[Bug 45510] Sentinel HASP Runtime (driver) 7.8 installer fails, reports ' Error when starting the hardlock service' ( custom imports resolver fails to locate some ntoskrnl exports)

https://bugs.winehq.org/show_bug.cgi?id=45510

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1 Summary|Sentinel Runtime Setup |Sentinel HASP Runtime |problem |(driver) 7.8 installer | |fails, reports 'Error when | |starting the hardlock | |service' (custom imports | |resolver fails to locate | |some ntoskrnl exports) Keywords| |download, hardware, | |Installer, obfuscation CC| |focht@gmx.net Component|-unknown |ntoskrnl URL| |https://supportportal.gemal | |to.com/csm/?id=kb_article&s | |ys_id=a459d328dba207c8fe0af | |f3dbf9619ce

--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming. I found the Sentinel HASP driver/runtime installer package PSIM 11.x uses on the original vendor site, albeit slightly different version.

Relevant part of trace log:

--- snip --- $ WINEDEBUG=+seh,+relay,+msi,+service,+ntoskrnl wine ./HASPUserSetup.exe

...

log.txt 2>&1

... 0009:Call KERNEL32.CreateProcessW(00000000,0018059c L"MSIEXEC.EXE /i "C:\users\focht\Temp\{FF7C4F7B-D751-4BF4-A3F9-8CB260F6EEE7}\HASP_Setup.msi" SETUPEXEDIR="Z:\home\focht\Downloads\Sentinel_LDK_Run-time_setup" SETUPEXENAME="HASPUserSetup.exe"",00000000,00000000,00000000,00000020,00000000,00000000,0033c314,0033c380) ret=0044488b ... 002f:Call KERNEL32.__wine_kernel_init() ret=7bc6d45a 0009:Ret KERNEL32.CreateProcessW() retval=00000001 ret=0044488b ... 002f:trace:msi:ACTION_CustomAction Handling custom action L"Action.6CF3F7DF_6AED_451D_BF8F_AD216156BF2B" (c11 L"haspds_msi.dll.6CF3F7DF_6AED_451D_BF8F_AD216156BF2B" L"HaspdsMsiInst") ... 002f:trace:msi:HANDLE_CustomType17 L"haspds_msi.dll.6CF3F7DF_6AED_451D_BF8F_AD216156BF2B" L"HaspdsMsiInst" ... 0039:Call KERNEL32.LoadLibraryW(0015c910 L"C:\Program Files\Common Files\Aladdin Shared\HASP\haspds_msi.dll") ret=7e919445 ... 0039:Ret PE DLL (proc=0x10001bbe,module=0x10000000 L"haspds_msi.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 0039:Ret KERNEL32.LoadLibraryW() retval=10000000 ret=7e919445 0039:Call KERNEL32.GetProcAddress(10000000,0015aed0 "HaspdsMsiInst") ret=7e9194c8 0039:Ret KERNEL32.GetProcAddress() retval=10001170 ret=7e9194c8 0039:trace:msi:alloc_msi_remote_handle 1 -> 1 0039:trace:msi:__wine_msi_call_dll_function calling "HaspdsMsiInst" ... 0039:Call advapi32.CreateServiceA(00160688,0015eede "hardlock",0015eede "hardlock",000f01ff,00000001,00000002,00000001,0056e210 "C:\windows\system32\drivers\hardlock.sys",00000000,00000000,0015f130 "",00000000,00000000) ret=006a4c54 ... 0039:Ret advapi32.CreateServiceA() retval=00160b30 ret=006a4c54 ... 0039:Call advapi32.StartServiceA(00160b30,00000000,00000000) ret=006a4d4b ... 003d:Call KERNEL32.CreateProcessW(00000000,0011c680 L"C:\windows\system32\winedevice.exe",00000000,00000000,00000000,00000400,00450000,00000000,00bbf7ec,00bbf830) ret=7efe4bb0 ... 0044:Call KERNEL32.__wine_kernel_init() ret=7bc6d45a 003d:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7efe4bb0 ... 0048:Call KERNEL32.LoadLibraryW(0011cd68 L"C:\windows\system32\drivers\hardlock.sys") ret=7effa9fa 0048:Ret KERNEL32.LoadLibraryW() retval=00780000 ret=7effa9fa ... 0048:Call driver init 0x809224 (obj=0x11cb88,str=L"\Registry\Machine\System\CurrentControlSet\Services\hardlock") ... 0048:Call ntoskrnl.exe.RtlInitUnicodeString(0065fc74,007f531e L"\REGISTRY\MACHINE\System\CurrentControlSet\Services\HaspNt") ret=00797e56 0048:Call ntdll.RtlInitUnicodeString(0065fc74,007f531e L"\REGISTRY\MACHINE\System\CurrentControlSet\Services\HaspNt") ret=7bc81363 0048:Ret ntdll.RtlInitUnicodeString() retval=0065fc74 ret=7bc81363 0048:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065fc74 ret=00797e56 ... 0048:Call ntoskrnl.exe.IoCreateDevice(0011cb88,0000040c,0065fba8,00009c40,00000000,00000000,0065fc90) ret=007984cc 0048:trace:ntoskrnl:IoCreateDevice (0x11cb88, 1036, L"\Device\FNT0", 40000, 0, 0, 0x65fc90) 0048:Call ntdll.RtlAllocateHeap(00110000,00000008,000004c4) ret=7e985874 0048:Ret ntdll.RtlAllocateHeap() retval=0011d348 ret=7e985874 0048:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=007984cc ... 0048:Call ntoskrnl.exe.IoCreateSymbolicLink(0065fba0,0065fba8) ret=008058a4 0048:trace:ntoskrnl:IoCreateSymbolicLink L"\DosDevices\FEnteDev" -> L"\Device\FNT0" 0048:Call ntdll.NtCreateSymbolicLinkObject(0065fb24,000f0001,0065fb0c,0065fba8) ret=7e985bd1 0048:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7e985bd1 0048:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=008058a4 ... 0048:Call ntoskrnl.exe.RtlAppendUnicodeToString(0011e820,007f57d8 L"\Parameters") ret=008042bf 0048:Call ntdll.RtlAppendUnicodeToString(0011e820,007f57d8 L"\Parameters") ret=7bc81363 0048:Ret ntdll.RtlAppendUnicodeToString() retval=00000000 ret=7bc81363 0048:Ret ntoskrnl.exe.RtlAppendUnicodeToString() retval=00000000 ret=008042bf 0048:Call ntoskrnl.exe.RtlQueryRegistryValues(80000000,0011e828,0065fa34,00000000,00000000) ret=007843fd 0048:Call ntdll.RtlQueryRegistryValues(80000000,0011e828,0065fa34,00000000,00000000) ret=7bc81363 0048:Ret ntdll.RtlQueryRegistryValues() retval=c0000034 ret=7bc81363 0048:Ret ntoskrnl.exe.RtlQueryRegistryValues() retval=c0000034 ret=007843fd .... 0048:Call ntoskrnl.exe.PsGetVersion(0065fbb4,0065fbb8,00000000,00000000) ret=00804f70 0048:Call ntdll.RtlGetVersion(0065fa34) ret=7e9886ef 0048:Ret ntdll.RtlGetVersion() retval=00000000 ret=7e9886ef 0048:Ret ntoskrnl.exe.PsGetVersion() retval=00000001 ret=00804f70 .... 0048:Call hal.HalGetBusData(00000004,00000000,00000000,0065f964,00000040) ret=00798cf1 0048:fixme:ntoskrnl:HalGetBusData (4 0 0 0x65f964 64) stub! 0048:Ret hal.HalGetBusData() retval=00000000 ret=00798cf1 ... 0048:Call ntoskrnl.exe.ZwQuerySystemInformation(0000000b,0011e820,000008e4,0065fa74) ret=007f00c9 0048:Call ntdll.NtQuerySystemInformation(0000000b,0011e820,000008e4,0065fa74) ret=7bc81363 0048:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=7bc81363 0048:Ret ntoskrnl.exe.ZwQuerySystemInformation() retval=00000000 ret=007f00c9 ... 0048:Call ntoskrnl.exe.IoGetConfigurationInformation() ret=0079a124 0048:fixme:ntoskrnl:IoGetConfigurationInformation partial stub 0048:Ret ntoskrnl.exe.IoGetConfigurationInformation() retval=7e9b45c0 ret=0079a124 ... 0048:Call ntoskrnl.exe.RtlInitUnicodeString(0065f844,007f7020 L"\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion") ret=007eff93 0048:Call ntdll.RtlInitUnicodeString(0065f844,007f7020 L"\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion") ret=7bc81363 0048:Ret ntdll.RtlInitUnicodeString() retval=0065f844 ret=7bc81363 0048:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065f844 ret=007eff93 0048:Call ntoskrnl.exe.ZwOpenKey(0065f850,02000000,0065f824) ret=007effc5 0048:Call ntdll.NtOpenKey(0065f850,02000000,0065f824) ret=7bc81363 0048:Ret ntdll.NtOpenKey() retval=00000000 ret=7bc81363 0048:Ret ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=007effc5 0048:Call ntoskrnl.exe.ZwQueryValueKey(00000044,0065f83c,00000001,0011fa68,00000200,0065f84c) ret=007efff3 0048:Call ntdll.NtQueryValueKey(00000044,0065f83c,00000001,0011fa68,00000200,0065f84c) ret=7bc81363 0048:Ret ntdll.NtQueryValueKey() retval=00000000 ret=7bc81363 0048:Ret ntoskrnl.exe.ZwQueryValueKey() retval=00000000 ret=007efff3 0048:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000 tid=0048 0048:trace:seh:raise_exception info[0]=00000000 0048:trace:seh:raise_exception info[1]=00000000 0048:trace:seh:raise_exception eax=0011fa68 ebx=7e97f2d4 ecx=00000016 edx=0011fa90 esi=0011fa60 edi=0011f850 0048:trace:seh:raise_exception ebp=0065f854 esp=0065f808 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010216 0048:trace:seh:call_vectored_handlers calling handler at 0x7e9827fd code=c0000005 flags=0 0048:trace:seh:call_vectored_handlers handler at 0x7e9827fd returned 0 0048:trace:seh:call_stack_handlers calling handler at 0x7bcb3a34 code=c0000005 flags=0 0048:Call KERNEL32.UnhandledExceptionFilter(0065f304) ret=7bcb3a6f wine: Unhandled page fault on read access to 0x00000000 at address (nil) (thread 0048), starting debugger... ... 0039:Call user32.MessageBoxA(0005006c,0056e970 "Error when starting the hardlock service with parameters 1168 1053 1.\nThis is an internal error. For assistance, contact your administrator or the software manufacturer. Vypr\x9ael casov\xfd limit po\x9eadavku slu\x9eby.\r\n\nStatus Code: 48 5 935 1053",100092d8 "Sentinel HASP Run-time installation",00000040) ret=100013c7 --- snip ---

'c:\windows\aksdrvsetup.log':

--- snip --- [27/7/2018-13:5:19]Running on Win 7 ../hhlinst.c,3903, [27/7/2018-13:5:19]haspdinst 1 ver 7.81//7.81 started ../hhlinst.c,1551, [27/7/2018-13:5:19]DLL InstallPath = C:\Program Files\Common Files\Aladdin Shared\HASP\haspds_windows.dll ../hhlinst.c,1591, [27/7/2018-13:5:20]Called hhls_ExtractFiles AKSUPACK_EXTRACTED Params: hasp_windows.dll C:\users\focht\Temp\hasp_windows.dll 1 5695548 ../hhlinst.c,3571, [27/7/2018-13:5:20]Called hhls_ExtractFiles AKSUPACK_EXTRACTED Params: haspdinst_x64.exe C:\users\focht\Temp\haspdinst_x64.exe 1 5695548 ../hhlinst.c,3571, [27/7/2018-13:5:20]Called hhls_ExtractFiles AKSUPACK_EXTRACTED Params: hhl01.cab C:\users\focht\Temp\hhl01.cab 1 5695548 ../hhlinst.c,3571, [27/7/2018-13:5:20]Unpackdone ../hhlinst.c,1637, ... [27/7/2018-13:5:20]Install PnP Device aksusb.inf. ../instdrv.c,1248, [27/7/2018-13:5:20]call pUpdateDriverForPlugAndPlayDevices. ../instdrv.c,1319, [27/7/2018-13:5:20]Driver successfully updated ../instdrv.c,1348, [27/7/2018-13:5:20]Install PnP Device aksusb.inf done. Status = 0 ../instdrv.c,1644, [27/7/2018-13:5:20]read config file ../hhlinst.c,1996, [27/7/2018-13:5:20]read config file OK ../hhlinst.c,2015, [27/7/2018-13:5:20]check action type ../hhlinst.c,2018, [27/7/2018-13:5:20]read config file ../hhlinst.c,1996, [27/7/2018-13:5:20]read config file OK ../hhlinst.c,2015, [27/7/2018-13:5:20]check action type ../hhlinst.c,2018, [27/7/2018-13:5:20]read config file ../hhlinst.c,1996, [27/7/2018-13:5:20]read config file OK ../hhlinst.c,2015, [27/7/2018-13:5:20]check action type ../hhlinst.c,2018, [27/7/2018-13:5:20]read config file ../hhlinst.c,1996, [27/7/2018-13:5:20]read config file OK ../hhlinst.c,2015, [27/7/2018-13:5:20]check action type ../hhlinst.c,2018, [27/7/2018-13:5:20]read config file ../hhlinst.c,1996, [27/7/2018-13:5:20]read config file OK ../hhlinst.c,2015, [27/7/2018-13:5:20]check action type ../hhlinst.c,2018, [27/7/2018-13:5:20] hardlock.sys VER 0 ../instdrv.c,2162, [27/7/2018-13:5:20]InstallService Hardlock. ../instdrv.c,692, [27/7/2018-13:5:20]service Hardlock newer 0 serviceexist 0. ../instdrv.c,731, [27/7/2018-13:5:20]start service Hardlock. ../instdrv.c,903, [27/7/2018-13:5:20]UnInstallService hardlock. ../instdrv.c,1019, [27/7/2018-13:5:20]UnInstallService hardlock end status 0. ../instdrv.c,1146, [27/7/2018-13:5:23]Error when starting the hardlock service with parameters 1168 1053 1. ../instdrv.c,935, [27/7/2018-13:5:23]Windows error 1053 ../instdrv.c,935, [27/7/2018-13:5:23]do not write instcount err 1 48 ../hhlinst.c,2360, [27/7/2018-13:5:23]end actual install ../hhlinst.c,2436, [27/7/2018-13:5:23]Install returned 1 48 ../hhlinst.c,1742, --- snip ---

Disassembly of driver code (after decryption in memory):

--- snip --- ... 007F0001 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4] 007F0004 8B48 0C MOV ECX,DWORD PTR DS:[EAX+C] 007F0007 8B50 08 MOV EDX,DWORD PTR DS:[EAX+8] 007F000A 57 PUSH EDI 007F000B 51 PUSH ECX 007F000C 03D0 ADD EDX,EAX 007F000E 52 PUSH EDX 007F000F 50 PUSH EAX 007F0010 E8 4F230000 CALL hardlock.007F2364 007F0015 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4] ... 007F22B0 JMP DWORD PTR DS:[7F422C] ; ntoskrnl.NtOpenKey 007F22B6 JMP DWORD PTR DS:[7F4224] ; ntoskrnl.NtSetValueKey 007F22BC JMP DWORD PTR DS:[7F4220] ; ntoskrnl.MmMapIoSpace 007F22C2 JMP DWORD PTR DS:[7F421C] ; ntoskrnl.NtEnumerateValueKey ... 007F235E JMP DWORD PTR DS:[7F4074] ; ntoskrnl.KeInitializeSemaphore 007F2364 JMP DWORD PTR DS:[7F4078] 007F236A JMP DWORD PTR DS:[7F407C] ; ntoskrnl.NtQueryValueKey 007F2370 JMP DWORD PTR DS:[7F4080] ; ntoskrnl.IofCompleteRequest 007F2376 JMP DWORD PTR DS:[7F4084] ; ntoskrnl.IofCallDriver 007F237C JMP DWORD PTR DS:[7F4088] ; ntoskrnl.__wine_stub_KeReadStateEvent 007F2382 JMP DWORD PTR DS:[7F408C] ; ntoskrnl.__wine_stub_IoCancelIrp 007F2388 JMP DWORD PTR DS:[7F4090] ; ntoskrnl.KeDelayExecutionThread 007F238E JMP DWORD PTR DS:[7F4094] ; ntoskrnl.IoGetDeviceObjectPointer 007F2394 JMP DWORD PTR DS:[7F4098] ; ntoskrnl.IoBuildDeviceIoControlRequest 007F239A JMP DWORD PTR DS:[7F409C] ; ntoskrnl.ExAllocatePoolWithTag 007F23A0 JMP DWORD PTR DS:[7F40A0] ; ntoskrnl.RtlIntegerToUnicodeString 007F23A6 JMP DWORD PTR DS:[7F40A4] ; ntoskrnl.RtlAppendUnicodeStringToString 007F23AC JMP DWORD PTR DS:[7F40A8] ; ntoskrnl.IoGetConfigurationInformation 007F23B2 JMP DWORD PTR DS:[7F40AC] ; ntoskrnl.KeInitializeEvent 007F23B8 JMP DWORD PTR DS:[7F40B0] ; ntoskrnl.ObReferenceObjectByPointer 007F23BE JMP DWORD PTR DS:[7F40B8] ; ntoskrnl.RtlCompareMemory 007F23C4 JMP DWORD PTR DS:[7F40BC] ; ntoskrnl.NTOSKRNL_memset 007F23CA JMP DWORD PTR DS:[7F40C0] ... 007F23C4 JMP DWORD PTR DS:[7F40BC] ; ntoskrnl.NTOSKRNL_memset 007F23CA JMP DWORD PTR DS:[7F40C0] 007F23D0 JMP DWORD PTR DS:[7F40C4] ; ntoskrnl.NTOSKRNL_memcpy ... 007F2442 JMP DWORD PTR DS:[7F4110] ; ntoskrnl.__wine_stub_IoIsSystemThread 007F2448 JMP DWORD PTR DS:[7F4114] 007F244E JMP DWORD PTR DS:[7F411C] ; ntoskrnl.__wine_stub_IoDetachDevice ... 007F2472 JMP DWORD PTR DS:[7F4134] ; ntoskrnl.IoAllocateMdl 007F2478 JMP DWORD PTR DS:[7F4138] 007F247E JMP DWORD PTR DS:[7F413C] 007F2484 JMP DWORD PTR DS:[7F4140] ; ntoskrnl.RtlInitString ... 007F2538 JMP DWORD PTR DS:[7F41C4] ; ntoskrnl.NtWriteFile 007F253E JMP DWORD PTR DS:[7F41C8] 007F2544 JMP DWORD PTR DS:[7F41CC] 007F254A JMP DWORD PTR DS:[7F41D0] ; ntoskrnl._alldiv ... 007F2592 JMP DWORD PTR DS:[7F4204] ; ntoskrnl.NtDeviceIoControlFile 007F2598 JMP DWORD PTR DS:[<&HAL.KeGetCurrentIrql>] 007F259E JMP DWORD PTR DS:[<&HAL.READ_PORT_UCHAR>] 007F25A4 JMP DWORD PTR DS:[<&HAL.WRITE_PORT_UCHAR>] 007F25AA JMP DWORD PTR DS:[<&HAL.HalGetBusData>] 007F25B0 JMP DWORD PTR DS:[<&HAL.KfLowerIrql>] 007F25B6 JMP DWORD PTR DS:[<&HAL.KfRaiseIrql>] 007F25BC JMP DWORD PTR DS:[<&HAL.KfReleaseSpinLock>] 007F25C2 JMP DWORD PTR DS:[<&HAL.KfAcquireSpinLock>] 007F25C8 JMP DWORD PTR DS:[<&HAL.KeStallExecutionProcessor>] 007F25CE 0000 ADD BYTE PTR DS:[EAX],AL --- snip ---

The customer imports resolver failed to locate several ntoskrnl API exports, hence the holes. It causes NULL ptr deref whenever such an unresolved import is called later. I could probably figure out the missing exports and have stubs added but it won't help much. This is not going to fly. There are already multiple bug reports for stubs/missing kernel driver infrastructure.

$ sha1sum Sentinel_LDK_Run-time_setup.zip 8f65d01803dc5297b7d7916a0f653428d0dc9b21 Sentinel_LDK_Run-time_setup.zip

$ du -sh Sentinel_LDK_Run-time_setup.zip 17M Sentinel_LDK_Run-time_setup.zip $ wine --version wine-3.13

Regards