred ld-linux.so.2 ELF f77d3000-f77d4000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) ... 00000023 Zorro.exe 00000026 0 00000025 0 00000024 0 00000028 (D) C:\windows\regedit.exe 00000043 0 <== System information: Wine build: wine-1.6.2 Platform: i386 (WOW64) Host system: Linux Host version: 4.8.0-34-generic --- snip ---

Builtin 'regedit' from Wine 1.6.2 release should never get mapped at address 0x400000 which is the default load address for win32 executables. Only with more recent Wine 5.x releases Wine *PE* builtins are mapped there as well (cross-compiled to PE format using MinGW toolchain).

Possibilities:

1) OP used Wine 5.x release to create the WINEPREFIX and downgraded for whatever reason to Wine 1.6.2 while reusing the same prefix. There are various scenarios where such prefix downgrade can simply fail, resulting in a corrupted prefix (mixed up binaries, incompatible folder layout, registry settings)

2) OP didn't change Internet surfing habits when switching from Windows to Linux and still continues to downloaded and run executables from questionable sites which potentially contain malware. Process list FTW.

3) native 'regedit' from newer Windows -> unlikely

Regards