[Bug 49165] Multiple kernel drivers crash in entry point due to 'IoGetDeviceObjectPointer' returning a stub device when the device object doesn't exist (VeraCrypt 1.24 'veracrypt_x64.sys', NAV 2010 'ccHPx64.sys', Protect DiSC 'acedrv11.sys')

1 Jul 2021


      https://bugs.winehq.org/show_bug.cgi?id=49165
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Multiple kernel drivers     |Multiple kernel drivers
                   |crash in entry point due to |crash in entry point due to
                   |'IoGetDeviceObjectPointer'  |'IoGetDeviceObjectPointer'
                   |returning a stub device     |returning a stub device
                   |when the device object      |when the device object
                   |doesn't exist (VeraCrypt    |doesn't exist (VeraCrypt
                   |1.24 'veracrypt_x64.sys',   |1.24 'veracrypt_x64.sys',
                   |NAV 2010 'ccHPx64.sys')     |NAV 2010 'ccHPx64.sys',
                   |                            |Protect DiSC
                   |                            |'acedrv11.sys')
           Keywords|                            |obfuscation
--- Comment #5 from Anastasius Focht focht@gmx.net ---
Hello folks,
revisiting, still present.
Adding another driver 'acedrv11.sys' from 'Protect DiSC' DRM scheme
(continuation of bug 39734)
https://web.archive.org/web/20210701055235/https://dl.4players.de/f1/pc/cobr...
NOTE: The driver service startup suffers from bug 50431 (remove 'WOW64' driver
key).
--- snip ---
$ pwd
/home/focht/.wine/drive_c/windows/system32/drivers
$ file acedrv11.sys 
acedrv11.sys: PE32+ executable (native) x86-64, for MS Windows
--- snip ---
--- snip ---
$ WINEDEBUG=+seh,+relay,+server,+ntoskrnl,+loaddll,+module wine net start
acedrv11 >>log.txt 2>&1
...
0120:trace:loaddll:build_module Loaded
L"C:\windows\system32\drivers\acedrv11.sys" at 0000000000DC0000: native
...
0120:trace:module:process_attach (L"acedrv11.sys",0000000000000000) - START
0120:Call LDR notification callback
(proc=0000000000367A00,reason=1,data=0000000000C7F2A0,context=0000000000000000)
...
0120:trace:ntoskrnl:ldr_notify_callback loading L"acedrv11.sys" 
...
0120:Ret  LDR notification callback
(proc=0000000000367A00,reason=1,data=0000000000C7F2A0,context=0000000000000000)
0120:trace:module:process_attach (L"acedrv11.sys",0000000000000000) - END
0120:Ret  ntdll.LdrLoadDll() retval=00000000 ret=7b020d66
...
0120:Ret  kernelbase.LoadLibraryExW() retval=00dc0000 ret=7bc42e5f
0120:Ret  KERNEL32.LoadLibraryExW() retval=00dc0000 ret=003664b6
...
0120:Call driver init 0000000000DE9008
(obj=0000000000173930,str=L"\Registry\Machine\System\CurrentControlSet\Services\acedrv11")
...
0120:Call
ntoskrnl.exe.IoCreateDevice(00173930,00000048,00c7f6c8,00000022,00000000,00000000,00c7f6c0)
ret=00e09947
...
0120:trace:ntoskrnl:IoCreateDevice (0000000000173930, 72,
L"\Device\PCDDRV11", 34, 0, 0, 0000000000C7F6C0)
0120:Call ntdll.RtlAllocateHeap(00140000,00000008,000001a8) ret=00361a7e
0120:Ret  ntdll.RtlAllocateHeap() retval=001742a0 ret=00361a7e
0120: create_device( rootdir=0000, user_ptr=001742b0, manager=0040,
name=L"\Device\PCDDRV11" )
0120: create_device() = 0
0034:Call ntdll.RtlEnterCriticalSection(7f9c6bdbea20) ret=7f9c6bd6bd9d
0120:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=00e09947
...
0120:Call ntoskrnl.exe.IoCreateSymbolicLink(00c7f6f8,00c7f6c8) ret=00e0996f
...
0120:trace:ntoskrnl:IoCreateSymbolicLink L"\DosDevices\ACEDRV11" ->
L"\Device\PCDDRV11"
0120:Call ntdll.NtCreateSymbolicLinkObject(00c7f5b0,000f0001,00c7f5b8,00c7f6c8)
ret=00361ffd
0120: create_symlink( access=000f0001,
objattr={rootdir=0000,attributes=000000d0,sd={},name=L"\DosDevices\ACEDRV11"},
target_name=L"\Device\PCDDRV11" )
0120: create_symlink() = 0 { handle=0048 }
0120:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=00361ffd
...
0120:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=00e0996f
...
0120:Call
ntoskrnl.exe.IoGetDeviceObjectPointer(00c7f6c8,00000080,00c7f740,00c7f738)
ret=00dc86fe
...
0120:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\DosDevices\CdRom0" 80
0000000000C7F740 0000000000C7F738
0120:Ret  ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=00dc86fe
0120:Call ntoskrnl.exe.ExAllocatePool(00000000,000000b8) ret=00de1064
0120:Call ntdll.RtlAllocateHeap(00a00000,00000000,000000b8) ret=0035ffc8
0120:Ret  ntdll.RtlAllocateHeap() retval=00a00470 ret=0035ffc8
0120:trace:ntoskrnl:ExAllocatePoolWithTag 184 pool 0 -> 0000000000A00470
0120:Ret  ntoskrnl.exe.ExAllocatePool() retval=00a00470 ret=00de1064
0120:Call ntoskrnl.exe.KeInitializeEvent(00a00478,00000000,00000000)
ret=00de1187
0120:trace:ntoskrnl:KeInitializeEvent event 0000000000A00478, type 0, state 0.
0120:Ret  ntoskrnl.exe.KeInitializeEvent() retval=00000029 ret=00de1187
0120:Call
ntoskrnl.exe.IoBuildSynchronousFsdRequest(00000003,0038d5c8,00de6ec0,00000060,00c7f650,00a00478,00c7f658)
ret=00e0bc4b
0120:trace:ntoskrnl:IoBuildSynchronousFsdRequest (3 000000000038D5C8
0000000000DE6EC0 96 0000000000C7F650 0000000000C7F658)
0120:trace:ntoskrnl:IoBuildAsynchronousFsdRequest (3 000000000038D5C8
0000000000DE6EC0 96 0000000000C7F650 0000000000C7F658)
0120:trace:ntoskrnl:IoAllocateIrp -128, 0
0120:Call ntdll.RtlAllocateHeap(00a00000,00000000,00000310) ret=0035fea9
0120:Ret  ntdll.RtlAllocateHeap() retval=00a00540 ret=0035fea9
0120:trace:ntoskrnl:ExAllocatePoolWithTag 784 pool 0 -> 0000000000A00540
0120:trace:ntoskrnl:IoInitializeIrp 0000000000A00540, 784, -128
0120:Call msvcrt.memset(00a00540,00000000,00000310) ret=0035ff43
0120:Ret  msvcrt.memset() retval=00a00540 ret=0035ff43
0120:trace:seh:dispatch_exception code=c0000005 flags=0 addr=0000000000360A9E
ip=0000000000360A9E tid=0120
0120:trace:seh:dispatch_exception  info[0]=0000000000000001
0120:trace:seh:dispatch_exception  info[1]=00000000009fe1c8
0120:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception
(code=c0000005) raised
0120:trace:seh:dispatch_exception  rax=0000000000a00540 rbx=0000000000000003
rcx=0000000000c9ea80 rdx=0000000000000000
0120:trace:seh:dispatch_exception  rsi=000000000038d5c8 rdi=0000000000a00540
rbp=0000000000c7f480 rsp=0000000000c7f430
0120:trace:seh:dispatch_exception   r8=0000000000000000  r9=0000000000000030
r10=00007f732f8a6768 r11=0000000000000000
0120:trace:seh:dispatch_exception  r12=00000000009fe210 r13=0000000000c7f650
r14=0000000000000060 r15=0000000000de6ec0
0120:trace:seh:call_vectored_handlers calling handler at 000000000035D380
code=c0000005 flags=0
0120:trace:seh:call_vectored_handlers handler at 000000000035D380 returned 0 
...
wine: Unhandled page fault on write access to 00000000009FE1C8 at address
0000000000360A9E (thread 0120), starting debugger... 
--- snip ---
$ sha1sum BurningWheelsDemo.exe 
6dc03653b97a0336a5c57fc4b04af61e3ebcee5e  BurningWheelsDemo.exe
$ du -sh BurningWheelsDemo.exe 
286M    BurningWheelsDemo.exe
$ wine --version
wine-6.11-235-g7f1623bc626
Regards
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 49165] Multiple kernel drivers crash in entry point due to 'IoGetDeviceObjectPointer' returning a stub device when the device object doesn't exist (VeraCrypt 1.24 'veracrypt_x64.sys', NAV 2010 'ccHPx64.sys', Protect DiSC 'acedrv11.sys')