https://bugs.winehq.org/show_bug.cgi?id=52446
Bug ID: 52446 Summary: Normal dlls with native subsystem id are no longer processed when importing system dlls with uppercase names Product: Wine Version: 7.0 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
this is a regression found during testing of bug 50433 ("'MsiBreak' custom action debugging aid should use custom action's name from 'CustomAction' table (currently uses 'Target' field)").
--- snip --- $ WINEDEBUG=+seh,+relay,+ntdll,+loaddll,+server wine msiexec -i AcroPro.msi
log.txt 2>&1
... 0104:trace:msi:ACTION_CustomAction Handling custom action L"CreatePortMonitor" (c41 L"AdobeIsf" L"SetupPortMonitor") ... 0248:Ret PE DLL (proc=0236618A,module=02360000 L"msi40ea.tmp",reason=PROCESS_ATTACH,res=00000000) retval=1 ... 0248:Ret kernelbase.LoadLibraryW() retval=02360000 ret=7bc3acd4 0248:Ret KERNEL32.LoadLibraryW() retval=02360000 ret=100225a8 ... 0104:trace:msi:wait_thread_handle waiting for L"CreatePortMonitor" ... 0248:Call KERNEL32.LoadLibraryW(00474ef0 L"C:\windows\system32\AdobePDF.dll") ret=025d7344 0248:Call kernelbase.LoadLibraryW(00474ef0 L"C:\windows\system32\AdobePDF.dll") ret=7bc3acd4 ... 0248: get_mapping_info( handle=00f0, access=0000000c ) 0248: get_mapping_info() = 0 { size=0000a000, flags=01800000, shared_file=0000, total=152, image={base=50400000,stack_size=00100000,stack_commit=00001000,entry_point=00004438,map_size=0000a000,zerobits=00000000,subsystem=00000001,subsystem_minor=0000,subsystem_major=0004,osversion_major=0004,osversion_minor=0000,image_charact=210e,dll_charact=0000,machine=014c,contains_code=1,image_flags=00,loader_flags=00000000,header_size=00000400,file_size=00005600,checksum=0000e958}, name=L"\??\C:\windows\syswow64\AdobePDF.dll" } ... 0248:trace:loaddll:build_module Loaded L"C:\windows\syswow64\MSVCR71.dll" at 02600000: builtin 0248: close_handle( handle=00f4 ) 0248: close_handle() = 0 0248:trace:loaddll:build_module Loaded L"C:\windows\system32\AdobePDF.dll" at 50400000: native 0248: close_handle( handle=00f0 ) 0248: close_handle() = 0 0248:Call PE DLL (proc=02666D60,module=02600000 L"MSVCR71.dll",reason=PROCESS_ATTACH,res=00000000) ... 0248:Ret PE DLL (proc=02666D60,module=02600000 L"MSVCR71.dll",reason=PROCESS_ATTACH,res=00000000) retval=1 0248:Ret ntdll.LdrLoadDll() retval=00000000 ret=7b01b8e3 ... 0248:Ret kernelbase.LoadLibraryW() retval=50400000 ret=7bc3acd4 0248:Ret KERNEL32.LoadLibraryW() retval=50400000 ret=025d7344 0248:Call KERNEL32.GetProcAddress(50400000,025db5ef "InitializePrintMonitor2") ret=025d73bf ... 0248:Ret KERNEL32.GetProcAddress() retval=00000000 ret=025d73bf 0248:Call KERNEL32.GetProcAddress(50400000,025db607 "InitializePrintMonitorUI") ret=025d73cf ... 0248:Ret KERNEL32.GetProcAddress() retval=00000000 ret=025d73cf 0248:Call KERNEL32.GetProcAddress(50400000,025da1ac "InitializePrintMonitor") ret=025d73de ... 0248:Ret KERNEL32.GetProcAddress() retval=50404423 ret=025d73de 0248:Call KERNEL32.GetProcAddress(50400000,025db620 "InitializeMonitorEx") ret=025d73ee ... 0248:Ret KERNEL32.GetProcAddress() retval=00000000 ret=025d73ee 0248:Call KERNEL32.GetProcAddress(50400000,025db634 "InitializeMonitor") ret=025d73fe ... 0248:Ret KERNEL32.GetProcAddress() retval=00000000 ret=025d73fe --- snip ---
Note, dll notifications were not called for 'AdobePDF.dll'.
At this point spooler calls 'InitializePrintMonitor' export.
--- snip --- ... 0248:Call advapi32.RegCreateKeyW(80000002,00472da8 L"System\CurrentControlSet\Control\Print\Monitors\Adobe PDF Port",504060b8) ret=50404368 ... 0248:Ret advapi32.RegCreateKeyW() retval=00000000 ret=50404368 0248:Call ntdll.RtlEnterCriticalSection(504060e0) ret=504020b7 0248: create_semaphore( access=001f0003, initial=00000000, max=00000001, objattr={} ) 0248: create_semaphore() = 0 { handle=00f0 } 0248: select( flags=2, cookie=0235ebe4, timeout=+4.9999870, size=8, prev_apc=0000, result={}, data={WAIT_ALL,handles={00f0}}, contexts={} ) 0248: select() = PENDING { call={APC_NONE}, apc_handle=0000, signaled=0, contexts={} } 0248: *wakeup* signaled=TIMEOUT 0248:err:sync:RtlpWaitForCriticalSection section 504060E0 "?" wait timed out in thread 0248, blocked by 0000, retrying (60 sec) 0248: select( flags=2, cookie=0235ebe4, timeout=+59.9999082, size=8, prev_apc=0000, result={}, data={WAIT_ALL,handles={00f0}}, contexts={} ) 0248: select() = PENDING { call={APC_NONE}, apc_handle=0000, signaled=0, contexts={} } 0248: *killed* exit_code=0 ... 0220:Ret PE DLL (proc=006B1900,module=00630000 L"ucrtbase.dll",reason=THREAD_DETACH,res=00000000) retval=1 0220: *killed* exit_code=0 0248: *wakeup* signaled=TIMEOUT 0248:err:sync:RtlpWaitForCriticalSection section 504060E0 "?" wait timed out in thread 0248, blocked by 0000, retrying (60 sec) 0248: select( flags=2, cookie=0235ebe4, timeout=+59.9999082, size=8, prev_apc=0000, result={}, data={WAIT_ALL,handles={00f0}}, contexts={} ) 0248: select() = PENDING { call={APC_NONE}, apc_handle=0000, signaled=0, contexts={} } 0104: *wakeup* signaled=1 --- snip ---
Due to loader not calling loader notifications for 'AdobePDF.dll', the critical section 0x504060e0 was not initialized, leading to infinite hang.
The problem was introduced by commit https://source.winehq.org/git/wine.git/commitdiff/250c113169217933b1fffa8024... ("ntdll: Factor out is_import_dll_system() function."), part of Wine 6.21 release.
The refactoring inadvertently changed the case sensitivity for comparision of imported dlls against the system dlls from case-insensive ('wcsicmp') to case-sensive ('strcmp'). This breaks the detection for dlls which are marked as 'native subsystem' but are in fact regular dlls if they import dlls with upper/camel case.
Dump of 'AdobePDF.dll' headers:
--- snip --- ...
->File Header Machine: 0x014C (I386) NumberOfSections: 0x0005 TimeDateStamp: 0x41BEBC76 (GMT: Tue Dec 14 10:12:06 2004) PointerToSymbolTable: 0x00000000 NumberOfSymbols: 0x00000000 SizeOfOptionalHeader: 0x00E0 Characteristics: 0x210E (EXECUTABLE_IMAGE) (LINE_NUMS_STRIPPED) (LOCAL_SYMS_STRIPPED) (32BIT_MACHINE) (DLL)
->Optional Header Magic: 0x010B (HDR32_MAGIC) MajorLinkerVersion: 0x07 MinorLinkerVersion: 0x0A -> 7.10 SizeOfCode: 0x00004200 SizeOfInitializedData: 0x00001000 SizeOfUninitializedData: 0x00000000 AddressOfEntryPoint: 0x00004438 BaseOfCode: 0x00001000 BaseOfData: 0x00006000 ImageBase: 0x50400000 SectionAlignment: 0x00001000 FileAlignment: 0x00000200 MajorOperatingSystemVersion: 0x0004 MinorOperatingSystemVersion: 0x0000 -> 4.00 MajorImageVersion: 0x0004 MinorImageVersion: 0x0000 -> 4.00 MajorSubsystemVersion: 0x0004 MinorSubsystemVersion: 0x0000 -> 4.00 Win32VersionValue: 0x00000000 SizeOfImage: 0x0000951A SizeOfHeaders: 0x00000400 CheckSum: 0x0000E958 Subsystem: 0x0001 (NATIVE) DllCharacteristics: 0x0000 SizeOfStackReserve: 0x00100000 SizeOfStackCommit: 0x00001000 SizeOfHeapReserve: 0x00100000 SizeOfHeapCommit: 0x00001000 LoaderFlags: 0x00000000 NumberOfRvaAndSizes: 0x00000010 ---- snip ---
-> native subsystem
Dump of 'AdobePDF.dll' import table, showing the dll names are uppercase:
--- snip --- 1. ImageImportDescriptor: OriginalFirstThunk: 0x00004864 TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970) ForwarderChain: 0x00000000 Name: 0x00004948 ("SPOOLSS.DLL") FirstThunk: 0x0000117C
Ordinal/Hint API name ------------ --------------------------------------- 0x003A "ImpersonatePrinterClient" ... 0x0032 "GetJobW"
2. ImageImportDescriptor: OriginalFirstThunk: 0x000047FC TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970) ForwarderChain: 0x00000000 Name: 0x00004A76 ("MSVCR71.dll") FirstThunk: 0x00001114
Ordinal/Hint API name ------------ --------------------------------------- 0x00F1 "_except_handler3" ... 0x0189 "_mbschr"
3. ImageImportDescriptor: OriginalFirstThunk: 0x0000473C TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970) ForwarderChain: 0x00000000 Name: 0x00004DAA ("KERNEL32.dll") FirstThunk: 0x00001054
Ordinal/Hint API name ------------ --------------------------------------- 0x01C0 "GetSystemTimeAsFileTime" ... 0x0394 "WriteFile"
4. ImageImportDescriptor: OriginalFirstThunk: 0x00004884 TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970) ForwarderChain: 0x00000000 Name: 0x00004EFE ("USER32.dll") FirstThunk: 0x0000119C
Ordinal/Hint API name ------------ --------------------------------------- 0x0202 "PostMessageW" ... 0x01DE "MessageBoxA"
5. ImageImportDescriptor: OriginalFirstThunk: 0x000046E8 TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970) ForwarderChain: 0x00000000 Name: 0x0000507A ("ADVAPI32.dll") FirstThunk: 0x00001000
Ordinal/Hint API name ------------ --------------------------------------- 0x01D8 "RegEnumKeyW" ... 0x01C9 "RegCloseKey" --- snip ---
Stable download link via Internet Archive:
https://web.archive.org/web/20061114115407/http://ardownload.adobe.com/pub/a...
https://www.virustotal.com/gui/file/d9270dc2abfb3c0e216af188343dbd0058c60253...
$ sha1sum AcTR7EFG.exe 4f1ff389ea71f21d624083d65bbe5a74e4760079 AcTR7EFG.exe
$ du -sh AcTR7EFG.exe 116M AcTR7EFG.exe
$ wine --version wine-7.0-119-gc09a5da1575
Regards