http://bugs.winehq.org/show_bug.cgi?id=13915
--- Comment #46 from Anastasius Focht focht@gmx.net 2010-08-22 05:04:58 --- Hello,
I extracted the relevant parts from your log:
--- snip --- 0009:trace:loaddll:load_builtin_dll Loaded L"KERNEL32.dll" at 0x7ed60000: builtin ... 0009:Call KERNEL32.CreateFileA(00422430 "C:\oblivion\obse_1_2_416.dll",80000000,00000001,00000000,00000003,00000080,00000000) ret=00403788 0009:Ret KERNEL32.CreateFileA() retval=00000040 ret=00403788 ... 0009:Call KERNEL32.CreateProcessA(00415834 "Oblivion.exe",00000000,00000000,00000000,00000001,00000004,00000000,00000000,0032fdb8,0032fcf4) ret=00402fa2 0009:trace:process:CreateProcessW app L"Oblivion.exe" cmdline (null) 0009:trace:process:open_exe_file looking for L"Oblivion.exe" 0009:trace:process:CreateProcessW starting L"Oblivion.exe" as Win32 binary (0x400000-0xbaf000) 001b:trace:module:load_builtin_callback loaded ntdll.dll 0x110158 0x7ef60000 ... 001b:trace:module:load_dll Found L"ntdll.dll" for L"ntdll.dll" at 0x7ef60000, count=2 001b:trace:module:load_builtin_callback loaded KERNEL32.dll 0x112628 0x7ed90000 001b:trace:loaddll:load_builtin_dll Loaded L"KERNEL32.dll" at 0x7ed90000: builtin 001b:Call KERNEL32.__wine_kernel_init() ret=7ef97f83 ... 001b:trace:loaddll:load_native_dll Loaded L"C:\oblivion\Oblivion.exe" at 0x400000: native 001b:trace:module:load_dll Loaded module L"C:\oblivion\Oblivion.exe" (native) at 0x400000 ... 0009:trace:process:CreateProcessW started process pid 001a tid 001b 0009:Ret KERNEL32.CreateProcessA() retval=00000001 ret=00402fa2 0009:Call KERNEL32.OpenProcess(0000043a,00000000,0000001a) ret=004024d0 0009:Ret KERNEL32.OpenProcess() retval=00000040 ret=004024d0 0009:Call KERNEL32.VirtualAllocEx(00000040,00000000,00002000,00001000,00000040) ret=004024f0 ... 0009:Call KERNEL32.WriteProcessMemory(00000040,00340005,00422430,0000001d,0032fc84) ret=00402556 0009:Ret KERNEL32.WriteProcessMemory() retval=00000001 ret=00402556 0009:Call KERNEL32.WriteProcessMemory(00000040,00340000,0032fc88,00000005,0032fc84) ret=00402578 0009:Ret KERNEL32.WriteProcessMemory() retval=00000001 ret=00402578 0009:Call KERNEL32.CreateRemoteThread(00000040,00000000,00000000,00340000,00340005,00000000,00000000) ret=00402589 0009:Ret KERNEL32.CreateRemoteThread() retval=00000050 ret=00402589 0009:Call KERNEL32.WaitForSingleObject(00000050,00007530) ret=004025a4 001c:trace:module:alloc_thread_tls thread 001c idx 0: 440/0 bytes from 0xbac000 to 0x126538 001c:Starting thread proc 0x340000 (arg=0x340005) 001c:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7ed6cf50 ip=7ed6cf50 tid=001c 001c:trace:seh:raise_exception info[0]=00000000 001c:trace:seh:raise_exception info[1]=7ed6cf50 001c:trace:seh:raise_exception eax=00340000 ebx=7efe3ff4 ecx=8ccebec1 edx=ffffffff esi=7ffd4f10 edi=00340000 001c:trace:seh:raise_exception ebp=00efea78 esp=00efea6c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 001c:trace:seh:call_stack_handlers calling handler at 0x7efce930 code=c0000005 flags=0 001c:Call KERNEL32.UnhandledExceptionFilter(00efe5b8) ret=7efce982 wine: Unhandled page fault on read access to 0x7ed6cf50 at address 0x7ed6cf50 (thread 001c), starting debugger... 001c:trace:seh:start_debugger Starting debugger "winedbg --auto 26 24" --- snip ---
It seems the kernel32 image load base is still different:
kernel32 base loader: 0x7ed60000 kernel32 base target: 0x7ed90000
The injected thread crashes at 0x7ed6cf50 which is below target kernel32 image load base. The high word matches the loader (parent) kernel32 image base so the patched jump trampoline 0x7ed6xxxx matches LoadLibraryA() - in loader address space!
To cancel out address space randomization problem, we compare the load addresses of kernel32.dll in all Wine processes:
0009 = initial process = loader
--- snip --- 0009:trace:module:load_builtin_callback loaded KERNEL32.dll 0x112628 0x7ed60000 ... 000b:trace:module:load_builtin_callback loaded KERNEL32.dll 0x112628 0x7ed90000 000b:trace:module:load_dll Loaded module L"C:\windows\system32\wineboot.exe" (builtin) at 0x7ef30000 ... 000d:trace:module:load_builtin_callback loaded KERNEL32.dll 0x112628 0x7ed90000 000d:trace:module:load_dll Loaded module L"C:\windows\system32\winemenubuilder.exe" (builtin) at 0x7ef30000 ... 000f:trace:module:load_builtin_callback loaded KERNEL32.dll 0x112628 0x7ed90000 000f:trace:module:load_dll Loaded module L"C:\windows\system32\services.exe" (builtin) at 0x7ef30000 ... 0012:trace:module:load_builtin_callback loaded KERNEL32.dll 0x112628 0x7ed90000 0012:trace:module:load_dll Loaded module L"C:\windows\system32\winedevice.exe" (builtin) at 0x7ef40000 ... 0019:trace:module:load_builtin_callback loaded KERNEL32.dll 0x112628 0x7ed90000 0019:trace:module:load_dll Loaded module L"C:\windows\system32\explorer.exe" (builtin) at 0x7ef30000 ... 001b:trace:module:load_builtin_callback loaded KERNEL32.dll 0x112628 0x7ed90000 001b:trace:module:load_dll Loaded module L"C:\oblivion\Oblivion.exe" (native) at 0x400000 --- snip ---
Interestingly only the _first_ process has a different kernel32.dll load base. All others match.
Can you try the following: start a "helper" process (cmd.exe, notepad.exe whatever) in background which keeps wineserver alive and then start the loader from different terminal.
If it still crashes please give another +relay log exactly as previously described. Make sure winedbg can do a backtrace run (in your relay log it starts but never reaches the point because you CTRL+C too early).
Regards