[Bug 43567] Vietcong - game crashes during radiocalls ('kernel32.GetTickCount' clobbers ECX)

https://bugs.winehq.org/show_bug.cgi?id=43567

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Summary|Vietcong - game crashes |Vietcong - game crashes |during radiocalls |during radiocalls | |('kernel32.GetTickCount' | |clobbers ECX) Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED Keywords| |download, obfuscation Fixed by SHA1| |cd215bb49bc240cdce5415c8026 | |4f8daa557636a CC| |focht@gmx.net

--- Comment #9 from Anastasius Focht focht@gmx.net --- Hello folks,

this has been fixed some time ago.

I made some effort to document 'kernel32.GetTickCount' API entry point "history" for the sake of those interested (foremost myself).

First the commit that influenced the code generation (via build system/compiler settings, code changes, ...), followed by disassembly to show where/when ECX gets clobbered. NOTE: '(func-1)' is used to work around symbol processing problem for hotpatch entries.

Starting with Wine l33t release (old enough)

--- snip --- $ gdb mainline-install-1.3.37-x86_64/lib/wine/kernel32.dll.so -batch -ex 'disassemble GetTickCount' Dump of assembler code for function GetTickCount: 0x0003f870 <+0>: push %ebp 0x0003f871 <+1>: mov %esp,%ebp 0x0003f873 <+3>: push %ebx 0x0003f874 <+4>: call 0x1f760 <__x86.get_pc_thunk.bx> 0x0003f879 <+9>: add $0x5b787,%ebx 0x0003f87f <+15>: sub $0x4,%esp 0x0003f882 <+18>: call 0x3f820 <GetTickCount64> 0x0003f887 <+23>: mov -0x4(%ebp),%ebx 0x0003f88a <+26>: leave 0x0003f88b <+27>: ret

--- snip ---

https://source.winehq.org/git/wine.git/commitdiff/1005f3a6fa9d1aeb3e0e912815... ("kernel32: Make GetTickCount and GetTickCount64 hotpatchable.")

--- snip --- gdb mainline-install-1.7.33-x86_64/lib/wine/kernel32.dll.so -batch -ex 'disassemble GetTickCount-1'

Dump of assembler code for function GetTickCount: 0x7b843820 <+0>: mov %edi,%edi 0x7b843822 <+2>: push %ebp 0x7b843823 <+3>: mov %esp,%ebp 0x7b843825 <+0>: push %ebx 0x7b843826 <+1>: call 0x7b820770 <__x86.get_pc_thunk.bx> 0x7b84382b <+6>: add $0x707d5,%ebx 0x7b843831 <+12>: and $0xfffffff0,%esp 0x7b843834 <+15>: call 0x7b8437b0 <GetTickCount64> 0x7b843839 <+20>: mov -0x4(%ebp),%ebx 0x7b84383c <+23>: leave 0x7b84383d <+24>: ret

$ gdb mainline-install-1.7.33-x86_64/lib/wine/kernel32.dll.so -batch -ex 'disassemble GetTickCount64-1'

Dump of assembler code for function GetTickCount64: 0x7b8437b0 <+0>: mov %edi,%edi 0x7b8437b2 <+2>: push %ebp 0x7b8437b3 <+3>: mov %esp,%ebp 0x7b8437b5 <+0>: pop %ebp 0x7b8437b6 <+1>: lea 0x4(%esp),%ecx 0x7b8437ba <+5>: and $0xfffffff0,%esp 0x7b8437bd <+8>: pushl -0x4(%ecx) 0x7b8437c0 <+11>: push %ebp 0x7b8437c1 <+12>: mov %esp,%ebp 0x7b8437c3 <+14>: push %ebx 0x7b8437c4 <+15>: call 0x7b820770 <__x86.get_pc_thunk.bx> 0x7b8437c9 <+20>: add $0x70837,%ebx 0x7b8437cf <+26>: push %ecx 0x7b8437d0 <+27>: lea -0x10(%ebp),%eax 0x7b8437d3 <+30>: sub $0x18,%esp 0x7b8437d6 <+33>: push %eax 0x7b8437d7 <+34>: lea -0x18(%ebp),%eax 0x7b8437da <+37>: push %eax 0x7b8437db <+38>: call 0x7b827854 <NtQueryPerformanceCounter> 0x7b8437e0 <+43>: imul $0x3e8,-0x14(%ebp),%ecx 0x7b8437e7 <+50>: mov $0x3e8,%eax 0x7b8437ec <+55>: mull -0x18(%ebp) 0x7b8437ef <+58>: sub $0x8,%esp 0x7b8437f2 <+61>: pushl -0xc(%ebp) 0x7b8437f5 <+64>: pushl -0x10(%ebp) 0x7b8437f8 <+67>: add %ecx,%edx 0x7b8437fa <+69>: push %edx 0x7b8437fb <+70>: push %eax 0x7b8437fc <+71>: call 0x7b87c180 <__divdi3> 0x7b843801 <+76>: add $0x18,%esp 0x7b843804 <+79>: lea -0x8(%ebp),%esp 0x7b843807 <+82>: pop %ecx 0x7b843808 <+83>: pop %ebx 0x7b843809 <+84>: pop %ebp 0x7b84380a <+85>: lea -0x4(%ecx),%esp 0x7b84380d <+88>: ret --- snip ---

https://source.winehq.org/git/wine.git/commitdiff/8f732c66ab37b54c30d63c74f7... ("makefiles: Build with -fno-PIC on i386.")

--- snip --- $ gdb mainline-install-4.8-x86_64/lib/wine/kernel32.dll.so -batch -ex 'disassemble GetTickCount-1'

Dump of assembler code for function GetTickCount: 0x7b45cff0 <+0>: mov %edi,%edi 0x7b45cff2 <+2>: push %ebp 0x7b45cff3 <+3>: mov %esp,%ebp 0x7b45cff5 <+0>: pop %ebp 0x7b45cff6 <+1>: lea 0x4(%esp),%ecx 0x7b45cffa <+5>: and $0xfffffff0,%esp 0x7b45cffd <+8>: pushl -0x4(%ecx) 0x7b45d000 <+11>: push %ebp 0x7b45d001 <+12>: mov %esp,%ebp 0x7b45d003 <+14>: push %ecx 0x7b45d004 <+15>: lea -0x10(%ebp),%eax 0x7b45d007 <+18>: sub $0x1c,%esp 0x7b45d00a <+21>: push %eax 0x7b45d00b <+22>: lea -0x18(%ebp),%eax 0x7b45d00e <+25>: push %eax 0x7b45d00f <+26>: call 0x7b43c298 <NtQueryPerformanceCounter> 0x7b45d014 <+31>: imul $0x3e8,-0x14(%ebp),%ecx 0x7b45d01b <+38>: mov $0x3e8,%eax 0x7b45d020 <+43>: mull -0x18(%ebp) 0x7b45d023 <+46>: sub $0x8,%esp 0x7b45d026 <+49>: pushl -0xc(%ebp) 0x7b45d029 <+52>: pushl -0x10(%ebp) 0x7b45d02c <+55>: add %ecx,%edx 0x7b45d02e <+57>: push %edx 0x7b45d02f <+58>: push %eax 0x7b45d030 <+59>: call 0x7b4a85c0 <__divdi3> 0x7b45d035 <+64>: mov -0x4(%ebp),%ecx 0x7b45d038 <+67>: add $0x18,%esp 0x7b45d03b <+70>: leave 0x7b45d03c <+71>: lea -0x4(%ecx),%esp 0x7b45d03f <+74>: ret --- snip ---

https://source.winehq.org/git/wine.git/commitdiff/3e927c4aec9dbeef930b83f62e... ("ntdll: Extend NtGetTickCount() to return 64-bits. Forward kernel32 functions to it.")

--- snip --- $ gdb mainline-install-4.9-x86_64/lib/wine/kernel32.dll.so -batch -ex 'disassemble GetTickCount-1'

No symbol "GetTickCount" in current context. --- snip ---

https://source.winehq.org/git/wine.git/commitdiff/13e11d3fcbcf8790e031c4bc52... ("kernel32: Move the implementation of GetTickCount() to kernel32.")

--- snip --- $ gdb mainline-install-4.10-x86_64/lib/wine/kernel32.dll.so -batch -ex 'disassemble GetTickCount-1'

Dump of assembler code for function GetTickCount: 0x7b49a3c0 <+0>: mov %edi,%edi 0x7b49a3c2 <+2>: push %ebp 0x7b49a3c3 <+3>: mov %esp,%ebp 0x7b49a3c5 <+0>: pop %ebp 0x7b49a3c6 <+1>: lea 0x4(%esp),%ecx 0x7b49a3ca <+5>: and $0xfffffff0,%esp 0x7b49a3cd <+8>: pushl -0x4(%ecx) 0x7b49a3d0 <+11>: push %ebp 0x7b49a3d1 <+12>: mov %esp,%ebp 0x7b49a3d3 <+14>: push %esi 0x7b49a3d4 <+15>: push %ebx 0x7b49a3d5 <+16>: lea -0x20(%ebp),%ebx 0x7b49a3d8 <+19>: push %ecx 0x7b49a3d9 <+20>: sub $0x24,%esp 0x7b49a3dc <+23>: push %ebx 0x7b49a3dd <+24>: push $0x4 0x7b49a3df <+26>: call 0x7b49a3e0 <GetTickCount+27> 0x7b49a3e4 <+31>: add $0x10,%esp 0x7b49a3e7 <+34>: test %eax,%eax 0x7b49a3e9 <+36>: jne 0x7b49a430 <GetTickCount+107> 0x7b49a3eb <+38>: mov $0x989680,%ecx 0x7b49a3f0 <+43>: mov %ecx,%eax 0x7b49a3f2 <+45>: imull -0x20(%ebp) 0x7b49a3f5 <+48>: mov -0x1c(%ebp),%esi 0x7b49a3f8 <+51>: mov %eax,%ecx 0x7b49a3fa <+53>: mov %edx,%ebx 0x7b49a3fc <+55>: mov %esi,%eax 0x7b49a3fe <+57>: mov $0x51eb851f,%edx 0x7b49a403 <+62>: imul %edx 0x7b49a405 <+64>: sar $0x1f,%esi 0x7b49a408 <+67>: mov %edx,%eax 0x7b49a40a <+69>: sar $0x5,%eax 0x7b49a40d <+72>: sub %esi,%eax 0x7b49a40f <+74>: cltd 0x7b49a410 <+75>: add %ecx,%eax 0x7b49a412 <+77>: adc %ebx,%edx 0x7b49a414 <+79>: push $0x0 0x7b49a416 <+81>: push $0x2710 0x7b49a41b <+86>: push %edx 0x7b49a41c <+87>: push %eax 0x7b49a41d <+88>: call 0x7b4a8c70 <__udivdi3> 0x7b49a422 <+93>: add $0x10,%esp 0x7b49a425 <+96>: lea -0xc(%ebp),%esp 0x7b49a428 <+99>: pop %ecx 0x7b49a429 <+100>: pop %ebx 0x7b49a42a <+101>: pop %esi 0x7b49a42b <+102>: pop %ebp 0x7b49a42c <+103>: lea -0x4(%ecx),%esp 0x7b49a42f <+106>: ret 0x7b49a430 <+107>: sub $0x8,%esp 0x7b49a433 <+110>: push %ebx 0x7b49a434 <+111>: push $0x1 0x7b49a436 <+113>: call 0x7b49a437 <GetTickCount+114> 0x7b49a43b <+118>: add $0x10,%esp 0x7b49a43e <+121>: test %eax,%eax 0x7b49a440 <+123>: jne 0x7b49a450 <GetTickCount+139> 0x7b49a442 <+125>: mov $0x989680,%ebx 0x7b49a447 <+130>: mov %ebx,%eax 0x7b49a449 <+132>: jmp 0x7b49a3f2 <GetTickCount+45> 0x7b49a44b <+134>: lea 0x0(%esi,%eiz,1),%esi 0x7b49a44f <+138>: nop 0x7b49a450 <+139>: sub $0x8,%esp 0x7b49a453 <+142>: lea -0x28(%ebp),%eax 0x7b49a456 <+145>: push $0x0 0x7b49a458 <+147>: push %eax 0x7b49a459 <+148>: call 0x7b43c360 <NtQueryPerformanceCounter> 0x7b49a45e <+153>: mov -0x28(%ebp),%eax 0x7b49a461 <+156>: mov -0x24(%ebp),%edx 0x7b49a464 <+159>: pop %ecx 0x7b49a465 <+160>: pop %ebx 0x7b49a466 <+161>: jmp 0x7b49a414 <GetTickCount+79> --- snip ---

https://source.winehq.org/git/wine.git/commitdiff/cd215bb49bc240cdce5415c802... ("kernel32: Use the user shared data to implement GetTickCount().")

--- snip --- $ gdb mainline-install-5.9-x86_64/lib/wine/kernel32.dll.so -batch -ex 'disassemble GetTickCount-1'

Dump of assembler code for function GetTickCount: 0x7b4551c0 <+0>: mov %edi,%edi 0x7b4551c2 <+2>: push %ebp 0x7b4551c3 <+3>: mov %esp,%ebp 0x7b4551c5 <+0>: mov 0x7ffe0320,%eax 0x7b4551ca <+5>: pop %ebp 0x7b4551cb <+6>: ret --- snip ---

https://source.winehq.org/git/wine.git/commitdiff/0c631ebb2354334eaf309bc076... ("kernel32: Build with msvcrt.")

--- snip --- $ gdb mainline-install-5.19-x86_64/lib/wine/kernel32.dll -batch -ex 'disassemble GetTickCount'

Dump of assembler code for function KERNEL32!GetTickCount: 0x7b6257c0 <+0>: push %ebp 0x7b6257c1 <+1>: mov %esp,%ebp 0x7b6257c3 <+3>: mov 0x7ffe0320,%eax 0x7b6257c8 <+8>: pop %ebp 0x7b6257c9 <+9>: ret --- snip ---

HEAD: wine-5.22-328-g447924a6d68 -> will be included in wine-5.23

https://source.winehq.org/git/wine.git/commitdiff/5a0c9270b1225da86782bffd9e... ("include: Force aligning stack pointer also for Mingw builds.")

--- snip --- $ gdb mainline-install-x86_64/lib/wine/kernel32.dll -batch -ex 'disassemble GetTickCount'

Dump of assembler code for function KERNEL32!GetTickCount: 0x7b622970 <+0>: push %ebp 0x7b622971 <+1>: mov %esp,%ebp 0x7b622973 <+3>: and $0xfffffffc,%esp 0x7b622976 <+6>: mov 0x7ffe0320,%eax 0x7b62297b <+11>: mov %ebp,%esp 0x7b62297d <+13>: pop %ebp 0x7b62297e <+14>: ret --- snip ---

Regards