[Bug 45374] Yet Another Process Monitor (.NET 2.0 app) reports System.AccessViolationException ('ntdll.NtQueryObject' needs to support 'ObjectTypesInformation' info class)

https://bugs.winehq.org/show_bug.cgi?id=45374

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |ntdll Ever confirmed|0 |1 Keywords| |dotnet, download Summary|Yet Another Process Monitor |Yet Another Process Monitor |fails to start |(.NET 2.0 app) reports | |System.AccessViolationExcep | |tion ('ntdll.NtQueryObject' | |needs to support | |'ObjectTypesInformation' | |info class) Status|UNCONFIRMED |STAGED CC| |focht@gmx.net Staged patchset| |https://github.com/wine-sta | |ging/wine-staging/blob/mast | |er/patches/server-Object_Ty | |pes/0002-ntdll-Implement-Ob | |jectTypesInformation-in-NtQ | |ueryObj.patch

--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming.

Wine-Mono part:

--- snip --- Public Shared ReadOnly Property IsAdmin() As Boolean Get Return My.User.IsAuthenticated AndAlso My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator) End Get End Property --- snip ---

User.IsAuthenticated Property -> https://msdn.microsoft.com/en-us/library/microsoft.visualbasic.applicationse...

User.IsInRole Method (String) -> https://msdn.microsoft.com/en-us/library/ms127603(v=vs.110).aspx

I guess we skip the Wine-Mono part ^^ and go straight to the metal with MS .NET Framework 2.0

The problem is unfortunately not very easy to spot as it's mostly sitting in unmanaged->managed wrappers. There is little info that helps deducing from exception frames (there are a lot) to point to some prior failing API call(s).

Fortunately a have quite a collection of tools for every purpose ;-) A low level CLR tracer which uses .NET CLR Profiling APIs to hook into JIT process gave me a hint:

--- snip --- ... 1 - Tracing started [6/24/2018 6:14:10 PM] 2 - Thread created, ID: 1440296 3 - Thread (ID: 1440296) assigned to OS thread (ID: 81) 4 - Thread created, ID: 1485304 5 - Thread (ID: 1485304) assigned to OS thread (ID: 108) 6 - Assembly load started, ID: 1501048 7 - Module load started, name: C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll 8 - Module load finished, name: C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll, status 0 9 - Module C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll attached to assembly mscorlib 10 - Assembly load finished, name: mscorlib, status: 0 11 - AppDomain creation started, name: mscorlib.dll 12 - AppDomain creation finished, name: mscorlib.dll, status: 0 13 - AppDomain creation started, name: DefaultDomain 14 - AppDomain creation finished, name: DefaultDomain, status: 0 15 - AppDomain creation started, name: EE Shared Assembly Repository 16 - AppDomain creation finished, name: EE Shared Assembly Repository, status: 0 17 - Assembly load started, ID: 1558296 18 - Module load started, name: Z:\home\focht\Downloads\yapm\YAPM.exe 19 - Module load finished, name: Z:\home\focht\Downloads\yapm\YAPM.exe, status 0 20 - Module Z:\home\focht\Downloads\yapm\YAPM.exe attached to assembly YAPM 21 - Assembly load finished, name: YAPM, status: 0 22 - Assembly load started, ID: 1596152 ... 5538 - Class load started, name: Entry 5539 - Class load finished, name: Entry, status 0 5540 - Class load started, name: ObjectTypesInformation 5541 - JIT compilation started, name: [YAPM.exe] ProcessMemReader.ReadUnicodeString, Token : 060018D6 , CFF index : 6358 5542 - Class load finished, name: ObjectTypesInformation, status 0 5543 - JIT compilation finished, name: [YAPM.exe] ProcessMemReader.ReadUnicodeString, Token : 060018D6 , CFF index : 6358, status: 0 5544 - Class load started, name: ObjectTypeInformation 5545 - JIT compilation started, name: [YAPM.exe] ProcessMemReader.ReadByteArray, Token : 060018D4 , CFF index : 6356 5546 - Class load finished, name: ObjectTypeInformation, status 0 5547 - JIT compilation finished, name: [YAPM.exe] ProcessMemReader.ReadByteArray, Token : 060018D4 , CFF index : 6356, status: 0 5548 - Class load started, name: GenericMapping 5549 - JIT compilation started, name: [YAPM.exe] ProcessMemReader.Dispose, Token : 060018CE , CFF index : 6350 5550 - Class load finished, name: GenericMapping, status 0 5551 - JIT compilation finished, name: [YAPM.exe] ProcessMemReader.Dispose, Token : 060018CE , CFF index : 6350, status: 0 5552 - JIT compilation finished, name: [YAPM.exe] Native.Objects.Job.GetObjectTypeNumberByName, Token : 0600192C , CFF index : 6444, status: 0 5553 - JIT compilation started, name: [YAPM.exe] SerializableFileVersionInfo..ctor, Token : 0600014F , CFF index : 335 5554 - JIT compilation started, name: [YAPM.exe] Native.Memory.MemoryAlloc.ReadStruct, Token : 060018BE , CFF index : 6334 5555 - JIT compilation finished, name: [YAPM.exe] SerializableFileVersionInfo..ctor, Token : 0600014F , CFF index : 335, status: 0 5556 - JIT compilation finished, name: [YAPM.exe] Native.Memory.MemoryAlloc.ReadStruct, Token : 060018BE , CFF index : 6334, status: 0 5557 - JIT compilation started, name: [mscorlib.dll] System.Collections.Generic.Dictionary`2.Insert, Token : 060018B8 , CFF index : 6328 5558 - JIT compilation started, name: [YAPM.exe] Native.Memory.MemoryAlloc.ReadStruct, Token : 060018BF , CFF index : 6335 5559 - JIT compilation finished, name: [mscorlib.dll] System.Collections.Generic.Dictionary`2.Insert, Token : 060018B8 , CFF index : 6328, status: 0 5560 - JIT compilation finished, name: [YAPM.exe] Native.Memory.MemoryAlloc.ReadStruct, Token : 060018BF , CFF index : 6335, status: 0 5561 - JIT compilation started, name: [mscorlib.dll] System.Collections.Generic.Dictionary`2.Initialize, Token : 060018B7 , CFF index : 6327 5562 - JIT compilation started, name: [YAPM.exe] Native.Memory.MemoryAlloc.ReadStruct, Token : 060018C0 , CFF index : 6336 5563 - JIT compilation finished, name: [mscorlib.dll] System.Collections.Generic.Dictionary`2.Initialize, Token : 060018B7 , CFF index : 6327, status: 0 5564 - JIT compilation finished, name: [YAPM.exe] Native.Memory.MemoryAlloc.ReadStruct, Token : 060018C0 , CFF index : 6336, status: 0 5565 - Class load started, name: Entry 5566 - JIT compilation started, name: [YAPM.exe] ObjectTypesInformation.get_ObjectTypeInformationOffset, Token : 06002929 , CFF index : 10537 5567 - Class load finished, name: Entry, status 0 5568 - JIT compilation finished, name: [YAPM.exe] ObjectTypesInformation.get_ObjectTypeInformationOffset, Token : 06002929 , CFF index : 10537, status: 0 5569 - JIT compilation started, name: [mscorlib.dll] System.Collections.Generic.Dictionary`2.Resize, Token : 060018BA , CFF index : 6330 5570 - JIT compilation started, name: [YAPM.exe] Native.Memory.MemoryAlloc.ReadStruct, Token : 060018C0 , CFF index : 6336 5571 - JIT compilation finished, name: [mscorlib.dll] System.Collections.Generic.Dictionary`2.Resize, Token : 060018BA , CFF index : 6330, status: 0 5572 - JIT compilation finished, name: [YAPM.exe] Native.Memory.MemoryAlloc.ReadStruct, Token : 060018C0 , CFF index : 6336, status: 0 5573 - JIT compilation started, name: [mscorlib.dll] System.Collections.Generic.Dictionary`2.GetEnumerator, Token : 060018B3 , CFF index : 6323 5574 - Exception thrown, name System.ArgumentNullException 5575 - JIT compilation finished, name: [mscorlib.dll] System.Collections.Generic.Dictionary`2.GetEnumerator, Token : 060018B3 , CFF index : 6323, status: 0 5576 - Exception handler search: entering method Common.Misc.ReadUnicodeString 5577 - JIT compilation started, name: [mscorlib.dll] Enumerator..ctor, Token : 060018D0 , CFF index : 6352 5578 - Exception handler search: found catcher in method Common.Misc.ReadUnicodeString 5579 - JIT compilation finished, name: [mscorlib.dll] Enumerator..ctor, Token : 060018D0 , CFF index : 6352, status: 0 5580 - Exception handler search: exiting method ... 5588 - Exception thrown, name System.ArgumentNullException 5589 - JIT compilation started, name: [YAPM.exe] cProcess..ctor, Token : 06001CF3 , CFF index : 7411 5590 - Exception handler search: entering method Common.Misc.ReadUnicodeString 5591 - Class load started, name: ProcMemInfo 5592 - Exception handler search: found catcher in method Common.Misc.ReadUnicodeString 5593 - Class load finished, name: ProcMemInfo, status 0 5594 - Exception handler search: exiting method 5595 - Class load started, name: System.Collections.Generic.IEnumerable`1 5596 - Exception unwinding: entering method Common.Misc.ReadUnicodeString 5597 - Class load finished, name: System.Collections.Generic.IEnumerable`1, status 0 5598 - Exception handler for System.ArgumentNullException entered in method Common.Misc.ReadUnicodeString 5599 - Class load started, name: System.Collections.Generic.ICollection`1 5600 - Exception handler exited 5601 - Class load finished, name: System.Collections.Generic.ICollection`1, status 0 5602 - Exception thrown, name System.AccessViolationException ... --- snip ---

Relevant part of trace log:

--- snip --- $ WINEDEBUG=+seh,+relay,+wbemprox wine ./YAPM.exe >>log.txt 2>&1 ... 006a:Call msvcr80.strcpy_s(0ab1d7c8,00000017,0058dff4 "ObjectTypesInformation") ret=79e89e5c 006a:Ret msvcr80.strcpy_s() retval=00000000 ret=79e89e5c ... 006a:Call KERNEL32.GetProcAddress(7bc10000,00576bde "NtQueryObject") ret=79e84c2d 006a:Ret KERNEL32.GetProcAddress() retval=7bc2341c ret=79e84c2d ... 006a:Call KERNEL32.FlushInstructionCache(ffffffff,06bd8128,0000000c) ret=79e8a16b 006a:Ret KERNEL32.FlushInstructionCache() retval=00000001 ret=79e8a16b 006a:Call ntdll.NtQueryObject(00000000,00000003,03ae45b8,00000100,0ab1f1c0) ret=03a45f6a 006a:fixme:ntdll:NtQueryObject Unsupported information class 3 006a:Ret ntdll.NtQueryObject() retval=c0000002 ret=03a45f6a 006a:Call KERNEL32.LocalReAlloc(03ae45b8,00000000,00000002) ret=7946101a 006a:Ret KERNEL32.LocalReAlloc() retval=03ae45b8 ret=7946101a 006a:Call ntdll.NtQueryObject(00000000,00000003,03ae45b8,00000000,0ab1f1c0) ret=03a45f6a 006a:fixme:ntdll:NtQueryObject Unsupported information class 3 006a:Ret ntdll.NtQueryObject() retval=c0000002 ret=03a45f6a 006a:Call KERNEL32.GetLastError() ret=79e7badc 006a:Ret KERNEL32.GetLastError() retval=00000000 ret=79e7badc ... 006a:Call msvcr80.wcscpy_s(097565e8,00000015,79fa0954 L"ArgumentNull_Generic") ret=79e87551 006a:Ret msvcr80.wcscpy_s() retval=00000000 ret=79e87551 006a:Call msvcr80._CxxThrowException(0ab1efec,7a35d7c4) ret=7a05db73 006a:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,0ab1ef64) ret=7e334d55 006a:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b43c3cb ip=7b43c3cb tid=006a 006a:trace:seh:raise_exception info[0]=19930520 006a:trace:seh:raise_exception info[1]=0ab1efec 006a:trace:seh:raise_exception info[2]=7a35d7c4 006a:trace:seh:raise_exception eax=7b42964d ebx=00000008 ecx=0ab1eea4 edx=0ab1ef64 esi=0ab1efec edi=0ab1ef20 006a:trace:seh:raise_exception ebp=0ab1eef8 esp=0ab1ee84 cs=f7ba0023 ds=002b es=ab2002b fs=ab20063 gs=ab1006b flags=00000216 006a:trace:seh:call_stack_handlers calling handler at 0x7a3229cc code=e06d7363 flags=1 006a:trace:seh:call_stack_handlers handler at 0x7a3229cc returned 1 006a:trace:seh:call_stack_handlers calling handler at 0x7a311dec code=e06d7363 flags=1 006a:trace:seh:cxx_frame_handler handling C++ exception rec 0xab1ee90 frame 0xab1f0a0 trylevel 1 descr 0x7a311e0c nested_frame (nil) 006a:trace:seh:dump_exception_type flags 0 destr (nil) handler (nil) type info 0x7a35d7d4 006a:trace:seh:dump_exception_type 0: flags 1 type 0x7a3908f8 {vtable=0x79f9a3b0 name=.PAVEEArgumentException@@ ()} offsets 0,-1,0 size 4 copy ctor (nil) 006a:trace:seh:dump_exception_type 1: flags 1 type 0x7a38fdb8 {vtable=0x79f9a3b0 name=.PAVEEException@@ ()} offsets 0,-1,0 size 4 copy ctor (nil) 006a:trace:seh:dump_exception_type 2: flags 1 type 0x7a38fdd4 {vtable=0x79f9a3b0 name=.PAVCLRException@@ ()} offsets 0,-1,0 size 4 copy ctor (nil) 006a:trace:seh:dump_exception_type 3: flags 1 type 0x7a38f788 {vtable=0x79f9a3b0 name=.PAVException@@ ()} offsets 0,-1,0 size 4 copy ctor (nil) 006a:trace:seh:dump_exception_type 4: flags 1 type 0x7a38f7ac {vtable=0x79f9a3b0 name=.PAX ()} offsets 0,-1,0 size 4 copy ctor (nil) 006a:trace:seh:dump_function_descr magic 19930522 006a:trace:seh:dump_function_descr unwind table: 0x7a311dd4 3 006a:trace:seh:dump_function_descr 0: prev -1 func (nil) 006a:trace:seh:dump_function_descr 1: prev 0 func 0x7a311dcc 006a:trace:seh:dump_function_descr 2: prev -1 func (nil) 006a:trace:seh:dump_function_descr try table: 0x7a35f708 1 006a:trace:seh:dump_function_descr 0: start 0 end 1 catchlevel 2 catch 0x7a35f71c 1 006a:trace:seh:dump_function_descr 0: flags 0 offset -40 handler 0x7a073d03 type 0x7a38f788 {vtable=0x79f9a3b0 name=.PAVException@@ ()} 006a:trace:seh:dump_function_descr expect list: (nil) 006a:trace:seh:dump_function_descr flags: 00000000 ... 006a:Call KERNEL32.RaiseException(e0434f4d,00000001,00000001,0ab1ef80) ret=79f97065 006a:trace:seh:raise_exception code=e0434f4d flags=1 addr=0x7b43c3cb ip=7b43c3cb tid=006a 006a:trace:seh:raise_exception info[0]=80004003 006a:trace:seh:raise_exception eax=7b42964d ebx=80004003 ecx=0ab1eea4 edx=0ab1ef80 esi=7b63b000 edi=0ab1ef20 006a:trace:seh:raise_exception ebp=0ab1eef8 esp=0ab1ee84 cs=f7ba0023 ds=ab1002b es=f7ba002b fs=f7ba0063 gs=f7ba006b flags=00000216 006a:trace:seh:call_stack_handlers calling handler at 0x79f9a3c8 code=e0434f4d flags=1 006a:Call msvcr80._except_handler4_common(7a381240,79e717fb,0ab1ee90,0ab1ef98,0ab1ebac,0ab1eb6c) ret=79f9a3e7 006a:trace:seh:_except_handler4_common exception e0434f4d flags=1 at 0x7b43c3cb ... <long time after> 006a:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf7bb37b3 ip=f7bb37b3 tid=006a 006a:trace:seh:raise_exception info[0]=00000000 006a:trace:seh:raise_exception info[1]=03cd0000 006a:trace:seh:raise_exception eax=fd0fa70c ebx=7e3bd000 ecx=00000013 edx=0ab1f004 esi=03cd0000 edi=00dca70c 006a:trace:seh:raise_exception ebp=0ab1efa8 esp=0ab1ef88 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 006a:trace:seh:call_stack_handlers calling handler at 0x7a3127fc code=c0000005 flags=0 006a:trace:seh:cxx_frame_handler handling C exception code c0000005 rec 0xab1ef30 frame 0xab1f0a4 trylevel -1 descr 0x7a31281c nested_frame (nil) 006a:trace:seh:call_stack_handlers handler at 0x7a3127fc returned 1 006a:trace:seh:call_stack_handlers calling handler at 0x79f948ec code=c0000005 flags=0 ... 006a:Call msvcr80.strcpy_s(0980f658,00000019,798d410f "AccessViolationException") ret=79e89e5c 006a:Ret msvcr80.strcpy_s() retval=00000000 ret=79e89e5c ... --- snip ---

'NtQueryObject' info class 3 -> 'ObjectAllTypesInformation' == 'ObjectTypesInformation'

MSDN: https://msdn.microsoft.com/en-us/library/bb432383(v=vs.85).aspx

Some app example code:

https://github.com/mrexodia/TitanHide/blob/master/TitanHideTest/main.cpp#L14...

Wine-Staging has a patch that implements it:

https://github.com/wine-staging/wine-staging/tree/master/patches/server-Obje...

https://github.com/wine-staging/wine-staging/blob/master/patches/server-Obje...

Only that one is needed to prevent the crash, even if follow-up patches add more information needed to make queries actually useful.

NOTE: The app shows quite a number of issues, the first one being main gui window sized very small. Please don't mix them in here.

$ sha1sum YAPM-v2.4.2-binaries.zip e3d23794cbc9ceb4b95fc3f93ccb7c4d5d9c31cf YAPM-v2.4.2-binaries.zip

$ du -sh YAPM-v2.4.2-binaries.zip 952K YAPM-v2.4.2-binaries.zip

$ wine --version wine-3.11-1-g88b51b2601

Regards