https://bugs.winehq.org/show_bug.cgi?id=45080
--- Comment #5 from aphid.mmonly@gmail.com --- I traced the program through a debugger. It's multithreaded, and the problem happened way earlier in the process. It called out to a d3d11 function. One of the parameters it supplied was a pointer set to null. This pointer is supposed to be changed by d3d11, but wine's implementation did not.
Changing the relevant attributes of this bug to reflect my findings.
Here's where it happens in the application code:
| 0x140337c68 mov qword [rsp + 0x58], 0 | 0x140337c71 mov rax, qword [rbx] | 0x140337c74 lea r8, qword [rsp + 0x58] | 0x140337c79 lea rdx, qword [0x1414a0cd8] | 0x140337c80 mov rcx, rbx | 0x140337c83 call qword [rax]0x00007f9a97b90000 | 0x140337c85 mov rcx, qword [rsp + 0x58] | 0x140337c8a mov rax, qword [rcx]
The call goes out to 0x00007f9a97b9bb71, which is the function offset at 0xbb71 in the D3D11 dll file (the PE), as it was hooked to address 0x00007f9a97b90000. The third attachment goes into more detail what happened in this file.
The program reads out 'rsp + 0x58', possibly some member variable of a class returned. Unfortunately this is null, so when it tries to read it out it fails with a null pointer exception.