http://bugs.winehq.org/show_bug.cgi?id=23455
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW URL|http://www.safer-networking |http://www.spybotupdates.bi |.org/en/filealyzer/index.ht |z/files/filealyz-1.6.0.4.ex |ml |e Component|-unknown |imagehlp CC| |focht@gmx.net Ever Confirmed|0 |1 Summary|Filealyzer can't load PE |FileAlyzer 1.6.0.4 can't |images |load PE images (needs | |imagehlp.ImageLoad and | |imagehlp.ImageUnload | |implementation)
--- Comment #8 from Anastasius Focht focht@gmx.net 2011-11-22 15:56:14 CST --- Hello,
confirming, still present. Looking at screenshot from comment #1, app version 1.6.0.4 is the culprit.
Newer 2.x versions seem to work better.
--- snip --- 0023:Call imagehlp.ImageLoad(00ac46d8 "DelZip179.dll",00a705d8 "C:\Program Files (x86)\Safer Networking\FileAlyzer\") ret=005a39f5 0023:fixme:imagehlp:ImageLoad (DelZip179.dll, C:\Program Files (x86)\Safer Networking\FileAlyzer): stub 0023:Call ntdll.RtlAllocateHeap(0077c000,00000000,00000030) ret=68d8446b 0023:Ret ntdll.RtlAllocateHeap() retval=0077c138 ret=68d8446b 0023:Call ntdll.RtlAllocateHeap(0077c000,00000000,000000f8) ret=68d84495 0023:Ret ntdll.RtlAllocateHeap() retval=0077c170 ret=68d84495 0023:Ret imagehlp.ImageLoad() retval=0077c138 ret=005a39f5 0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x5a3a26 ip=005a3a26 tid=0023 0023:trace:seh:raise_exception info[0]=00000000 0023:trace:seh:raise_exception info[1]=0000000c 0023:trace:seh:raise_exception eax=00000000 ebx=00ad3218 ecx=0077c138 edx=00000000 esi=00000000 edi=00000000 0023:trace:seh:raise_exception ebp=0032ddd0 esp=0032dd90 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210246 0023:trace:seh:call_vectored_handlers calling handler at 0x72f7ee66 code=c0000005 flags=0 0023:trace:seh:call_vectored_handlers handler at 0x72f7ee66 returned 0 0023:trace:seh:call_stack_handlers calling handler at 0x5a3a72 code=c0000005 flags=0 --- snip ---
The Delphi app uses madExcept library which gives some insight what it tried to do (reading PE header):
--- snip --- main thread ($9): 00668cdd +7e9 FileAlyzer.exe FormUnitFileAlyzerMain 2319 +89 TformFileAlyzerMain.ReadPEHeader 00678baa +082 FileAlyzer.exe FormUnitFileAlyzerMain 5320 +10 TformFileAlyzerMain.ActivateTab 00678f84 +0c0 FileAlyzer.exe FormUnitFileAlyzerMain 5403 +9 TformFileAlyzerMain.pcMainChange 004d62b1 +015 FileAlyzer.exe ComCtrls 4421 +1 TCustomTabControl.Change 004d7695 +041 FileAlyzer.exe ComCtrls 5169 +8 TPageControl.Change ... --- snip ---
If you implement ImageLoad (MapAndLoad) and ImageUnload (UnMapAndLoad) the app displays PE header/section info properly.
--- snip --- 0041:Call imagehlp.ImageLoad(00acd528 "DelZip179.dll",00a692a8 "C:\Program Files (x86)\Safer Networking\FileAlyzer\") ret=005a39f5 0041:fixme:imagehlp:ImageLoad (DelZip179.dll, C:\Program Files (x86)\Safer Networking\FileAlyzer): stub 0041:Call ntdll.RtlAllocateHeap(0077c000,00000000,00000030) ret=6c5c446b 0041:Ret ntdll.RtlAllocateHeap() retval=0077c138 ret=6c5c446b 0041:trace:imagehlp:MapAndLoad (DelZip179.dll, C:\Program Files (x86)\Safer Networking\FileAlyzer, 0x77c138, 1, 0) 0041:Call KERNEL32.SearchPathA(00a692a8 "C:\Program Files (x86)\Safer Networking\FileAlyzer\",00acd528 "DelZip179.dll",6c5c7c88 ".DLL",00000104,0032db60,00000000) ret=6c5c46fb 0041:Ret KERNEL32.SearchPathA() retval=00000040 ret=6c5c46fb 0041:Call KERNEL32.CreateFileA(0032db60 "C:\Program Files (x86)\Safer Networking\FileAlyzer\DelZip179.dll",c0000000,00000001,00000000,00000003,00000000,00000000) ret=6c5c4763 0041:Ret KERNEL32.CreateFileA() retval=000000e4 ret=6c5c4763 0041:Call KERNEL32.CreateFileMappingA(000000e4,00000000,08000004,00000000,00000000,00000000) ret=6c5c4813 0041:Ret KERNEL32.CreateFileMappingA() retval=000000e8 ret=6c5c4813 0041:Call KERNEL32.MapViewOfFile(000000e8,00000002,00000000,00000000,00000000) ret=6c5c48bb 0041:Ret KERNEL32.MapViewOfFile() retval=029c0000 ret=6c5c48bb 0041:Call KERNEL32.CloseHandle(000000e8) ret=6c5c48cc 0041:Ret KERNEL32.CloseHandle() retval=00000001 ret=6c5c48cc 0041:Call ntdll.RtlImageNtHeader(029c0000) ret=6c5c4943 0041:Ret ntdll.RtlImageNtHeader() retval=029c0200 ret=6c5c4943 0041:Call ntdll.RtlAllocateHeap(00110000,00000000,00000041) ret=6c5c49fa 0041:Ret ntdll.RtlAllocateHeap() retval=027e2d68 ret=6c5c49fa 0041:Call KERNEL32.GetFileSize(000000e4,00000000) ret=6c5c4a78 0041:Ret KERNEL32.GetFileSize() retval=0003e5a0 ret=6c5c4a78 0041:Ret imagehlp.ImageLoad() retval=0077c138 ret=005a39f5 ... 0041:Call imagehlp.ImageUnload(0077c138) ret=005a3a68 0041:trace:imagehlp:ImageUnload (0x77c138) 0041:Call ntdll.RtlFreeHeap(00110000,00000000,027e2d68) ret=6c5c4baa 0041:Ret ntdll.RtlFreeHeap() retval=00000001 ret=6c5c4baa 0041:Call KERNEL32.UnmapViewOfFile(029c0000) ret=6c5c4bc5 0041:Ret KERNEL32.UnmapViewOfFile() retval=00000001 ret=6c5c4bc5 0041:Call KERNEL32.CloseHandle(000000e4) ret=6c5c4be1 0041:Ret KERNEL32.CloseHandle() retval=00000001 ret=6c5c4be1 0041:Ret imagehlp.ImageUnload() retval=00000000 ret=005a3a68 --- snip ---
$ wine --version wine-1.3.33-62-g35b9c42
$ sha1sum filealyz-1.6.0.4.exe a06a60694c76bef76abe652454de8ef45475044f filealyz-1.6.0.4.exe
Regards