[Bug 47027] EA Origin client crashes on startup ( Origin IGO hook engine can't cope with GOT/ PIC register load code at API entry, needs DECLSPEC_HOTPATCH for user32.SetForegroundWindow)

https://bugs.winehq.org/show_bug.cgi?id=47027

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Summary|EA Origin: Crashes on start |EA Origin client crashes on | |startup (Origin IGO hook | |engine can't cope with | |GOT/PIC register load code | |at API entry, needs | |DECLSPEC_HOTPATCH for | |user32.SetForegroundWindow) CC| |focht@gmx.net Status|UNCONFIRMED |NEW Component|-unknown |user32 Ever confirmed|0 |1

--- Comment #10 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming.

Snapshot of download:

https://web.archive.org/web/20190429133257/http://download.dm.origin.com/ori...

Since you already found the culprit this is supplemental information.

Trace log of client (avoid updater). Don't trace using relay, it affects the hook engine.

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/Origin

$ WINEDEBUG=+seh,+loaddll,+process wine ./Origin.exe /noUpdate /timing:1075 /Installed:10.5.38.25027 ... 0009:trace:loaddll:load_native_dll Loaded L"C:\Program Files (x86)\Origin\IGO32.dll" at 0x48f0000: native ... 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4999fe5 ip=04999fe5 tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=08819178 0009:trace:seh:raise_exception eax=00129158 ebx=00046710 ecx=00000000 edx=7e320138 esi=00129620 edi=086f0000 0009:trace:seh:raise_exception ebp=0034e0a8 esp=0034e05c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0009:trace:seh:call_stack_handlers calling handler at 0x499fd85 code=c0000005 flags=0 0009:trace:seh:_except_handler4_common exception c0000005 flags=0 at 0x4999fe5 handler=0x499fd85 0x34dd38 0x34dc8c cookie=62e26657 scope table=0x49d1000 cookies=-2/0,-76/0 0009:trace:seh:_except_handler4_common level 1 prev 0 filter 0x499a00f 0009:trace:seh:_except_handler4_common filter returned EXECUTE_HANDLER 0009:trace:seh:__DestructExceptionObject (0x34e004) 0009:trace:seh:_global_unwind2 (0x34e098) 0009:trace:seh:__regs_RtlUnwind code=c0000027 flags=2 --- snip ---

The in-game overlay logs some diagnostics in 'IGO_Log.Origin_<pid>.txt' located in 'c:\ProgramData\Origin\Logs':

--- snip --- Process Information PID: 8 EXE: C:\Program Files (x86)\Origin\Origin.exe STARTED: Mon, Apr 29 2019 03:50:10 PM WARN 03:50:10 PM (0) 9 IGOTelemetry.cpp: 77 Unable to retrieve telemetry prod id WARN 03:50:10 PM (0) 9 IGOTelemetry.cpp: 87 Unable to retrieve telemetry timestamp WARN 03:50:10 PM (9) 9 DllMain.cpp: 2243 isIGOSharedMemoryNew=1 WARN 03:50:10 PM (0) 9 DllMain.cpp: 2256 Creating IGO Mutex INFO 03:50:10 PM (0) 9 DllMain.cpp: 2335 Info Display: disabled INFO 03:50:10 PM (0) 9 DllMain.cpp: 2340 32-bit DLL Process attach - 9 WARN 03:50:10 PM (3) 9 DllMain.cpp: 2366 forceAPIHooking = true INFO 03:50:10 PM (0) 9 DllMain.cpp: 2393 parent process name: (size 0) INFO 03:50:11 PM (426) 9 mhook.cpp: 442 TrampolineAlloc: for 7E366710 (DoDragDrop) between 00000001 and FE2E6710 INFO 03:50:11 PM (1) 9 mhook.cpp: 192 mhooks: BlockAlloc: Allocated block at 7F000000 as 282 trampolines INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E68A210 (SetFocus) between 00000001 and FE60A210 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E68A0B0 (SetForegroundWindow) between 00000001 and FE60A0B0 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E9260 (BringWindowToTop) between 00000001 and FE669260 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E99D0 (SwitchToThisWindow) between 00000001 and FE6699D0 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E9880 (ShowWindowAsync) between 00000001 and FE669880 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E9920 (ShowWindow) between 00000001 and FE669920 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E88E0 (SetWindowPos) between 00000001 and FE6688E0 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E68A120 (SetActiveWindow) between 00000001 and FE60A120 INFO 03:50:11 PM (1) 9 mhook.cpp: 442 TrampolineAlloc: for 7B4499F0 (CreateFileW) between 00000001 and FB3C99F0 --- snip ---

Original 'user32.SetForegroundWindow' in memory before the hooking:

--- snip --- 7E657A41 8B0424 MOV EAX,DWORD PTR SS:[ESP] 7E657A44 C3 RETN ... 7E68A0B0 E8 8CD9FCFF CALL 7E657A41 7E68A0B5 05 4B6F0B00 ADD EAX,0B6F4B 7E68A0BA 8D4C24 04 LEA ECX,[ESP+4] 7E68A0BE 83E4 F0 AND ESP,FFFFFFF0 7E68A0C1 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7E68A0C4 55 PUSH EBP 7E68A0C5 89E5 MOV EBP,ESP 7E68A0C7 53 PUSH EBX 7E68A0C8 8B19 MOV EBX,DWORD PTR DS:[ECX] 7E68A0CA 51 PUSH ECX 7E68A0CB F680 80B60E00 0 TEST BYTE PTR DS:[EAX+0EB680],08 7E68A0D2 75 1C JNE SHORT 7E68A0F0 7E68A0D4 83EC 0C SUB ESP,0C 7E68A0D7 53 PUSH EBX 7E68A0D8 E8 332C0500 CALL 7E6DCD10 7E68A0DD 31D2 XOR EDX,EDX 7E68A0DF E8 7CFEFFFF CALL 7E689F60 7E68A0E4 8D65 F8 LEA ESP,[EBP-8] 7E68A0E7 59 POP ECX 7E68A0E8 5B POP EBX 7E68A0E9 5D POP EBP 7E68A0EA 8D61 FC LEA ESP,[ECX-4] 7E68A0ED C2 0400 RETN 4 --- snip ---

After hooking:

--- snip --- 7E68A0B0 E9 1BEED091 JMP 10398ED0 7E68A0B5 05 4B6F0B00 ADD EAX,0B6F4B 7E68A0BA 8D4C24 04 LEA ECX,[ESP+4] --- snip ---

Hook trampoline target:

--- snip --- Executable modules, item 26 Base = 10000000 Size = 02839000 (42176512.) Entry = 10694B47 Name = OriginClient Type = File version = 10,5,38,25027 Static links = api-ms-win-crt-runtime-l1-1-0, dbghelp, KERNEL32, MSVCP140, ole32, OLEAUT32, Qt5Core, Qt5Gui, Qt5Multimedia, Qt5Network, Qt5PrintSupport, Qt5QuickWidgets, Qt5WebChannel, Qt5WebEngineCore, Qt5WebEngineWidgets, Qt5Widgets, Qt5Xml, SHELL32, SHLWAPI, USER32, Path = C:\Program Files (x86)\Origin\OriginClient.dll --- snip ---

This obviously can't work as already explained many times.

With DECLSPEC_HOTPATCH applied:

--- snip --- $ objdump -d /home/focht/projects/wine/mainline-install-x86_64/lib/wine/user32.dll.so | awk -F"\n" -v RS="\n\n" '$1 ~ /SetForegroundWindow/' 0005d0c0 <SetForegroundWindow>: 5d0c0: 8b ff mov %edi,%edi 5d0c2: 55 push %ebp 5d0c3: 8b ec mov %esp,%ebp 5d0c5: e8 77 d9 fc ff call 2aa41 <__x86.get_pc_thunk.ax> 5d0ca: 05 36 6f 0b 00 add $0xb6f36,%eax 5d0cf: 5d pop %ebp 5d0d0: 8d 4c 24 04 lea 0x4(%esp),%ecx 5d0d4: 83 e4 f0 and $0xfffffff0,%esp 5d0d7: ff 71 fc pushl -0x4(%ecx) 5d0da: 55 push %ebp 5d0db: 89 e5 mov %esp,%ebp 5d0dd: 53 push %ebx 5d0de: 8b 19 mov (%ecx),%ebx 5d0e0: 51 push %ecx 5d0e1: f6 80 80 b6 0e 00 08 testb $0x8,0xeb680(%eax) 5d0e8: 75 26 jne 5d110 <SetForegroundWindow+0x50> --- snip ---

which works as expected.

$ sha1sum OriginSetup.exe 9fc129ddb49d13904b8419d128c5c96077cf9b26 OriginSetup.exe

$ du -sh OriginSetup.exe 221M OriginSetup.exe

$ wine --version wine-4.7

Regards