http://bugs.winehq.org/show_bug.cgi?id=17184
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #2 from Anastasius Focht focht@gmx.net 2010-07-29 17:37:02 --- Hello,
--- snip --- The app calls the function StrongNameSignatureVerificationEx from a dll called mscoreesn.dll. This dll is installed somwhere in the MicroSoft.Net direcectory in c:\windows. I thinkk this dlls just forwards it directly to mscoree.dll. So in spite of mscoree's preference to use the native version, it calls the function from buitin mscoree, as it's directly forwarded. This last is just a guess, maybe someone with more knowledge about wine's load internals has a clue, but if my guess would be correct, this might just be WONTFIX? --- snip ---
The app dlls, for example "efxstd.DLL" (managed code, strong named assembly) call StrongNameSignatureVerificationEx() use P/Invoke to check if they are tampered (patched). This is probably an attempt to stop novice hackers from re-signing the assembly or completely removing the existing strong name signature.
Although obfuscated I deduced it seems to implement some let-the-bad-guy-wait-until-he-dies-of-boredom scheme if StrongNameSignatureVerificationEx() returns false. Later the assemblies' public key token is verified with an internal (encrypted) representation of the public key token.
The native vs. builtin mscoree load order problem most likely results from different P/Invoke resolver implementation between .NET 1.1 CLR and .NET 2.0 CLR.
From the trace logs it seems .NET 1.1 uses LoadLibraryExW() with full app path
(working dir), resulting in loading of builtin mscoree.dll. .NET 2.0+ uses LoadLibraryExW() with short dll name only, resulting in getting the native one (from system32).
This is the relevant part from P/invoke wrapper trace (mscoree already loaded):
The already loaded module is not considered by loader due to full load path mismatch:
--- snip --- 0025:Call KERNEL32.LoadLibraryExW(0032ed90 L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll",00000000,00000008) ret=791b7b63 0025:trace:module:load_dll looking for L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" in L"C:\Program Files\Effexis Software\Achieve Planner;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem" 0025:trace:module:get_load_order looking for L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" 0025:trace:module:get_load_order got hardcoded default for L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" 0025:trace:module:load_builtin_dll Trying built-in L"mscoree.dll" ... 0025:trace:module:load_builtin_callback loaded mscoree.dll 0x18f3d8 0x204f0000 0025:trace:module:load_dll Loaded module L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" (builtin) at 0x204f0000 0025:trace:module:process_attach (L"mscoree.dll",(nil)) - START 0025:Call PE DLL (proc=0x204f6e00,module=0x204f0000 L"mscoree.dll",reason=PROCESS_ATTACH,res=(nil)) 0025:trace:mscoree:DllMain (0x204f0000, 1, (nil)) 0025:Call KERNEL32.DisableThreadLibraryCalls(204f0000) ret=204f5ed0 0025:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=204f5ed0 0025:Ret PE DLL (proc=0x204f6e00,module=0x204f0000 L"mscoree.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 0025:trace:module:process_attach (L"mscoree.dll",(nil)) - END 0025:Ret KERNEL32.LoadLibraryExW() retval=204f0000 ret=791b7b63 --- snip ---
The already loaded module is taken due to short path match:
--- snip --- 0025:Call KERNEL32.LoadLibraryExW(79511a88 L"mscoree.dll",00000000,00000000) ret=79517307 0025:trace:module:load_dll looking for L"mscoree.dll" in L"C:\Program Files\Effexis Software\Achieve Planner;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem" 0025:trace:module:load_dll Found L"C:\windows\system32\mscoree.dll" for L"mscoree.dll" at 0x79170000, count=-1 0025:Ret KERNEL32.LoadLibraryExW() retval=79170000 ret=79517307 --- snip ---
With "native-over-builtin":
--- snip --- 0037:Call KERNEL32.LoadLibraryExW(0032ed90 L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll",00000000,00000008) ret=791b7b63 0037:trace:module:load_dll looking for L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" in L"C:\Program Files\Effexis Software\Achieve Planner;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem" 0037:trace:module:get_load_order looking for L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" 0037:trace:module:get_load_order_value got standard key n,b for L"mscoree" 0037:trace:module:load_builtin_dll Trying built-in L"mscoree.dll" ... 0037:trace:module:load_builtin_callback loaded mscoree.dll 0x193070 0x32870000 0037:trace:module:load_dll Loaded module L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" (builtin) at 0x32870000 0037:trace:module:process_attach (L"mscoree.dll",(nil)) - START 0037:Call PE DLL (proc=0x32883e00,module=0x32870000 L"mscoree.dll",reason=PROCESS_ATTACH,res=(nil)) 0037:trace:mscoree:DllMain (0x32870000, 1, (nil)) 0037:Call KERNEL32.DisableThreadLibraryCalls(32870000) ret=32882ed0 0037:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=32882ed0 0037:Ret PE DLL (proc=0x32883e00,module=0x32870000 L"mscoree.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 0037:trace:module:process_attach (L"mscoree.dll",(nil)) - END 0037:Ret KERNEL32.LoadLibraryExW() retval=32870000 ret=791b7b63 --- snip ---
With "native only":
--- snip --- 0041:Call KERNEL32.LoadLibraryExW(0032ed90 L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll",00000000,00000008) ret=791b7b63 0041:trace:module:load_dll looking for L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" in L"C:\Program Files\Effexis Software\Achieve Planner;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem" 0041:trace:module:get_load_order looking for L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll" 0041:trace:module:get_load_order_value got standard key n for L"mscoree" 0041:warn:module:load_dll Failed to load module L"C:\Program Files\Effexis Software\Achieve Planner\mscoree.dll"; status=c0000135 0041:Ret KERNEL32.LoadLibraryExW() retval=00000000 ret=791b7b63 0041:Call KERNEL32.LoadLibraryExW(0032eae8 L"mscoree.dll",00000000,00000000) ret=791b7b63 0041:trace:module:load_dll looking for L"mscoree.dll" in L"C:\Program Files\Effexis Software\Achieve Planner;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem" 0041:trace:module:load_dll Found L"C:\windows\system32\mscoree.dll" for L"mscoree.dll" at 0x79170000, count=-1 0041:Ret KERNEL32.LoadLibraryExW() retval=79170000 ret=791b7b63 0 --- snip ---
Either enforce "native only" for mscoree on .NET 1.1 or install .NET 2.0 where the CLR will automatically resolve P/Invoke with short name.
If you go the Mono route you need of course to provide a real implementation for strong name verification.
Regards