https://bugs.winehq.org/show_bug.cgi?id=44880
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |ntdll Keywords| |win64 CC| |focht@gmx.net Summary|Latest dev build of Mod |64-bit Mod Organizer 2.1.2 |Organizer 2 fails to |dev6-Silarn-prerelease |initialize dlls |fails to load | |'usvfs_x64.dll', needs | |'ntdll.RtlDosPathNameToRela | |tiveNtPathName_U_WithStatus | |'
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming too.
--- snip --- $ WINEDEBUG=+seh,+relay,+module wine ./ModOrganizer.exe >>log.txt 2>&1 ... 0030:Call PE DLL (proc=0xd4b068,module=0xc80000 L"usvfs_x64.dll",reason=PROCESS_ATTACH,res=0x23fb00) 0030:Call KERNEL32.LoadLibraryExW(00dcd320 L"api-ms-win-core-synch-l1-2-0",00000000,00000800) ret=00d6ab15 ... 0030:Call KERNEL32.GetModuleHandleW(00dbea90 L"ntdll.dll") ret=00d07f73 0030:trace:module:LdrGetDllHandle L"ntdll.dll" -> 0x7bc80000 (load path L"Z:\home\focht\Downloads;C:\windows\system32;C:\windows\system;C:\windows;.;C:\windows\system32;C:\windows;C:\windows\system32\wbem") 0030:Ret KERNEL32.GetModuleHandleW() retval=7bc80000 ret=00d07f73 0030:Call KERNEL32.GetProcAddress(7bc80000,00db8ba8 "NtQueryDirectoryFile") ret=00d07f86 0030:Ret KERNEL32.GetProcAddress() retval=7bc8a2dc ret=00d07f86 0030:Call KERNEL32.GetProcAddress(7bc80000,00db8bc0 "NtQueryDirectoryFileEx") ret=00d07f9d 0030:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00d07f9d 0030:Call KERNEL32.GetProcAddress(7bc80000,00db8b70 "NtQueryFullAttributesFile") ret=00d07fb4 0030:Ret KERNEL32.GetProcAddress() retval=7bc8a36c ret=00d07fb4 0030:Call KERNEL32.GetProcAddress(7bc80000,00db8b90 "NtQueryAttributesFile") ret=00d07fcb 0030:Ret KERNEL32.GetProcAddress() retval=7bc8a28c ret=00d07fcb 0030:Call KERNEL32.GetProcAddress(7bc80000,00db8bd8 "NtCreateFile") ret=00d07fe2 0030:Ret KERNEL32.GetProcAddress() retval=7bc898e0 ret=00d07fe2 0030:Call KERNEL32.GetProcAddress(7bc80000,00db7828 "NtOpenFile") ret=00d07ff9 0030:Ret KERNEL32.GetProcAddress() retval=7bc89f84 ret=00d07ff9 0030:Call KERNEL32.GetProcAddress(7bc80000,00db7838 "NtClose") ret=00d08010 0030:Ret KERNEL32.GetProcAddress() retval=7bc89848 ret=00d08010 0030:Call KERNEL32.GetProcAddress(7bc80000,00dbeaa8 "RtlDoesFileExists_U") ret=00d08027 0030:Ret KERNEL32.GetProcAddress() retval=7bc8bb04 ret=00d08027 0030:Call KERNEL32.GetProcAddress(7bc80000,00dbeac0 "RtlDosPathNameToRelativeNtPathName_U_WithStatus") ret=00d0803e 0030:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00d0803e 0030:Call KERNEL32.GetProcAddress(7bc80000,00dbeaf0 "RtlReleaseRelativeName") ret=00d08055 0030:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00d08055 0030:Call KERNEL32.GetProcAddress(7bc80000,00dbeb08 "RtlGetVersion") ret=00d0806c 0030:Ret KERNEL32.GetProcAddress() retval=7bc8c3c8 ret=00d0806c 0030:Call KERNEL32.GetProcAddress(7bc80000,00db8be8 "NtTerminateProcess") ret=00d08083 0030:Ret KERNEL32.GetProcAddress() retval=7bc8ad98 ret=00d08083 0030:trace:seh:NtRaiseException code=c0000005 flags=0 addr=(nil) ip=0 tid=0030 0030:trace:seh:NtRaiseException info[0]=0000000000000008 0030:trace:seh:NtRaiseException info[1]=0000000000000000 0030:trace:seh:NtRaiseException rax=0000000000000000 rbx=0000000000e425b0 rcx=0000000000dbb170 rdx=000000000023e538 0030:trace:seh:NtRaiseException rsi=0000000000e425a0 rdi=0000000000e425a8 rbp=0000000000000000 rsp=000000000023e508 0030:trace:seh:NtRaiseException r8=0000000000000000 r9=000000000023e548 r10=0000000000000002 r11=0000000000000246 0030:trace:seh:NtRaiseException r12=000000007c000a70 r13=00007fff0d184bc0 r14=0000000000c80000 r15=0000000000000000 ... 0030:exception in PE entry point (proc=0xd4b068,module=0xc80000,reason=PROCESS_ATTACH,res=0x23fb00) 0030:Ret PE DLL (proc=0xd4b068,module=0xc80000 L"usvfs_x64.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=0 0030:Call TLS callback (proc=0xd43030,module=0xc80000,reason=PROCESS_DETACH,reserved=0) 0030:Ret TLS callback (proc=0xd43030,module=0xc80000,reason=PROCESS_DETACH,reserved=0) 0030:Call PE DLL (proc=0xd4b068,module=0xc80000 L"usvfs_x64.dll",reason=PROCESS_DETACH,res=0x23fb00) 0030:Ret PE DLL (proc=0xd4b068,module=0xc80000 L"usvfs_x64.dll",reason=PROCESS_DETACH,res=0x23fb00) retval=0 0030:warn:module:process_attach Initialization of L"usvfs_x64.dll" failed 0030:trace:module:process_attach (L"usvfs_x64.dll",0x23fb00) - END 0030:trace:module:process_attach (L"ModOrganizer.exe",0x23fb00) - END 0030:err:module:attach_dlls "usvfs_x64.dll" failed to initialize, aborting 0030:err:module:attach_dlls Initializing dlls for L"Z:\home\focht\Downloads\ModOrganizer.exe" failed, status c0000005 --- snip ---
ProtectionID scan of 'usvfs_x64.dll':
--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> Z:\home\focht\Downloads\usvfs_x64.dll File Type : 64-Bit Dll (Subsystem : Win GUI / 2), Size : 1905664 (01D1400h) Byte(s) | Machine: 0x8664 (AMD64) Compilation TimeStamp : 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) [TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | PE Header | - | Offset: 0x00000000:00000120 | VA: 0x00000001:80000120 | - [TimeStamp] 0xFFFFFFFF -> Sun 07th Feb 2106 06:28:15 (GMT) | Export | - | Offset: 0x00000000:0019AF54 | VA: 0x00000001:8019C954 | - [TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | DebugDirectory | - | Offset: 0x00000000:001659E4 | VA: 0x00000001:801673E4 | - [TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | DebugDirectory | - | Offset: 0x00000000:00165A00 | VA: 0x00000001:80167400 | - [TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | DebugDirectory | - | Offset: 0x00000000:00165A1C | VA: 0x00000001:8016741C | - [TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | DebugDirectory | - | Offset: 0x00000000:00165A38 | VA: 0x00000001:80167438 | - [!] Executable uses TLS callbacks (1 total... 0 invalid addresses) [LoadConfig] Struct determined as v8 (Expected size 232 | Actual size 256) [LoadConfig] CFG (/Guard) - Handler @ 0x1:80132708 [LoadConfig] CFG Table @ 0x0:00000000 | 0x00 (00) entries [LoadConfig] CFG Flags : 0x100 [LoadConfig] CodeIntegrity -> Flags 0x0 | Catalog 0x0 (0) | Catalog Offset 0x0 | Reserved 0x0 [LoadConfig] GuardAddressTakenIatEntryTable 0x0:00000000 | Count 0x000000000 (00) [LoadConfig] GuardLongJumpTargetTable 0x0:00000000 | Count 0x000000000 (00) [LoadConfig] HybridMetadataPointer 0x1:00000000 | DynamicValueRelocTable 0x0:00000000 [LoadConfig] FailFastIndirectProc 0x0:00000000 | FailFastPointer 0x0:00000000 [LoadConfig] UnknownZero1 0x0 0 [LoadConfig] CFG Data Present, yet setting is not present in the DllCharacteristics.. patched out? [File Heuristics] -> Flag #1 : 00000100000001001101000100010000 (0x0404D110) [Entrypoint Section Entropy] : 6.41 (section #0) ".text " | Size : 0x13013C (1245500) byte(s) [DllCharacteristics] -> Flag : (0x0160) -> HEVA | ASLR | DEP [SectionCount] 6 (0x6) | ImageSize 0x1DA000 (1941504) byte(s) [Export] 100% of function(s) (63 of 63) are in file | 0 are forwarded | 63 code | 0 data | 0 uninit data | 0 unknown | [VersionInfo] Company Name : Community Edition [VersionInfo] Product Name : USVFS [VersionInfo] Product Version : 0.3.1.0-beta5 [VersionInfo] File Description : Windows OverlayFS [VersionInfo] File Version : 0.3.1.0-beta5 [VersionInfo] Original FileName : usvfs_x64.dll [ModuleReport] [IAT] Modules -> SHLWAPI.dll | KERNEL32.dll | USER32.dll | ADVAPI32.dll | SHELL32.dll [Debug Info] (record 1 of 4) (file offset 0x1659E0) Characteristics : 0x0 | TimeDateStamp : 0x5ABEC65C (Fri 30th Mar 2018 23:21:00 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x3D (61) AddressOfRawData : 0x17336C | PointerToRawData : 0x17196C CvSig : 0x53445352 | SigGuid EDA278F0-B278-4BB2-988DBC49DBC556F3 Age : 0x12 (18) | Pdb : D:\MOB\build\usvfs\lib\usvfs_x64.pdb [Debug Info] (record 2 of 4) (file offset 0x1659FC) Characteristics : 0x0 | TimeDateStamp : 0x5ABEC65C (Fri 30th Mar 2018 23:21:00 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 12 (0xC) -> Undocumented | Size : 0x14 (20) AddressOfRawData : 0x1733AC | PointerToRawData : 0x1719AC [Debug Info] (record 3 of 4) (file offset 0x165A18) Characteristics : 0x0 | TimeDateStamp : 0x5ABEC65C (Fri 30th Mar 2018 23:21:00 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 13 (0xD) -> Undocumented | Size : 0x3D8 (984) AddressOfRawData : 0x1733C0 | PointerToRawData : 0x1719C0 [Debug Info] (record 4 of 4) (file offset 0x165A34) Characteristics : 0x0 | TimeDateStamp : 0x5ABEC65C (Fri 30th Mar 2018 23:21:00 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 14 (0xE) -> Undocumented | Size : 0x0 (0) AddressOfRawData : 0x0 | PointerToRawData : 0x0 [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.524 Second(s) [00000020Ch (524) tick(s)] [162 of 580 scan(s) done] --- snip ---
-> Windows OverlayFS 0.3.1.0-beta5
It might be originating from this project:
https://github.com/TanninOne/usvfs
After some further digging I found this one:
https://github.com/TanninOne/usvfs/pull/10
which goes to:
https://github.com/LePresidente/usvfs
But even that one didn't have some of the native API hooked:
https://github.com/LePresidente/usvfs/blob/master/src/usvfs_dll/hookmanager....
Further going down the Github fork chain for this project:
https://github.com/LePresidente/usvfs/network/members
This one looks suspicious (more recent activity), also with mentioning of 'Mod Organizer 2' (obvious):
https://github.com/Modorganizer2/usvfs
https://github.com/Modorganizer2/usvfs/blob/Develop/src/usvfs_dll/hookmanage...
Still no code change related to the missing native API. I might be that the code for this dll isn't on Github but a private fork.
Anyway, the dll in question here doesn't have error handling on its manual imports hence the crash in the entry point.
https://www.geoffchappell.com/studies/windows/win32/ntdll/api/index.htm
--- quote --- RtlDosPathNameToRelativeNtPathName_U_WithStatus 5.2 from Windows Server 2003 SP1, and higher --- quote ---
Wine also misses 'ntdll.RtlReleaseRelativeName' (see trace log) which will likely cause a follow-up crash too.
$ sha1sum MO2-2.1.2dev6-Silarn-prerelease.7z f4ff6d1739fbe9da8f7ea6a45728702067a15153 MO2-2.1.2dev6-Silarn-prerelease.7z
$ du -sh MO2-2.1.2dev6-Silarn-prerelease.7z 57M MO2-2.1.2dev6-Silarn-prerelease.7z
$ wine --version wine-3.5-5-g03ece22480
Regards