https://bugs.winehq.org/show_bug.cgi?id=47334
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Component|-unknown |wpcap Status|UNCONFIRMED |NEW Keywords| |download CC| |focht@gmx.net URL| |https://web.archive.org/web | |/20190227005701/https://sta | |tic.tp-link.com/2018/201809 | |/20180904/PowerLineUtility_ | |Win_180816.zip Summary|TP-Link PowerLineUtility |TP-Link PLC utility 2.2 |has page fault |crashes on startup with | |native 'packet.dll' (part | |of | |WinPcap)('wine_pcap_findall | |devs' needs to handle empty | |adapter description)
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
Please don't attach binaries you have no right to redistribute. Just provide links. In addition third-party download sites for Windows dlls such as 'http://www.dlldownloader.com' should be taken with grain of salt, even if they have a high user trust rating.
You could have just linked to official WinPcap installation packages (https://www.winpcap.org/install/bin/WinPcap_4_1_3.exe), the dll should be part of it.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/TP-Link/TP-Link PLC Utility
$ WINEDEBUG=+seh,+relay,+wpcap wine ./tpPLC.exe >>log.txt 2>&1 ... 0034:fixme:wpcap:wine_pcap_findalldevs_ex ("rpcap://" (nil) 0x100692d8 0x100692e0): partial stub 0034:trace:wpcap:wine_pcap_findalldevs (0x100692d8 0x100692e0) ... 0034:Ret wpcap.pcap_findalldevs_ex() retval=00000000 ret=1002f4ad ... 0034:Call wpcap.pcap_parsesrcstr(7ad00850 "enp5s0",00000000,00000000,00000000,03d1b12c,100692e0) ret=1002eff9 0034:fixme:wpcap:wine_pcap_parsesrcstr ("enp5s0" (nil) (nil) (nil) 0x3d1b12c 0x100692e0): partial stub 0034:Ret wpcap.pcap_parsesrcstr() retval=00000000 ret=1002eff9 ... 0034:Call KERNEL32.GetModuleHandleW(00360708 L"Iphlpapi") ret=00352d6b 0034:Ret KERNEL32.GetModuleHandleW() retval=7dcb0000 ret=00352d6b 0034:Call KERNEL32.GetProcAddress(7dcb0000,0036071c "GetAdaptersAddresses") ret=00352d7d 0034:Ret KERNEL32.GetProcAddress() retval=7dcc127c ret=00352d7d 0034:Call KERNEL32.LoadLibraryW(00360734 L"airpcap.dll") ret=00352d8d ... 0034:Ret KERNEL32.LoadLibraryW() retval=00000000 ret=00352d8d ... 0034:Call advapi32.RegOpenKeyExW(80000002,003605b0 L"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}",00000000,00020019,03d1a8dc) ret=003524b3 0034:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=003524b3 0034:Call advapi32.RegOpenKeyExW(80000002,00360680 L"SYSTEM\CurrentControlSet\Services\Tcpip\Linkage",00000000,00020019,03d1a8d4) ret=0035265d 0034:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=0035265d 0034:Call iphlpapi.GetAdaptersInfo(00000000,03d1b0f0) ret=00352054 0034:Ret iphlpapi.GetAdaptersInfo() retval=0000006f ret=00352054 ... 0034:Call advapi32.OpenSCManagerW(00000000,00000000,80000000) ret=0035346f ... 0034:Ret advapi32.OpenSCManagerW() retval=0259a5c8 ret=0035346f ... 0034:Call advapi32.RegOpenKeyExA(80000002,03d1abc8 "SYSTEM\CurrentControlSet\Services\NPF",00000000,00020019,03d1a8a0) ret=003534bd 0034:Ret advapi32.RegOpenKeyExA() retval=00000000 ret=003534bd 0034:Call advapi32.RegCloseKey(00000194) ret=00353561 0034:Ret advapi32.RegCloseKey() retval=00000000 ret=00353561 0034:Call advapi32.OpenServiceA(0259a5c8,03d1a9c8 "NPF",00000014) ret=003534ec ... 0034:Ret advapi32.OpenServiceA() retval=025a3d50 ret=003534ec 0034:Call advapi32.QueryServiceStatus(025a3d50,03d1a8a8) ret=00353502 ... 0034:Ret advapi32.StartServiceW() retval=00000000 ret=0035351c 0034:Call KERNEL32.GetLastError() ret=00353526 0034:Ret KERNEL32.GetLastError() retval=0000045a ret=00353526 ... 0034:Call KERNEL32.GetLastError() ret=1003f60f 0034:Ret KERNEL32.GetLastError() retval=00000057 ret=1003f60f 0034:Call KERNEL32.GetLastError() ret=1003d9f3 0034:Ret KERNEL32.GetLastError() retval=00000057 ret=1003d9f3 0034:trace:seh:raise_exception code=c0000005 flags=0 addr=0x1002f198 ip=1002f198 tid=0034 0034:trace:seh:raise_exception info[0]=00000000 0034:trace:seh:raise_exception info[1]=00000000 0034:trace:seh:raise_exception eax=00000000 ebx=0034ed64 ecx=00000001 edx=00000000 esi=0034ebf4 edi=03d1b3f6 0034:trace:seh:raise_exception ebp=03d1b230 esp=03d1b1ec cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0034:trace:seh:call_stack_handlers calling handler at 0x10051671 code=c0000005 flags=0 0034:Call KERNEL32.GetLastError() ret=10036425 0034:Ret KERNEL32.GetLastError() retval=00000057 ret=10036425 0034:trace:seh:call_stack_handlers handler at 0x10051671 returned 1 0034:trace:seh:call_stack_handlers calling handler at 0x5c45f7 code=c0000005 flags=0 0034:Call KERNEL32.GetLastError() ret=0059de73 0034:Ret KERNEL32.GetLastError() retval=00000057 ret=0059de73 0034:trace:seh:call_stack_handlers handler at 0x5c45f7 returned 1 0034:trace:seh:call_stack_handlers calling handler at 0x7bcc3fc0 code=c0000005 flags=0 wine: Unhandled page fault on read access to 0x00000000 at address 0x1002f198 (thread 0034), starting debugger... 0034:trace:seh:start_debugger Starting debugger "winedbg --auto 41 404" ... --- snip ---
Call stack of crash annotated:
--- snip --- Address To From Size Comment 03F0B234 1002F5C2 1002F198 40 plcoperation.1002F198 03F0B274 1002ED30 1002F5C2 10 plcoperation.1002F5C2 03F0B284 100063B2 1002ED30 8 plcoperation.1002ED30 ; openNICs 03F0B28C 00406A00 100063B2 4C64 plcoperation.100063B2 ; initAdapter 03F0FEF0 7BCA13B0 00406A00 10 tpplc.00406A00 03F0FF00 7BCA478E 7BCA13B0 E0 7BCA13B0 03F0FFE0 7BCA13A2 7BCA478E 10 7BCA478E 03F0FFF0 00000000 7BCA13A2 7BCA13A2 --- snip ---
Caller and crash site:
--- snip --- ... 1002F56A | 8B15 D8920610 | mov edx,dword ptr ds:[100692D8] ; alldevs 1002F570 | 8955 EC | mov dword ptr ss:[ebp-14],edx 1002F573 | EB 11 | jmp plcoperation.1002F586 ... 1002F5B2 | 8B4D EC | mov ecx,dword ptr ss:[ebp-14] ; pcap_if_t alldevs 1002F5B5 | 8B51 08 | mov edx,dword ptr ds:[ecx+8] ; arg2 = .description 1002F5B8 | 52 | push edx 1002F5B9 | 8B45 F0 | mov eax,dword ptr ss:[ebp-10] 1002F5BC | 50 | push eax 1002F5BD | E8 BEFBFFFF | call plcoperation.1002F180 ... 1002F180 | 55 | push ebp 1002F181 | 8BEC | mov ebp,esp 1002F183 | 83EC 44 | sub esp,44 1002F186 | 8B45 0C | mov eax,dword ptr ss:[ebp+C] ; arg2 1002F189 | 8945 F4 | mov dword ptr ss:[ebp-C],eax 1002F18C | 8B4D F4 | mov ecx,dword ptr ss:[ebp-C] ; arg2 1002F18F | 83C1 01 | add ecx,1 1002F192 | 894D DC | mov dword ptr ss:[ebp-24],ecx 1002F195 | 8B55 F4 | mov edx,dword ptr ss:[ebp-C] 1002F198 | 8A02 | mov al,byte ptr ds:[edx] ; NULL *boom* 1002F19A | 8845 FF | mov byte ptr ss:[ebp-1],al 1002F19D | 8345 F4 01 | add dword ptr ss:[ebp-C],1 1002F1A1 | 807D FF 00 | cmp byte ptr ss:[ebp-1],0 1002F1A5 | 75 EE | jne plcoperation.1002F195 1002F1A7 | 8B4D F4 | mov ecx,dword ptr ss:[ebp-C] 1002F1AA | 2B4D DC | sub ecx,dword ptr ss:[ebp-24] 1002F1AD | 894D D8 | mov dword ptr ss:[ebp-28],ecx 1002F1B0 | 8B55 D8 | mov edx,dword ptr ss:[ebp-28] 1002F1B3 | 8955 E4 | mov dword ptr ss:[ebp-1C],edx 1002F1B6 | C745 BC F8310610 | mov dword ptr ss:[ebp-44],plcoperation.100631F8 1002F1BD | C745 C0 FC310610 | mov dword ptr ss:[ebp-40],plcoperation.100631FC 1002F1C4 | 837D E4 00 | cmp dword ptr ss:[ebp-1C],0 1002F1C8 | 75 07 | jne plcoperation.1002F1D1
--- snip --- Base Module Path
00330000 packet.dll C:\Program Files (x86)\TP-Link\TP-Link PLC Utility\Packet.dll 00350000 api-ms-win-core-fibers-l1-1-1.dll Z:\home\focht\projects\wine\mainline-install-x86_64\bin..\lib\wine\api-ms-win-core-fibers-l1-1-1.dll 00370000 api-ms-win-core-localization-l1-2-1.dll Z:\home\focht\projects\wine\mainline-install-x86_64\bin..\lib\wine\api-ms-win-core-localization-l1-2-1.dll 00400000 tpplc.exe C:\Program Files (x86)\TP-Link\TP-Link PLC Utility\tpPLC.exe 00840000 hyfiinfotran.dll C:\Program Files (x86)\TP-Link\TP-Link PLC Utility\hyfiinfotran.dll 00CA0000 flash.ocx C:\Program Files (x86)\TP-Link\TP-Link PLC Utility\Flash.ocx 10000000 plcoperation.dll C:\Program Files (x86)\TP-Link\TP-Link PLC Utility\PLCOperation.dll ... --- snip ---
Var refs that lead to identification of 'alldevs':
--- snip --- Address Disassembly
100075E1 mov eax,dword ptr ds:[100692D8] 100076E6 mov ecx,dword ptr ds:[100692D8] 1000796F mov ecx,dword ptr ds:[100692D8] 1002EF2A mov ecx,dword ptr ds:[100692D8] 1002EF66 cmp dword ptr ds:[100692D8],0 1002EF73 mov eax,dword ptr ds:[100692D8] 1002F464 mov dword ptr ds:[100692D8],0 1002F49B push plcoperation.100692D8 ; ---> var init 1002F4C5 mov edx,dword ptr ds:[100692D8] 1002F56A mov edx,dword ptr ds:[100692D8] 1002F798 mov edx,dword ptr ds:[100692D8] 1002FC41 cmp dword ptr ds:[100692D8],0 1002FC4A mov ecx,dword ptr ds:[100692D8] 1002FC5A mov dword ptr ds:[100692D8],0 --- snip ---
--- snip --- 1002F496 | 68 E0920610 | push plcoperation.100692E0 1002F49B | 68 D8920610 | push plcoperation.100692D8 ; pcap_if_t **alldevs 1002F4A0 | 6A 00 | push 0 1002F4A2 | 68 00320610 | push plcoperation.10063200 ; "rpcap://" 1002F4A7 | FF15 DC210510 | call dword ptr ds:[100521DC] ; pcap_findalldevs_ex --- snip ---
The pcap_if_t->description field of the adapter is empty (NULL), causing the crash. Not sure if it's worth to work around the crash as native 'packet.dll' is unlikely to work in near future - if at all.
There is already some (invisible) failure prior: the app dll calls 'packet.PacketOpenAdapter' which obviously fails since the kernel side is missing (NPF/NDIS driver) in case of native 'packet.dll'
Small test app for Linux libpcap:
--- snip --- /* gcc -o pcap_test pcap_test.c -lpcap */ #include <pcap.h> #include <stdlib.h>
int main() { pcap_if_t *alldevs; pcap_if_t *d; int i=0; char errbuf[PCAP_ERRBUF_SIZE];
printf("%s\n", pcap_lib_version());
if (pcap_findalldevs(&alldevs, errbuf) == -1) { fprintf(stderr,"pcap_findalldevs() failed: %s\n", errbuf); exit(1); }
for(d= alldevs; d != NULL; d= d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); }
pcap_freealldevs(alldevs);
return 0; } --- snip ---
--- snip --- $ ./pcap_test libpcap version 1.9.0-PRE-GIT (with TPACKET_V3) 1. enp5s0 (No description available) 2. lo (No description available) 3. any (Pseudo-device that captures on all interfaces) 4. wlp4s0 (No description available) 5. bluetooth-monitor (Bluetooth Linux Monitor) 6. nflog (Linux netfilter log (NFLOG) interface) 7. nfqueue (Linux netfilter queue (NFQUEUE) interface) 8. bluetooth0 (Bluetooth adapter number 0) 9. usbmon0 (All USB buses) 10. usbmon1 (USB bus number 1) 11. usbmon2 (USB bus number 2) 12. usbmon3 (USB bus number 3) 13. usbmon4 (USB bus number 4) --- snip ---
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/wpcap/wpcap.c#l141
--- snip --- 141 int CDECL wine_pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 142 { 143 int ret; 144 145 TRACE("(%p %p)\n", alldevsp, errbuf); 146 ret = pcap_findalldevs(alldevsp, errbuf); 147 if(alldevsp && !*alldevsp) 148 ERR_(winediag)("Failed to access raw network (pcap), this requires special permissions.\n"); 149 150 return ret; 151 } 152 153 int CDECL wine_pcap_findalldevs_ex(char *source, void *auth, pcap_if_t **alldevs, char *errbuf) 154 { 155 FIXME("(%s %p %p %p): partial stub\n", debugstr_a(source), auth, alldevs, errbuf); 156 return wine_pcap_findalldevs(alldevs, errbuf); 157 } --- snip ---
Native WinPcap modifies adapter name and description after return of 'pcap_findalldevs', which includes handling the case of empty description:
https://github.com/wireshark/winpcap/blob/267327e28031d2d3d74c28cf18a08dfbc5...
$ sha1sum PowerLineUtility_Win_180816.zip a641c9611bf053d5bb1e730baead5e9e74b3a81c PowerLineUtility_Win_180816.zip
$ du -sh PowerLineUtility_Win_180816.zip 19M PowerLineUtility_Win_180816.zip
$ wine --version wine-4.9-378-g48a74277f5
Regards