http://bugs.winehq.org/show_bug.cgi?id=20554
--- Comment #12 from Roderick Colenbrander thunderbird2k@gmail.com 2009-11-05 09:05:13 --- I did some testing myself. WineD3D calls CreateDIBSection from IWineD3DBaseSurfaceImpl_CreateDIBSection. In that function it asks CreateDIBSection to allocate 640x481x16 (481 because it needs an extra line). On my system the allocate memory is at 0x3110000. (+d3d_surface shows that)
The game crashes in a similar way as on your system: First chance exception: page fault on write access to 0x03124000 in 32-bit code (0x0057d7c9). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:0057d7c9 ESP:0033f0f0 EBP:03124000 EFLAGS:00010216( R- -- I -A-P- ) EAX:00200840 EBX:00000800 ECX:00000000 EDX:000009fe ESI:2e023a72 EDI:0033f4f0 Stack dump: 0x0033f0f0: 0000000a 0000000b 0000000b 0000000b 0x0033f100: 0000000a 0000000a 0000000a 0000000b 0x0033f110: 0000000c 0000000a 0000000a 0000000a 0x0033f120: 00000009 00000008 00000008 00000009 0x0033f130: 0000000a 0000000b 0000000b 0000000b 0x0033f140: 0000000a 0000000a 0000000a 0000000b Backtrace: =>0 0x0057d7c9 in d3dpoptb (+0x17d7c9) (0x03124000)
The memory 0x03124000 is part of the range allocate for the DIBSection namely 0x03110000 - 0x035c2800 (0x03110000+640*481*16). So apparently something goes wrong there.
The problem that it is VERY hard to debug. DIBSections can be modified by directly poking with bits from a program and they can also be modified by GDI calls (in that case a DIBSection is drawn to using X functions). Segmentation faults are used to keep both copies in sync.