https://bugs.winehq.org/show_bug.cgi?id=40479
--- Comment #9 from Matteo Bruni matteo.mystral@gmail.com --- Created attachment 54443 --> https://bugs.winehq.org/attachment.cgi?id=54443 Hack for the first crash
It's indeed crashing in the second TLS callback for me too. It turns out that it wants to copy the entire dxgi.dll image in memory to a separate buffer and that throws an EXCEPTION_ACCESS_VIOLATION while reading. That's because (for me at least) there is a ~2MB memory area inside the DLL image with no access permissions. Just adding read permissions there doesn't work, probably because the mmapped area is larger than the size of the file on disk. The attached hack unmaps that area and creates an anonymous mapping in its place and that apparently avoids this first crash. I'm not sure what I'm exactly unmapping and what it entails...
With the hack the game still crashes soon after that. There is a third TLS callback which is run after setting a vectored exception handler. This callback is in a memory area with no read or execute permissions so the call immediately causes an exception. The exception handler sets the read and execute permissions for the first page of the callback code and resumes its execution. Soon after there is another exception when trying to execute the first instruction crossing the page boundary. This time though the exception handler doesn't change the page protection nor resume execution so the game crashes.
I imagine the exception handler doesn't like something about the exception, or that second exception isn't supposed to happen at all (i.e. the callback code should take a different path). No idea at this point. I tried to modify the exception info more or less arbitrarily but with no luck.