https://bugs.winehq.org/show_bug.cgi?id=30185
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Component|-unknown |shell32
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
The app tries to read the icon resource 132 for 'Control Panel' from shell32.dll via 'ExtractAssociatedIconW' which obviously fails because Wine doesn't provide it. Actually, there are multiple problems, the missing icon resource being the less evil thing.
--- snip --- $ WINEDEBUG=+tid,+seh,+relay,+resource,+icon wine ./joshua.exe >>log.txt 2>&1 ... 0024:Starting thread proc 0x10051350 (arg=0x10092558) 0024:Call shell32.ExtractAssociatedIconW(00000000,10067e1c L"shell32.dll",0083e9d8) ret=10056386 0024:Call user32.GetSystemMetrics(0000000b) ret=7e0cefb4 0024:Ret user32.GetSystemMetrics() retval=00000020 ret=7e0cefb4 0024:Call user32.GetSystemMetrics(0000000c) ret=7e0cefc6 0024:Ret user32.GetSystemMetrics() retval=00000020 ret=7e0cefc6 0024:Call user32.PrivateExtractIconsW(10067e1c L"shell32.dll",00000089,00000020,00000020,0083e6c8,00000000,00000001,00000000) ret=7e0cf0d5 0024:trace:icon:PrivateExtractIconsW L"shell32.dll" 137 32x32 0x83e6c8 (nil) 1 0x00000000 0024:trace:icon:ICO_ExtractIconExW L"shell32.dll", 137, 1 (nil) 0x00000000 0024:trace:icon:USER32_GetResourceTable 0x840000 0x83e4d0 0024:warn:icon:ICO_ExtractIconExW nIconIndex 137 is larger than iconDirCount 23 0024:Ret user32.PrivateExtractIconsW() retval=00000000 ret=7e0cf0d5 0024:Call KERNEL32.GetModuleFileNameW(00000000,10067e1c,00000104) ret=7e0c3648 0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf75129d1 ip=f75129d1 tid=0024 0024:trace:seh:raise_exception info[0]=00000001 0024:trace:seh:raise_exception info[1]=10067e1c 0024:trace:seh:raise_exception eax=00115820 ebx=f7543970 ecx=00000054 edx=10067e20 esi=10067e1c edi=00000000 0024:trace:seh:raise_exception ebp=0083e6c8 esp=0083e650 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0024:trace:seh:call_stack_handlers calling handler at 0x7bc9ecab code=c0000005 flags=0 --- snip ---
During fallback lookup it tries to update the user-provided buffer for the module name which is unfortunately living in .rdata section = read-only, causing the fault. The app supplies a constant string literal as buffer, hence it never assumes the buffer is being written to.
Memory map of dll in question:
--- snip --- Address Size Owner Section Description ... 10000000 00001000 ginger_s 10000000 PE header 10001000 00066000 ginger_s 10000000 .text code 10067000 00029000 ginger_s 10000000 .rdata imports,exports 10090000 00004000 ginger_s 10000000 .data data 10094000 00001000 ginger_s 10000000 .rsrc resources 10095000 0000B000 ginger_s 10000000 .reloc relocations ... --- snip ---
App code showing hard-coded buffer and instance handle:
--- snip --- 10056360 83EC 7C SUB ESP,7C 10056363 53 PUSH EBX 10056364 55 PUSH EBP 10056365 56 PUSH ESI 10056366 57 PUSH EDI 10056367 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10] 1005636B 50 PUSH EAX 1005636C 68 1C7E0610 PUSH ginger_s.10067E1C ; const WCHAR* "shell32.dll" 10056371 33ED XOR EBP,EBP 10056373 55 PUSH EBP ; hInstance = NULL 10056374 894C24 28 MOV DWORD PTR SS:[ESP+28],ECX 10056378 C74424 1C 89000000 MOV DWORD PTR SS:[ESP+1C],89 10056380 FF15 50730610 CALL DWORD PTR DS:[<&SHELL32.ExtractAssociatedIconW> ... --- snip ---
Source: http://source.winehq.org/git/wine.git/blob/e330a128d54613d2f7322cc3da2c8a5fe...
(the usual shell32 coding style/indenting inconsistencies aside)
--- snip --- 743 HICON WINAPI ExtractAssociatedIconW(HINSTANCE hInst, LPWSTR lpIconPath, LPWORD lpiIcon) 744 { 745 HICON hIcon = NULL; 746 WORD wDummyIcon = 0; 747 748 TRACE("%p %s %p\n", hInst, debugstr_w(lpIconPath), lpiIcon); 749 750 if(lpiIcon == NULL) 751 lpiIcon = &wDummyIcon; 752 753 hIcon = ExtractIconW(hInst, lpIconPath, *lpiIcon); 754 755 if( hIcon < (HICON)2 ) 756 { if( hIcon == (HICON)1 ) /* no icons found in given file */ ... 768 if( hIcon == (HICON)1 ) 769 *lpiIcon = 2; /* MSDOS icon - we found .exe but no icons in it */ 770 else 771 *lpiIcon = 6; /* generic icon - found nothing */ 772 773 if (GetModuleFileNameW(hInst, lpIconPath, MAX_PATH)) 774 hIcon = LoadIconW(hInst, MAKEINTRESOURCEW(*lpiIcon)); 775 } 776 return hIcon; 777 } --- snip ---
MSDN: https://msdn.microsoft.com/en-us/library/windows/desktop/ms648067%28v=vs.85%...
Maybe on Windows the error path with user-buffer being updated is never hit due to successful icon resource retrieval or a check is done if the user-buffer is writeable. Another explanation could be that the caller provided instance handle is not to be used as fallback lookup. It's not explicitly mentioned in remarks section of the function in MSDN where the lookup sequence is explained.
$ sha1sum SP2Demo.zip fd589918790c82f363f9688842b59f0b7eab77b2 SP2Demo.zip
$ du -sh SP2Demo.zip 165M SP2Demo.zip
$ wine --version wine-1.7.36-16-g748788f
Regards