[Bug 37306] 64-bit ApexDC 1.6.0 crashes on startup with Wine configured as Vista or higher (needs Thread Pool Timer API, 'CreateThreadpoolTimer')

https://bugs.winehq.org/show_bug.cgi?id=37306

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, win64 Status|UNCONFIRMED |NEW URL| |http://www.apexdc.net/downl | |oad/ CC| |focht@gmx.net Component|-unknown |kernel32 Summary|ApexDC crashes on start |64-bit ApexDC 1.6.0 crashes |with wine configured as |on startup with Wine |Vista or higher |configured as Vista or | |higher (needs Thread Pool | |Timer API, | |'CreateThreadpoolTimer') Ever confirmed|0 |1

--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming.

--- snip --- $ pwd /home/focht/wine64/drive_c/Program Files/ApexDC++

$ WINEDEBUG=+tid,+seh,+relay wine ./ApexDC-x64.exe >>log.txt 2>&1 ... 0025:Call KERNEL32.CreateEventExW(00000000,00000000,00000000,001f0002) ret=140304c20 0025:Ret KERNEL32.CreateEventExW() retval=00000084 ret=140304c20 0025:Call KERNEL32.RegisterWaitForSingleObject(00085280,00000084,14031bc7c,00084fb0,ffffffff,00000000) ret=140317aff 0025:Ret KERNEL32.RegisterWaitForSingleObject() retval=00000001 ret=140317aff 0025:Call KERNEL32.GetLastError() ret=140317b6a 0025:Ret KERNEL32.GetLastError() retval=00000000 ret=140317b6a 0025:Call ntdll.RtlPcToFileHeader(14047b018,0033f4b0) ret=14030c43c 0025:Ret ntdll.RtlPcToFileHeader() retval=140000000 ret=14030c43c 0025:Call KERNEL32.RaiseException(e06d7363,00000001,00000004,0033f480) ret=14030c47b 0025:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b84ad13 ip=7b84ad13 tid=0025 0025:trace:seh:raise_exception info[0]=0000000019930520 0025:trace:seh:raise_exception info[1]=000000000033f518 0025:trace:seh:raise_exception info[2]=000000014047b018 0025:trace:seh:raise_exception info[3]=0000000140000000 0025:trace:seh:raise_exception rax=000000000033f260 rbx=000000014047b018 rcx=000000000033f260 rdx=0000003157349c5c 0025:trace:seh:raise_exception rsi=000000000033f480 rdi=000000000033f280 rbp=000000000033f3b0 rsp=000000000033f240 0025:trace:seh:raise_exception r8=0000000000000004 r9=000000000033f480 r10=0000000000000000 r11=00000031573807e0 0025:trace:seh:raise_exception r12=0000000140325970 r13=0000000000000001 r14=00000000ffffffff r15=0000000000000000 ... 0025:trace:seh:call_stack_handlers found wine frame 0x33fe80 rsp 33ff90 handler 0x7f2b7ca3dabe 0025:trace:seh:call_teb_handler calling TEB handler 0x7f2b7ca3dabe (rec=0x33f260, frame=0x33fe80 context=0x33e4f0, dispatcher=0x33df78) 0025:Call KERNEL32.UnhandledExceptionFilter(0033df00) ret=7f2b7ca3db14 0025:Call dbghelp.SymSetOptions(00000214) ret=140056bd4 0025:Ret dbghelp.SymSetOptions() retval=00000214 ret=140056bd4 0025:Call dbghelp.SymInitialize(ffffffffffffffff,00000000,00000001) ret=140056be9 --- snip ---

The app provides a .PDB file on its own which improves the backtrace but doesn't reveal it:

--- snip --- Wine-dbg>bt Backtrace:

=>0 0x000000007b84ad13 RaiseException+0xe5(code=0xe06d7363, flags=0x1, nbargs=0x4, args=0x33f480) [/home/focht/projects/wine/wine.repo/src/dlls/kernel32/except.c:85] in kernel32 (0x000000000033f430)

1 0x000000014030c47b _CxxThrowException+0xb2(pExceptionObject=0x140000000, pThrowInfo=0x4, ThisException={ExceptionCode=0xe06d7363, ExceptionFlags=0x1, ExceptionRecord=(nil), ExceptionAddress=0x0(nil), NumberParameters=0x4, params={magicNumber=0x19930520, pExceptionObject=0x33f518, pThrowInfo=0x14047b018, pThrowImageBase=0x140000000}}, ThrowImageBase=0x140000000) [f:\dd\vctools\crt\crtw32\eh\throw.cpp:152] in apexdc-x64 (0x000000000033f4a0)

2 0x0000000140317b93 Concurrency::details::SchedulerBase::SchedulerBase+0x37e(this=0x5de70, policy=0x33f670) in apexdc-x64 (0x0000000000000001)

3 0x000000014033394c Concurrency::details::ThreadScheduler::ThreadScheduler+0x1f(this=0x33f670, policy=(nil)) in apexdc-x64 (0x000000000033f770)

4 0x0000000140333a53 Concurrency::details::ThreadScheduler::Create+0x32(policy=0x1404b5ba4) in apexdc-x64 (0x000000000033f770)

5 0x0000000140318b1f Concurrency::details::SchedulerBase::CreateWithoutInitializing+0x1a(policy=0x33f6d0) in apexdc-x64 (0x000000000033f770)

6 0x00000001403195c8 Concurrency::details::SchedulerBase::GetDefaultScheduler+0x93(_lock={_M_lock=0x1404b5ba8}, policy={_M_pPolicyBag=0x59e20}) in apexdc-x64 (0x000000000033f770)

7 0x0000000140318aaf Concurrency::details::SchedulerBase::CreateContextFromDefaultScheduler+0xe() in apexdc-x64 (0x000000000033f770)

8 0x0000000140301140 Concurrency::Alloc+0x3b(numBytes=0x1) in apexdc-x64 (0x000000000033f770)

9 0x00000001400914e8 Concurrency::task<void>::task<void><<lambda_8cd0909e66f4ef6ba8bd8e574cd09e31>

+0x127(this=0x33f820, _Param={__this=0x569d0}, _TaskOptions=0x1) in apexdc-x64

(0x000000000033f770)

10 0x0000000140091311 Concurrency::create_task<<lambda_8cd0909e66f4ef6ba8bd8e574cd09e31>

+0x70(_Param={__this=0x569d0}, _TaskOptions=0x33f838) in apexdc-x64

(0x000000000033f849)

11 0x0000000140090be9 std::_Task_async_state<void,0>::_Task_async_state<void,0><std::_Bind<0,void,<lambda_70b49fd59b39f0ea1cab861673d1f5d2>

...

+0x9c(this=0x569d0, _Fnarg=0x33fa60) in apexdc-x64 (0x000000000033f849)

12 0x000000014009073f std::_Async<<lambda_70b49fd59b39f0ea1cab861673d1f5d2>

+0x52(_Fnarg=0x569d0, _Pr={_State={_Assoc_state=(nil), _Get_only_once=false},

_Future_retrieved=false}) in apexdc-x64 (0x000000000033f930)

13 0x000000014009011d std::async<enum std::launch,<lambda_70b49fd59b39f0ea1cab861673d1f5d2> >+0x2c(_Fnarg=0x55c60) in apexdc-x64 (0x000000000033fa90)

... 17 0x000000007b87d2d2 call_process_entry+0x1c(peb=0x7fffff7ef000, entry=0x140309b7c) [/home/focht/projects/wine/wine.repo/src/dlls/kernel32/process.c:1066] in kernel32 (0x000000000033fd20) --- snip ---

With some debugging I figured out the app requires some Vista+ Thread Pool Timer API in Vista+ mode.

The runtime code late-binds various imports. Missing imports don't cause immediate failure as the actual async thread/timer wrapper class details implementation is chosen at runtime, based on the Windows version.

In case of Vista+, the late runtime function pointer evaluation to null - which is not seen in traces - causes the abort.

--- snip --- ... 0025:Starting process L"C:\Program Files\ApexDC++\ApexDC-x64.exe" (entryproc=0x140309b7c) ... 0025:Call KERNEL32.GetModuleHandleW(1403cb230 L"kernel32.dll") ret=14030f42b 0025:Ret KERNEL32.GetModuleHandleW() retval=7b820000 ret=14030f42b ... 0025:Call KERNEL32.GetProcAddress(7b820000,140377f30 "CreateThreadpoolTimer") ret=14030f52e 0025:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14030f52e 0025:Call KERNEL32.GetProcAddress(7b820000,140377f48 "SetThreadpoolTimer") ret=14030f54c 0025:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14030f54c 0025:Call KERNEL32.GetProcAddress(7b820000,140377f60 "WaitForThreadpoolTimerCallbacks") ret=14030f56a 0025:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14030f56a 0025:Call KERNEL32.GetProcAddress(7b820000,140377f80 "CloseThreadpoolTimer") ret=14030f588 0025:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14030f588 0025:Call KERNEL32.GetProcAddress(7b820000,140377f98 "CreateThreadpoolWait") ret=14030f5a6 0025:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14030f5a6 0025:Call KERNEL32.GetProcAddress(7b820000,140377fb0 "SetThreadpoolWait") ret=14030f5c4 0025:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14030f5c4 0025:Call KERNEL32.GetProcAddress(7b820000,140377fc8 "CloseThreadpoolWait") ret=14030f5e2 0025:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14030f5e2 ... --- snip ---

The first missing import needed is 'CreateThreadpoolTimer'.

$ sha1sum ApexDC++_1.6.0_Setup.exe 1c39f7a6e6ca2160f13876e82070113ec69af65b ApexDC++_1.6.0_Setup.exe

$ du -sh ApexDC++_1.6.0_Setup.exe 40M ApexDC++_1.6.0_Setup.exe

$ wine --version wine-1.7.27-71-gfbcf77c

Regards