https://bugs.winehq.org/show_bug.cgi?id=17277
--- Comment #10 from Anastasius Focht focht@gmx.net --- Hello André,
--- quote --- Does it work in recent Wine versions, because a related bug seems fixed (See Also) Or is this abandoned meanwhile? --- quote ---
No, nothing has changed with regards to default process heap location. The test app still crashes as expected.
Proof:
--- snip --- $ WINEDEBUG=+pid,+seh,+loaddll,+process,+relay,+module wine ./ZLoader.exe test.exe >>log.txt 2>&1
... 0020:0024:Call ntdll.NtCreateUserProcess(0021f828,0021f82c,001fffff,001fffff,0021f6ac,0021f694,00000200,00000001,00472320,0021f748,0021f6c4) ret=7b038367 ... 0104:0108:trace:module:map_image_into_view mapping PE file L"\??\Z:\home\focht\Downloads\z\Test.exe" at 0x800000-0x818000 ... 0104:0108:trace:module:map_image_into_view mapping PE file L"\??\C:\windows\system32\ntdll.dll" at 0x7bc00000-0x7bc80000 ... 0020:0024:trace:process:NtCreateUserProcess L"\??\Z:\home\focht\Downloads\z\Test.exe" pid 0104 tid 0108 handles 0x6c/0x70 0020:0024:Ret ntdll.NtCreateUserProcess() retval=00000000 ret=7b038367 ... 0020:0024:trace:process:CreateProcessInternalW started process pid 0104 tid 0108 ... 0020:0024:Ret KERNEL32.CreateProcessA() retval=00000001 ret=00401188 0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00030000,0021fe60,0000001c) ret=00401228 0020:0024:Call ntdll.NtQueryVirtualMemory(0000006c,00030000,00000000,0021fe60,0000001c,0021f9b0) ret=7b02a0ef 0020:0024:Ret ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef 0020:0024:Ret KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228 0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00110000,0021fe60,0000001c) ret=00401228 0020:0024:Call ntdll.NtQueryVirtualMemory(0000006c,00110000,00000000,0021fe60,0000001c,0021f9b0) ret=7b02a0ef 0020:0024:Ret ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef 0020:0024:Ret KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228 0020:0024:Call KERNEL32.VirtualFreeEx(0000006c,00110000,00000000,00008000) ret=00401258 0020:0024:Call ntdll.NtFreeVirtualMemory(0000006c,0021f9c4,0021f9c8,00008000) ret=7b029f8b 0020:0024:Ret ntdll.NtFreeVirtualMemory() retval=00000000 ret=7b029f8b 0020:0024:Ret KERNEL32.VirtualFreeEx() retval=00000001 ret=00401258 0020:0024:Call ntdll.RtlAllocateHeap(00cd0000,00000000,00001030) ret=00406d12 0020:0024:Ret ntdll.RtlAllocateHeap() retval=00cd0c48 ret=00406d12 0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00114000,0021fe60,0000001c) ret=00401228 0020:0024:Call ntdll.NtQueryVirtualMemory(0000006c,00114000,00000000,0021fe60,0000001c,0021f9b0) ret=7b02a0ef 0020:0024:Ret ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef 0020:0024:Ret KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228 0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00120000,0021fe60,0000001c) ret=00401228 0020:0024:Call ntdll.NtQueryVirtualMemory(0000006c,00120000,00000000,0021fe60,0000001c,0021f9b0) ret=7b02a0ef 0020:0024:Ret ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef 0020:0024:Ret KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228 0020:0024:Call KERNEL32.VirtualFreeEx(0000006c,00120000,00000000,00008000) ret=00401258 0020:0024:Call ntdll.NtFreeVirtualMemory(0000006c,0021f9c4,0021f9c8,00008000) ret=7b029f8b 0020:0024:Ret ntdll.NtFreeVirtualMemory() retval=00000000 ret=7b029f8b 0020:0024:Ret KERNEL32.VirtualFreeEx() retval=00000001 ret=00401258 0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00121000,0021fe60,0000001c) ret=00401228 0020:0024:Call ntdll.NtQueryVirtualMemory(0000006c,00121000,00000000,0021fe60,0000001c,0021f9b0) ret=7b02a0ef 0020:0024:Ret ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef 0020:0024:Ret KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228 0020:0024:Call KERNEL32.VirtualAllocEx(0000006c,00100000,00700000,00002000,00000040) ret=004012ba 0020:0024:Call ntdll.NtAllocateVirtualMemory(0000006c,0021f9ac,00000000,0021f9c8,00002000,00000040) ret=7b029dda 0020:0024:Ret ntdll.NtAllocateVirtualMemory() retval=00000000 ret=7b029dda 0020:0024:Ret KERNEL32.VirtualAllocEx() retval=00100000 ret=004012ba 0020:0024:Call user32.MessageBoxA(00000000,00422094 "ZLoader now will resume the thread",0042203c "ZLoader",00000040) ret=004012d7 ... 0020:0024:Ret user32.MessageBoxA() retval=00000001 ret=004012d7 0020:0024:Call KERNEL32.ResumeThread(00000070) ret=004010b2 0020:0024:Call ntdll.NtResumeThread(00000070,0021fe44) ret=7b04c713 0020:0024:Ret ntdll.NtResumeThread() retval=00000000 ret=7b04c713 0020:0024:Ret KERNEL32.ResumeThread() retval=00000001 ret=004010b2 0020:0024:Call KERNEL32.CloseHandle(00000070) ret=004010c8 0020:0024:Call ntdll.NtClose(00000070) ret=7b036f50 ... 0104:0108:trace:seh:dispatch_exception code=c0000005 flags=0 addr=7BC20290 ip=7bc20290 tid=0108 0104:0108:trace:seh:dispatch_exception info[0]=00000000 0104:0108:trace:seh:dispatch_exception info[1]=00110290 0104:0108:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception (code=c0000005) raised 0104:0108:trace:seh:dispatch_exception eax=7ffd1000 ebx=7ffd1000 ecx=00000002 edx=7ffd1044 esi=7ffd1000 edi=00110000 0104:0108:trace:seh:dispatch_exception ebp=0101ef18 esp=0101eccc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0104:0108:err:seh:NtRaiseException Unhandled exception code c0000005 flags 0 addr 0x7bc20290 ... 0020:0024:Call user32.MessageBoxA(00000000,0042201c "ZLoader will end",0042203c "ZLoader",00000040) ret=004010fa --- snip ---
Crash location in debuggee:
--- snip --- <ntdll._init_user_process_params>:
7BC20270 | push ebp | 7BC20271 | mov ebp,esp | 7BC20273 | push ebx | 7BC20274 | push edi | 7BC20275 | push esi | 7BC20276 | sub esp,240 | 7BC2027C | mov eax,dword ptr fs:[18] | ntdll/env.c:638 7BC20282 | mov dword ptr ss:[ebp-14],eax | 7BC20285 | mov eax,dword ptr ds:[eax+30] | ntdll/env.c:638 7BC20288 | mov ecx,2 | 7BC2028D | mov edi,dword ptr ds:[eax+10] | params 0x110000 7BC20290 | mov ebx,dword ptr ds:[edi+290] | ntdll/env.c:642 -> *boom* 7BC20296 | cmp ebx,2 | ntdll/env.c:643 7BC20299 | cmova ecx,ebx | 7BC2029C | push ecx | 7BC2029D | push 0 | 7BC2029F | push dword ptr ds:[eax+18] | 7BC202A2 | call ntdll._RtlAllocateHeap@12 | ... --- snip ---
Corresponding source:
https://source.winehq.org/git/wine.git/blob/9561af9a7d8d77e2f98341e278c84222...
--- snip --- 629 /*********************************************************************** 630 * init_user_process_params 631 * 632 * Fill the initial RTL_USER_PROCESS_PARAMETERS structure from the server. 633 */ 634 void init_user_process_params(void) 635 { 636 WCHAR *env; 637 SIZE_T env_size; 638 RTL_USER_PROCESS_PARAMETERS *new_params, *params = NtCurrentTeb()->Peb->ProcessParameters; 639 UNICODE_STRING curdir; 640 641 /* environment needs to be a separate memory block */ 642 env_size = params->EnvironmentSize; 643 if ((env = RtlAllocateHeap( GetProcessHeap(), 0, max( env_size, sizeof(WCHAR) )))) 644 { 645 if (env_size) memcpy( env, params->Environment, env_size ); 646 else env[0] = 0; 647 } --- snip ---
https://source.winehq.org/git/wine.git/blob/9561af9a7d8d77e2f98341e278c84222...
$ wine --version wine-6.9
Regards