https://bugs.winehq.org/show_bug.cgi?id=39406
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net URL|http://www.ni.com/download/ |https://web.archive.org/web |labview-development-system- |/20181022065706/http://down |2014/4735/en/ |load.ni.com/evaluation/labv | |iew/ekit/other/downloader/2 | |014LV-WinEng.exe Summary|LabVIEW 2014: Errors during |LabVIEW 201x CVI kernel |installation block the |driver 'cvintdrv.sys' |process (continue to accept |crashes due to missing |them) (cvintdrv.sys) |'ntoskrnl.SeExports' export | |(SE_EXPORTS structure)
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming, still present
Stable download links via Internet Archive:
https://web.archive.org/web/20181022065706/http://download.ni.com/evaluation...
https://web.archive.org/web/20181010222337/http://download.ni.com/evaluation...
https://web.archive.org/web/20181001215929/http://download.ni.com/evaluation...
https://web.archive.org/web/20181022081430/http://download.ni.com/evaluation...
https://web.archive.org/web/20181020184420/http://download.ni.com/evaluation...
Relevant part of trace log (after setting driver to manual start):
--- snip --- $ WINEDEBUG=+seh,+relay,+service,+ntoskrnl wine net start cvintdrv >>log.txt 2>&1
0560:trace:ntoskrnl:load_driver loading driver L"C:\windows\system32\drivers\cvintdrv.sys" 0560:Call KERNEL32.LoadLibraryW(0012d328 L"C:\windows\system32\drivers\cvintdrv.sys") ret=0036490e ... 0560:Call LDR notification callback (proc=00365B80,reason=1,data=00D5F860,context=00000000) ... 0560:trace:ntoskrnl:ldr_notify_callback loading L"cvintdrv.sys" ... 0560:trace:ntoskrnl:ldr_notify_callback relocating from 00010000-00018000 to 00E80000-00E88000 ... 0560:Ret KERNEL32.LoadLibraryW() retval=00e80000 ret=0036490e ... 0560:Call driver init 00E8603E (obj=0012D250,str=L"\Registry\Machine\System\CurrentControlSet\Services\cvintdrv") ... 0560:Call ntoskrnl.exe.MmGetSystemRoutineAddress(00d5fb38) ret=00e8402b ... 0560:fixme:ntoskrnl:MmGetSystemRoutineAddress L"IoCreateDeviceSecure" not found 0560:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00000000 ret=00e8402b ... 0560:Call ntoskrnl.exe.MmGetSystemRoutineAddress(00d5fb38) ret=00e8404f ... 0560:trace:ntoskrnl:MmGetSystemRoutineAddress L"IoValidateDeviceIoControlAccess" -> 00353A20 0560:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00353a20 ret=00e8404f 0560:Call ntoskrnl.exe.wcschr(00e8218e L"(A;;GA;;;SY)(A;;GA;;;BA)",0000003a) ret=00e84a52 0560:Call msvcrt.wcschr(00e8218e L"(A;;GA;;;SY)(A;;GA;;;BA)",0000003a) ret=7bc3ab64 0560:Ret msvcrt.wcschr() retval=00000000 ret=7bc3ab64 0560:Ret ntoskrnl.exe.wcschr() retval=00000000 ret=00e84a52 ... 0560:Call ntoskrnl.exe._wcsnicmp(00e82190 L"A;;GA;;;SY)(A;;GA;;;BA)",00e825d4 L"A",00000001) ret=00e84bb9 0560:Call msvcrt._wcsnicmp(00e82190 L"A;;GA;;;SY)(A;;GA;;;BA)",00e825d4 L"A",00000001) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=00000000 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=00000000 ret=00e84bb9 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825cc L"RC",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825cc L"RC",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffff5 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff5 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825c4 L"WD",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825c4 L"WD",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffff0 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff0 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825bc L"WO",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825bc L"WO",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffff0 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff0 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825b4 L"SD",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825b4 L"SD",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffff4 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff4 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825ac L"GA",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825ac L"GA",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=00000000 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=00000000 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83040 L"WD",00000002) ret=00e847d3 0560:Call msvcrt._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83040 L"WD",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffffc ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffffc ret=00e847d3 0560:Call ntoskrnl.exe._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83054 L"BA",00000002) ret=00e847d3 0560:Call msvcrt._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83054 L"BA",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=00000011 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=00000011 ret=00e847d3 0560:Call ntoskrnl.exe._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83068 L"SY",00000002) ret=00e847d3 0560:Call msvcrt._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83068 L"SY",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=00000000 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=00000000 ret=00e847d3 0560:trace:seh:dispatch_exception code=c0000005 flags=0 addr=00E8483B ip=00e8483b tid=0560 0560:trace:seh:dispatch_exception info[0]=00000000 0560:trace:seh:dispatch_exception info[1]=90909170 0560:trace:seh:dispatch_exception eax=000000e0 ebx=00e821a0 ecx=90909090 edx=0000000c esi=00000028 edi=00e83068 0560:trace:seh:dispatch_exception ebp=00d5fa4c esp=00d5fa3c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010297 0560:trace:seh:call_vectored_handlers calling handler at 0035DA00 code=c0000005 flags=0 0560:trace:seh:call_vectored_handlers handler at 0035DA00 returned 0 0560:trace:seh:call_vectored_handlers calling handler at 7B00F270 code=c0000005 flags=0 0560:trace:seh:call_vectored_handlers handler at 7B00F270 returned 0 0560:trace:seh:call_stack_handlers calling handler at 7BC52730 code=c0000005 flags=0 0560:Call ntdll.NtCreateEvent(00d5f310,001f0003,00d5f384,00000000,00000000) ret=7b010402 0560:Ret ntdll.NtCreateEvent() retval=00000000 ret=7b010402 wine: Unhandled page fault on read access to 90909170 at address 00E8483B (thread 0560), starting debugger... --- snip ---
Trace doesn't reveal much but debugging the crash site does:
--- snip --- 00E847B3 | mov edi,edi | 00E847B5 | push ebp | 00E847B6 | mov ebp,esp | 00E847B8 | push ecx | 00E847B9 | push ebx | 00E847BA | mov ebx,dword ptr ss:[ebp+8] | 00E847BD | push esi | 00E847BE | xor esi,esi | 00E847C0 | push edi | 00E847C1 | mov edi,cvintdrv.E83040 | 00E847C6 | mov dword ptr ss:[ebp-4],esi | 00E847C9 | push dword ptr ds:[edi+8] | 00E847CC | push edi | 00E847CD | push ebx | 00E847CE | call <JMP.&__wcsnicmp> | 00E847D3 | add esp,C | 00E847D6 | test eax,eax | 00E847D8 | je cvintdrv.E847FD | 00E847DA | add dword ptr ss:[ebp-4],14 | 00E847DE | inc esi | 00E847DF | add edi,14 | 00E847E2 | cmp dword ptr ss:[ebp-4],F0 | 00E847E9 | jb cvintdrv.E847C9 | 00E847EB | mov eax,dword ptr ss:[ebp+C] | 00E847EE | and dword ptr ds:[eax],0 | 00E847F1 | mov eax,C0000073 | 00E847F6 | pop edi | 00E847F7 | pop esi | 00E847F8 | pop ebx | 00E847F9 | leave | 00E847FA | ret C | 00E847FD | mov ecx,dword ptr ss:[ebp+10] | 00E84800 | imul esi,esi,14 | 00E84803 | mov eax,dword ptr ds:[esi+E83048] | 00E84809 | lea eax,dword ptr ds:[ebx+eax*2] | 00E8480C | mov dword ptr ds:[ecx],eax | 00E8480E | cmp dword ptr ds:[esi+E8303C],1 | 00E84815 | jne cvintdrv.E8482D | 00E84817 | push 20 | 00E84819 | push 1 | 00E8481B | call dword ptr ds:[&_IoIsWdmVersionAvailable@8] | 00E84821 | test al,al | 00E84823 | jne cvintdrv.E8482D | 00E84825 | mov eax,dword ptr ss:[ebp+C] | 00E84828 | and dword ptr ds:[eax],0 | 00E8482B | jmp cvintdrv.E84843 | 00E8482D | mov ecx,dword ptr ds:[<&___wine_stub_SeExports>] | 00E84833 | mov ecx,dword ptr ds:[ecx] | 00E84835 | mov eax,dword ptr ds:[esi+E83038] | 0xE0 00E8483B | mov eax,dword ptr ds:[eax+ecx] | *boom* 00E8483E | mov ecx,dword ptr ss:[ebp+C] | 00E84841 | mov dword ptr ds:[ecx],eax | 00E84843 | xor eax,eax | 00E84845 | jmp cvintdrv.E847F6 | --- snip ---
dword ptr ds:[eax+ecx*1] = [0xE0+0x90909090] = 0x90909170
Microsoft docs:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs...
--- quote --- The SeExports structure is a large external static SE_EXPORTS structure that defines a number of well-known security constants for privilege values and security identifiers. --- quote ---
Wine source:
https://source.winehq.org/git/wine.git/blob/7d3186e029fb4cf417fab59483a37d8a...
--- snip --- 1326 @ stub SeExports --- snip ---
ProtectionID scan:
--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\windows\system32\drivers\cvintdrv.sys File Type : 32-Bit Driver (good checksum) (Subsystem : Native / 1), Size : 21792 (05520h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x4E937FD8 -> Mon 10th Oct 2011 23:29:28 (GMT) [TimeStamp] 0x4E937FD8 -> Mon 10th Oct 2011 23:29:28 (GMT) | PE Header | - | Offset: 0x000000C8 | VA: 0x000100C8 | - [TimeStamp] 0x4E937FD8 -> Mon 10th Oct 2011 23:29:28 (GMT) | DebugDirectory | - | Offset: 0x00000AC4 | VA: 0x000120C4 | - -> File Appears to be Digitally Signed @ Offset 03200h, size : 02320h / 08992 byte(s) [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000100000001001100000000000111 (0x0404C007) [Entrypoint Section Entropy] : 5.40 (section #4) "INIT " | Size : 0x516 (1302) byte(s) [DllCharacteristics] -> Flag : (0x0400) -> NOSEH [SectionCount] 6 (0x6) | ImageSize 0x8000 (32768) byte(s) [ModuleReport] [IAT] Modules -> ntoskrnl.exe | HAL.dll [Debug Info] (record 1 of 1) (file offset 0xAC0) Characteristics : 0x0 | TimeDateStamp : 0x4E937FD8 (Mon 10th Oct 2011 23:29:28 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x4E (78) AddressOfRawData : 0x25D8 | PointerToRawData : 0xFD8 CvSig : 0x53445352 | SigGuid 01BFF930-BFF0-4554-937CAF4FAB5F7A02 Age : 0x17 (23) | Pdb : c:\winddk\7600.16385.1\lib\wxp\i386\i386\CVINTDRV.pdb [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.347 Second(s) [00000015Bh (347) tick(s)] [135 of 580 scan(s) done]
Scanning -> C:\windows\system32\drivers\CVINTDrv.ver [!] File does not have any imports [!] File does not have an entrypoint File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 1536 (0600h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x52D6B97A -> Wed 15th Jan 2014 16:38:18 (GMT) [TimeStamp] 0x52D6B97A -> Wed 15th Jan 2014 16:38:18 (GMT) | PE Header | - | Offset: 0x000000B8 | VA: 0x100000B8 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00010000000001001000010001000000 (0x10048440) [DllCharacteristics] -> Flag : (0x0400) -> NOSEH [SectionCount] 1 (0x1) | ImageSize 0x2000 (8192) byte(s) [VersionInfo] Company Name : National Instruments [VersionInfo] Product Name : LabWindows/CVI 2013 [VersionInfo] Product Version : 13.0.1.201 [VersionInfo] File Description : LabWindows/CVI Version Resource File [VersionInfo] File Version : 13.0.1.201 [VersionInfo] Original FileName : versionResource.dll [VersionInfo] Internal Name : CVIVersionResource [VersionInfo] Legal Copyrights : Copyright © 1987-2014 National Instruments. All rights reserved. [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.250 Second(s) [0000000FAh (250) tick(s)] [246 of 580 scan(s) done] --- snip ---
virustotal.com scan:
https://www.virustotal.com/gui/file/fb224b34081efdcf34f43901cfc423635e176206...
$ sha1sum 201*-WinEng* b16e80402d7567b49e0f47a673fe53accbd1e029 2014LV-WinEng.exe 6e67bff38ea397df8317e5d9b4895c25d0674186 2015LV-WinEng.exe 15f2845122cedd53715bc96cf93afa6890c5d0fc 2016LV-WinEng.exe 8ffb9bb144d6e4071999f333a19c2ef266e4ec68 2017LV-WinEng.exe 4365d9beca39f743b31a87a1b44b2e456b290b86 2018LV-WinEng.exe
$ du -sh 201*-WinEng* 1.4G 2014LV-WinEng.exe 1.4G 2015LV-WinEng.exe 1.5G 2016LV-WinEng.exe 1.4G 2017LV-WinEng.exe 1.6G 2018LV-WinEng.exe
$ wine --version wine-6.0-rc6
Regards