[Bug 46914] New: CompressonatorGUI 3.1 installer crashes in Win10 mode ( Advanced Installer Module bug, incorrect usage of kernel32.Wow64RevertWow64FsRedirection)

https://bugs.winehq.org/show_bug.cgi?id=46914

Bug ID: 46914 Summary: CompressonatorGUI 3.1 installer crashes in Win10 mode (Advanced Installer Module bug, incorrect usage of kernel32.Wow64RevertWow64FsRedirection) Product: Wine Version: 4.4 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: kernel32 Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---

Hello folks,

split out of bug 46883 (after adding the missing registry keys for Windows 10 version check).

https://bugs.winehq.org/show_bug.cgi?id=46883#c2

--- quote --- Err: correction, it crashes in staging-4.4 too. If the keys are present the installer starts fine old wine-version 3.0 though. So probably a regression, but i`ll do some testing further first. --- quote ---

https://bugs.winehq.org/show_bug.cgi?id=46883#c3

--- quote --- Did regression test

9839bb7691a1b1c57a4ca501d03825420c1609d7 is the first bad commit commit 9839bb7691a1b1c57a4ca501d03825420c1609d7 Author: Alexandre Julliard julliard@winehq.org Date: Sat Feb 9 21:21:47 2019 +0100

ntdll: Skip dlls of the wrong machine type when searching through the load path.

Signed-off-by: Alexandre Julliard julliard@winehq.org

:040000 040000 f87bb0ed081f8b42e86a8084a8a31ed8271bb52a ae3234ae55fb52708ff68472510d2a0acbf5e8da M dlls

So note, crash only happens in win10, after adding the two registrykeys --- quote ---

Technically it's not a regression. Wine works more correctly now, revealing a bug in WoW64 filesystem redirection handling.

The installer does a very stupid thing:

--- snip --- $ WINEDEBUG=+seh,+relay,+msi,+module,+loaddll,+server,+process,+imports wine ./CompressonatorGUI_x64_3.1.4064.exe >>log.txt 2>&1 ... 0009:Call KERNEL32.LoadLibraryW(0050b310 L"kernel32.dll") ret=0048969a ... 0009:Ret KERNEL32.LoadLibraryW() retval=7b420000 ret=0048969a 0009:Call KERNEL32.GetProcAddress(7b420000,00510034 "Wow64DisableWow64FsRedirection") ret=004896c9 0009:Ret KERNEL32.GetProcAddress() retval=7b4391ac ret=004896c9 0009:Call KERNEL32.GetProcAddress(7b420000,00510054 "Wow64RevertWow64FsRedirection") ret=004896db 0009:Ret KERNEL32.GetProcAddress() retval=7b4391fc ret=004896db 0009:Call KERNEL32.GetProcAddress(7b420000,0050b32c "IsWow64Process") ret=004896ed 0009:Ret KERNEL32.GetProcAddress() retval=7b435ad4 ret=004896ed 0009:Call KERNEL32.IsWow64Process(ffffffff,0033ed10) ret=00489704 0009:trace:process:NtQueryInformationProcess (0xffffffff,0x0000001a,0x33eca4,0x00000004,(nil)) 0009:Ret KERNEL32.IsWow64Process() retval=00000001 ret=00489704 0009:Call KERNEL32.Wow64DisableWow64FsRedirection(0033ed2c) ret=0048974e 0009:Ret KERNEL32.Wow64DisableWow64FsRedirection() retval=00000001 ret=0048974e 0009:Call KERNEL32.CopyFileW(0017a260 L"C:\windows\system32\msi.dll",005886c8 L"C:\users\focht\Temp\shi8c54.tmp",00000000) ret=0047baa1 ... 0009:Ret KERNEL32.CopyFileW() retval=00000001 ret=0047baa1 0009:Call KERNEL32.Wow64RevertWow64FsRedirection(0033ed2c) ret=00489738 0009:Ret KERNEL32.Wow64RevertWow64FsRedirection() retval=00000001 ret=00489738 0009:Call version.GetFileVersionInfoSizeW(005886c8 L"C:\users\focht\Temp\shi8c54.tmp",0033f174) ret=0047bcc2 ... --- snip ---

The installer passes the address of 'OldValue' parameter to Wow64RevertWow64FsRedirection(), not the value.

MSDN: https://msdn.microsoft.com/en-us/library/windows/desktop/aa365745(v=vs.85).a...

--- quote --- Wow64RevertWow64FsRedirection function

Restores file system redirection for the calling thread.

This function should not be called without a previous call to the Wow64DisableWow64FsRedirection function.

Any data allocation on behalf of the Wow64DisableWow64FsRedirection function is cleaned up by this function. Syntax C++

BOOL WINAPI Wow64RevertWow64FsRedirection( _In_ PVOID OldValue );

Parameters

OldValue [in]

The WOW64 file system redirection value. This value is obtained from the Wow64DisableWow64FsRedirection function. ... --- quote ---

This causes the WOW64 file system redirection not reverted to old state - all filesystem accesses go to 64-bits part.

Wine source:

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/kernel32/path.c#l1972

--- snip --- 1972 /*********************************************************************** 1973 * Wow64RevertWow64FsRedirection (KERNEL32.@) 1974 */ 1975 BOOL WINAPI Wow64RevertWow64FsRedirection( PVOID old_value ) 1976 { 1977 NTSTATUS status = RtlWow64EnableFsRedirection( !old_value ); 1978 if (status) SetLastError( RtlNtStatusToDosError(status) ); 1979 return !status; 1980 } --- snip ---

Subsequent dynamic loading of dlls fails for the 32-bit process because loader only finds the 64-bit dll counterparts.

First failure (non-fatal):

--- snip --- ... 0009:Call KERNEL32.LoadLibraryExW(0033f22e L"C:\windows\system32\explorerframe.dll",00000000,00000008) ret=7da78778 0009:trace:module:load_dll looking for L"C:\windows\system32\explorerframe.dll" in L"C:\windows\system32;C:\windows\system32;C:\windows\system;C:\windows;.;C:\windows\system32;C:\windows;C:\windows\system32\wbem" 0009: create_file( access=80100000, sharing=00000005, create=1, options=00000060, attrs=00000000, objattr={rootdir=0000,attributes=00000040,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/windows/system32/explorerframe.dll" ) 0009: create_file() = 0 { handle=0088 } 0009: get_handle_fd( handle=0088 ) 0009: *fd* 0088 -> 118 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089, options=00000060 } 0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001, size=00000000, file_handle=0088, objattr={} ) 0009: create_mapping() = 0 { handle=0090 } 0009: close_handle( handle=0088 ) 0009: close_handle() = 0 0009: get_mapping_info( handle=0090, access=0000000c ) 0009: get_mapping_info() = 0 { size=00004000, flags=01800000, shared_file=0000, image={base=10000000,entry_point=10001000,map_size=00004000,stack_size=00100000,stack_commit=00001000,zerobits=00000000,subsystem=00000000,subsystem_low=0000,subsystem_high=0004,gp=00000000,image_charact=2022,dll_charact=0100,machine=8664,contains_code=1,image_flags=80,loader_flags=00000000,header_size=00000200,file_size=00000c38,checksum=00000000,cpu=x86_64} } 0009: get_handle_fd( handle=0090 ) 0009: *fd* 0090 -> 119 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d, options=00000020 } 0009:trace:module:map_image mapped PE file at 0x10000000-0x10004000 0009:trace:module:map_image mapping section .text at 0x10001000 off 200 size 5 virt 1000 flags 60000020 0009:trace:module:map_image clearing 0x10001200 - 0x10002000 0009:trace:module:map_image mapping section .reloc at 0x10002000 off 400 size 8 virt 1000 flags 42000040 0009:trace:module:map_image clearing 0x10002200 - 0x10003000 0009:trace:module:map_image mapping section .rsrc at 0x10003000 off 600 size 638 virt 1000 flags 40000040 0009:trace:module:map_image clearing 0x10003800 - 0x10004000 0009: map_view( mapping=0090, access=0000000c, base=10000000, size=00004000, start=00000000 ) 0009: map_view() = 0 0009: close_handle( handle=0090 ) 0009: close_handle() = 0 0009:trace:module:open_dll_file L"\??\C:\windows\system32\explorerframe.dll" is for arch 8664, continuing search 0009: unmap_view( base=10000000 ) 0009: unmap_view() = 0 0009:warn:module:load_dll Failed to load module L"C:\windows\system32\explorerframe.dll"; status=c000007b 0009:Ret KERNEL32.LoadLibraryExW() retval=00000000 ret=7da78778 0009:err:ole:COMPOBJ_DllList_Add couldn't load in-process dll L"C:\windows\system32\explorerframe.dll" --- snip ---

Second failure (fatal):

--- snip --- 0009:Call KERNEL32.LoadLibraryA(005010f0 "dwmapi.dll") ret=004c0c0c 0009:trace:module:load_dll looking for L"dwmapi.dll" in L"Z:\home\focht\Downloads;C:\windows\system32;C:\windows\system;C:\windows;.;C:\windows\system32;C:\windows;C:\windows\system32\wbem" 0009: create_file( access=80100000, sharing=00000005, create=1, options=00000060, attrs=00000000, objattr={rootdir=0000,attributes=00000040,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/windows/system32/dwmapi.dll" ) 0009: create_file() = 0 { handle=00fc } 0009: get_handle_fd( handle=00fc ) 0009: *fd* 00fc -> 123 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089, options=00000060 } 0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001, size=00000000, file_handle=00fc, objattr={} ) 0009: create_mapping() = 0 { handle=010c } 0009: close_handle( handle=00fc ) 0009: close_handle() = 0 0009: get_mapping_info( handle=010c, access=0000000c ) 0009: get_mapping_info() = 0 { size=00004000, flags=01800000, shared_file=0000, image={base=10000000,entry_point=10001000,map_size=00004000,stack_size=00100000,stack_commit=00001000,zerobits=00000000,subsystem=00000000,subsystem_low=0000,subsystem_high=0004,gp=00000000,image_charact=2022,dll_charact=0100,machine=8664,contains_code=1,image_flags=80,loader_flags=00000000,header_size=00000200,file_size=000009d0,checksum=00000000,cpu=x86_64} } 0009: get_handle_fd( handle=010c ) 0009: *fd* 010c -> 129 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d, options=00000020 } 0009:trace:module:map_image mapped PE file at 0x10000000-0x10004000 0009:trace:module:map_image mapping section .text at 0x10001000 off 200 size 5 virt 1000 flags 60000020 0009:trace:module:map_image clearing 0x10001200 - 0x10002000 0009:trace:module:map_image mapping section .reloc at 0x10002000 off 400 size 8 virt 1000 flags 42000040 0009:trace:module:map_image clearing 0x10002200 - 0x10003000 0009:trace:module:map_image mapping section .rsrc at 0x10003000 off 600 size 3d0 virt 1000 flags 40000040 0009:trace:module:map_image clearing 0x10003400 - 0x10004000 0009: map_view( mapping=010c, access=0000000c, base=10000000, size=00004000, start=00000000 ) 0009: map_view() = 0 0009: close_handle( handle=010c ) 0009: close_handle() = 0 0009:trace:module:open_dll_file L"\??\C:\windows\system32\dwmapi.dll" is for arch 8664, continuing search 0009: unmap_view( base=10000000 ) 0009: unmap_view() = 0 0009: create_file( access=80100000, sharing=00000005, create=1, options=00000060, attrs=00000000, objattr={rootdir=0000,attributes=00000040,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/windows/system32/dwmapi.dll" ) 0009: create_file() = 0 { handle=00fc } 0009: get_handle_fd( handle=00fc ) 0009: *fd* 00fc -> 123 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089, options=00000060 } 0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001, size=00000000, file_handle=00fc, objattr={} ) 0009: create_mapping() = 0 { handle=010c } 0009: close_handle( handle=00fc ) 0009: close_handle() = 0 0009: get_mapping_info( handle=010c, access=0000000c ) 0009: get_mapping_info() = 0 { size=00004000, flags=01800000, shared_file=0000, image={base=10000000,entry_point=10001000,map_size=00004000,stack_size=00100000,stack_commit=00001000,zerobits=00000000,subsystem=00000000,subsystem_low=0000,subsystem_high=0004,gp=00000000,image_charact=2022,dll_charact=0100,machine=8664,contains_code=1,image_flags=80,loader_flags=00000000,header_size=00000200,file_size=000009d0,checksum=00000000,cpu=x86_64} } 0009: get_handle_fd( handle=010c ) 0009: *fd* 010c -> 129 0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d, options=00000020 } 0009:trace:module:map_image mapped PE file at 0x10000000-0x10004000 0009:trace:module:map_image mapping section .text at 0x10001000 off 200 size 5 virt 1000 flags 60000020 0009:trace:module:map_image clearing 0x10001200 - 0x10002000 0009:trace:module:map_image mapping section .reloc at 0x10002000 off 400 size 8 virt 1000 flags 42000040 0009:trace:module:map_image clearing 0x10002200 - 0x10003000 0009:trace:module:map_image mapping section .rsrc at 0x10003000 off 600 size 3d0 virt 1000 flags 40000040 0009:trace:module:map_image clearing 0x10003400 - 0x10004000 0009: map_view( mapping=010c, access=0000000c, base=10000000, size=00004000, start=00000000 ) 0009: map_view() = 0 0009: close_handle( handle=010c ) 0009: close_handle() = 0 0009:trace:module:open_dll_file L"\??\C:\windows\system32\dwmapi.dll" is for arch 8664, continuing search 0009: unmap_view( base=10000000 ) 0009: unmap_view() = 0 0009:warn:module:load_dll Failed to load module L"dwmapi.dll"; status=c000007b 0009:Ret KERNEL32.LoadLibraryA() retval=00000000 ret=004c0c0c 0009:Call KERNEL32.GetLastError() ret=004c0c18 0009:Ret KERNEL32.GetLastError() retval=000000c1 ret=004c0c18 0009:Call KERNEL32.RaiseException(c06d007e,00000000,00000001,0033e764) ret=004c0c4b 0009:trace:seh:raise_exception code=c06d007e flags=0 addr=0x7b44c162 ip=7b44c162 tid=0009 0009:trace:seh:raise_exception info[0]=0033e714 0009:trace:seh:raise_exception eax=7b43a4cd ebx=00000000 ecx=00000000 edx=0033e708 esi=0033e708 edi=0033e6d0 0009:trace:seh:raise_exception ebp=0033e6a8 esp=0033e644 cs=330023 ds=33002b es=f7be002b fs=f7be0063 gs=f7be006b flags=00000216 0009:trace:seh:call_stack_handlers calling handler at 0x4f8b8c code=c06d007e flags=0 --- snip ---

ProtectionID scan for documentation:

--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> Z:\home\focht\Downloads\CompressonatorGUI_x64_3.1.4064.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 83494931 (04FA0813h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x5602AAD6 -> Wed 23rd Sep 2015 13:36:22 (GMT) [TimeStamp] 0x5602AAD6 -> Wed 23rd Sep 2015 13:36:22 (GMT) | PE Header | - | Offset: 0x000000F0 | VA: 0x004000F0 | - [TimeStamp] 0x5602AAD6 -> Wed 23rd Sep 2015 13:36:22 (GMT) | DebugDirectory | - | Offset: 0x000FD444 | VA: 0x004FE844 | - -> File has 81963539 (04E2AA13h) bytes of appended data starting at offset 0175E00h [LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64) [!] Executable uses SEH Tables (/SAFESEH) (1489 calculated 1489 recorded... 0 invalid addresses) [LoadConfig] CodeIntegrity -> Flags 0x1 | Catalog 0x0 (0) | Catalog Offset 0x555C3A43 | Reserved 0x73726573 [LoadConfig] GuardAddressTakenIatEntryTable 0x6369765C | Count 0x5C726F74 (1551003508) [LoadConfig] GuardLongJumpTargetTable 0x6B736544 | Count 0x5C706F74 (1550872436) [LoadConfig] HybridMetadataPointer 0x4E415242 | DynamicValueRelocTable 0x775C4843 [LoadConfig] FailFastIndirectProc 0x525C6E69 | FailFastPointer 0x61656C65 [LoadConfig] UnknownZero1 0x735C6573 [File Heuristics] -> Flag #1 : 00000100000001001101000000000100 (0x0404D004) [Entrypoint Section Entropy] : 6.63 (section #0) ".text " | Size : 0xFC61C (1033756) byte(s) [DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA [SectionCount] 5 (0x5) | ImageSize 0x180000 (1572864) byte(s) [VersionInfo] Company Name : GPUOpen.com [VersionInfo] Product Name : CompressonatorGUI [VersionInfo] Product Version : 3.1.4064 [VersionInfo] File Description : CompressonatorGUI 3.1.4064 installer [VersionInfo] File Version : 3.1.4064 [VersionInfo] Original FileName : CompressonatorGUI_x64_3.1.4064.exe [VersionInfo] Internal Name : CompressonatorGUI_x64_3.1.4064 [VersionInfo] Legal Copyrights : Copyright (C) 2018 GPUOpen.com [ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll | ADVAPI32.dll | SHELL32.dll | ole32.dll | OLEAUT32.dll | dbghelp.dll | SHLWAPI.dll | COMCTL32.dll | MSIMG32.dll | VERSION.dll | MPR.dll | COMDLG32.dll [ModuleReport] [DelayImport] Modules -> msi.dll | gdiplus.dll | UxTheme.dll | WININET.dll | dwmapi.dll [Debug Info] (record 1 of 1) (file offset 0xFD440) Characteristics : 0x0 | TimeDateStamp : 0x5602AAD6 (Wed 23rd Sep 2015 13:36:22 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x5C (92) AddressOfRawData : 0x116DA0 | PointerToRawData : 0x1159A0 CvSig : 0x53445352 | SigGuid B2ED720C-03A3-4C47-8C3FDFDD897BE428 Age : 0x1 (1) | Pdb : C:\Users\victor\Desktop\BRANCH\win\Release\stubs\x86\ExternalUi.pdb [-= Installer =-] Advanced Installer Module ! [CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008) - Scan Took : 2.661 Second(s) [000000923h (2339) tick(s)] [566 of 580 scan(s) done] --- snip ---

$ sha1sum CompressonatorGUI_x64_3.1.4064.exe c7958e4a7caa2e0011e2abd906fc71cec6603818 CompressonatorGUI_x64_3.1.4064.exe

$ du -sh CompressonatorGUI_x64_3.1.4064.exe 80M CompressonatorGUI_x64_3.1.4064.exe

$ wine --version wine-4.4-232-gc7f323107b

Regards