https://bugs.winehq.org/show_bug.cgi?id=44496
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|BattlEye 'BEDaisy' kernel |Custom imports resolver |service custom imports |used by multiple kernel |resolved can't cope with |drivers can't cope with |'ntoskrnl.exe' low-level |'ntoskrnl.exe' low-level |(wc)string/copy helpers |(wc)string/copy helpers |being forwarded to |being forwarded to |'msvcrt.dll' |'msvcrt.dll' (BattlEye | |'BEDaisy', Sentinel HASP | |'hardlock.sys') Depends on|37355 |
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
also encountered by Sentinel HASP 'hardlock.sys' kernel driver after fixing bug 44641 and bug 44749
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Minitab/Minitab 16
$ WINEDEBUG=+seh,+relay,+winedevice,+ntoskrnl,+ntdll wine ./Mtb.exe >>log.txt 2>&1 ... 0018:Call ntdll.RtlCheckRegistryKey(00000001,0065fb20) ret=7bc7e547 001b:trace:ntdll:NtReadFile (0x4,(nil),(nil),(nil),0x33e92c,0x33e937,0x00000055,0x33e920,(nil)),partial stub! 0018:Ret ntdll.RtlCheckRegistryKey() retval=00000000 ret=7bc7e547 001b:trace:ntdll:NtReadFile = SUCCESS (85) 0018:Ret ntoskrnl.exe.RtlCheckRegistryKey() retval=00000000 ret=007a8edd 0018:Call ntoskrnl.exe.PsSetCreateProcessNotifyRoutine(007a0a6c,00000000) ret=007a8f4e 0018:fixme:ntoskrnl:PsSetCreateProcessNotifyRoutine stub: 0x7a0a6c 0 0018:Ret ntoskrnl.exe.PsSetCreateProcessNotifyRoutine() retval=00000000 ret=007a8f4e 0018:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000001,00000090,6c766f48) ret=007add79 ... 0018:trace:ntoskrnl:ExAllocatePoolWithTag 144 pool 1 -> 0x11f6f0 0018:Ret ntoskrnl.exe.ExAllocatePoolWithTag() retval=0011f6f0 ret=007add79 0018:trace:seh:raise_exception code=c0000096 flags=0 addr=0x7ed059b5 ip=7ed059b5 tid=0018 0018:trace:seh:raise_exception eax=0011f6f0 ebx=0011d2a0 ecx=00000078 edx=00662f54 esi=0011ca28 edi=7ecc0000 0018:trace:seh:raise_exception ebp=0065fbb8 esp=0065fb90 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0018:trace:seh:call_vectored_handlers calling handler at 0x7ecd7f51 code=c0000096 flags=0 0018:trace:seh:call_vectored_handlers handler at 0x7ecd7f51 returned 0 0018:trace:seh:call_stack_handlers calling handler at 0x7bcb057c code=c0000096 flags=0 0018:Call KERNEL32.UnhandledExceptionFilter(0065f694) ret=7bcb05b7 wine: Unhandled privileged instruction at address 0x7ed059b5 (thread 0018), starting debugger... --- snip ---
Disassembly:
--- snip --- ... 007ADD65 68 486F766C PUSH 6C766F48 007ADD6A 33C0 XOR EAX,EAX 007ADD6C 66:8B45 F6 MOV AX,WORD PTR SS:[EBP-A] 007ADD70 50 PUSH EAX 007ADD71 A 01 PUSH 1 007ADD73 FF15 50F47E00 CALL DWORD PTR DS:[7EF450] ; ExAllocatePoolWithTag 007ADD79 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX 007ADD7C 837D F8 00 CMP DWORD PTR SS:[EBP-8],0 007ADD80 0F84 50000000 JE hardlock.007ADDD6 007ADD86 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] 007ADD89 33C9 XOR ECX,ECX 007ADD8B 66:8B08 MOV CX,WORD PTR DS:[EAX] 007ADD8E 51 PUSH ECX 007ADD8F 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] 007ADD92 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4] 007ADD95 50 PUSH EAX 007ADD96 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 007ADD99 50 PUSH EAX 007ADD9A E8 A70F0400 CALL hardlock.007EED46 ; *boom* 007ADD9F 83C4 0C ADD ESP,0C ... --- snip ---
Driver's "IAT":
--- snip --- ... 007EED46 FF25 88F47E00 JMP DWORD PTR DS:[7EF488] ; ntoskrnl.7ED059B5 007EED4C FF25 8CF47E00 JMP DWORD PTR DS:[7EF48C] ; ntoskrnl.7ECD6504 007EED52 FF25 90F47E00 JMP DWORD PTR DS:[7EF490] ; ntoskrnl.7ECDBD4F 007EED58 FF25 94F47E00 JMP DWORD PTR DS:[7EF494] ; ntoskrnl.7ECDD5A6 007EED5E FF25 98F47E00 JMP DWORD PTR DS:[7EF498] ; ntoskrnl.7ECD6294 ... --- snip ---
--- snip --- 7ED059B5 6376736D msvc 7ED059B9 6D2E7472 rt.m 7ED059BD 6F6D6D65 emmo 7ED059C1 6D006576 ve.m 7ED059C5 72637673 svcr 7ED059C9 656D2E74 t.me 7ED059CD 7465736D mset 7ED059D1 76736D00 .msv 7ED059D5 2E747263 crt. 7ED059D9 726F7371 qsor 7ED059DD 736D0074 t.ms --- snip ---
$ wine --version wine-3.3-263-gbf7b21ec7b
Regards