https://bugs.winehq.org/show_bug.cgi?id=55993
--- Comment #4 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 75620 --> https://bugs.winehq.org/attachment.cgi?id=75620 Add logging for related functions.
(In reply to Alexandre Julliard from comment #2)
I tried to get some more information and found an exception happens, after the press to the OK button:
WINEDEBUG=+seh: 012c:trace:seh:signal (22, 00006FFFEB73D530) 012c:trace:seh:dispatch_exception code=c0000005 flags=0 addr=0000700000000008 ip=700000000008 012c:trace:seh:dispatch_exception info[0]=0000000000000000 012c:trace:seh:dispatch_exception info[1]=00007000000439d4 012c:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception (code=c0000005) raised
This instructions are reached because plsqldev.exe does short before: => 0x00000000006b8afc: call *0x38a7fc6(%rip) # 0x3f60ac8
This memory 0x3f60ac8 seems to be written here: 0x00000000006b8bb4: lea 0x21(%rip),%rdx # 0x6b8bdc 0x00000000006b8bbb: call 0x42d580 0x00000000006b8bc0: mov %rax,%rcx 0x00000000006b8bc3: lea -0x2da(%rip),%rdx # 0x6b88f0 0x00000000006b8bca: call 0x481420 0x00000000006b8bcf: mov %rax,0x38a7ef2(%rip) # 0x3f60ac8 0x00000000006b8bd6: lea 0x20(%rbp),%rsp 0x00000000006b8bda: pop %rbp 0x00000000006b8bdb: ret (gdb) x/hs 0x6b8bdc 0x6b8bdc: u"CreateFileA"
Therefore it looks to me like plsqldev.exe takes the address of CreateFileA and does some crazy things with this address like VirtualQuery, VirtualProtect and VirtualAlloc. Which leads finally in kind of storing a trampoline behind kernel32.dll for CreateFileA.
Before the regression GetProcAddr returns for CreateFileA e.g. 0x17800C464. With the trampoline at 0x1781c0000.
After the regression GetProcAddr returns for CreateFileA 00006FFFFFAAC464. And plsqldev.exe iterates from 0x6FFFFFAE0000 upwards and finally VirtualAlloc succeeds at 0x700000000000.
Failing: => 0x0000700000000000: lea 0x0(%rsp),%rsp 0x0000700000000008: jmp *0x439c6(%rip) # 0x7000000439d4 0x000070000000000e: jmp *0x0(%rip) # 0x700000000014 (gdb) x/1xg 0x7000000439d4 0x7000000439d4: Cannot access memory at address 0x7000000439d4
Working: => 0x00000001781c0000: lea 0x0(%rsp),%rsp 0x00000001781c0008: jmp *-0x1701d6(%rip) # 0x17804fe38 0x00000001781c000e: jmp *0x0(%rip) # 0x1781c0014 (gdb) x/1xg 0x17804fe38 0x17804fe38: 0x00006fffff499640
So it looks like the generated trampoline is faulty?
Attached file adds some logging and workaround to not respect wineservers requested address for kernel32.