https://bugs.winehq.org/show_bug.cgi?id=31396
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.freeotfe.org/dow |http://sourceforge.net/proj |nload.html |ects/freeotfe.mirror/files/ | |FreeOTFE_5_21.exe/download CC| |focht@gmx.net Summary|freeOTFE requires |FreeOTFE reports missing |administrator rights |administrator rights | |(kernel drivers crash on | |startup due to | |'IoCsqInitialize' being a | |stub)
--- Comment #13 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
Relevant part of trace log:
--- snip --- ... 00c0:Ret advapi32.CreateServiceA() retval=00000000 ret=00517fa2 ... 00c0:Call gdi32.GetTextExtentPoint32A(0004002a,007339e8 "Starting: FreeOTFEHashWhirlpool.sys...",00000026,0033f56c) ret=0042f4e7 ... 00c0:Ret user32.PeekMessageA() retval=00000000 ret=0047f065 00c0:Call advapi32.EnumServicesStatusA(0015ef48,0000000b,00000001,00000000,00000000,0033fc38,0033fc34,0033fc30) ret=0051718d 00c0:trace:service:EnumServicesStatusA 0x15ef48 0xb 0x1 (nil) 0 0x33fc38 0x33fc34 0x33fc30 00c0:trace:service:EnumServicesStatusW 0x15ef48 0xb 0x1 0x15e9f0 36 0x33fc38 0x33fc34 0x33fc30 00c0:fixme:service:EnumServicesStatusW resume handle not supported ... 00c0:Call advapi32.CreateServiceA(0015ef48,00743a88 "FreeOTFEHashWhirlpool",00743a88 "FreeOTFEHashWhirlpool",000f01ff,00000001,00000003,00000001,0071e088 "C:\Program Files\FreeOTFE\\x86\FreeOTFEHashWhirlpool.sys",00000000,00000000,00000000,00000000,00000000) ret=00517fa2 00c0:trace:service:CreateServiceA 0x15ef48 "FreeOTFEHashWhirlpool" "FreeOTFEHashWhirlpool" 00c0:trace:service:CreateServiceW 0x15ef48 L"FreeOTFEHashWhirlpool" L"FreeOTFEHashWhirlpool" ... 00c0:Ret advapi32.CreateServiceA() retval=00000000 ret=00517fa2 ... 00c0:Call KERNEL32.WideCharToMultiByte(000004e4,00000000,001a4c54 L"One or more of your portable FreeOTFE drivers could not be installed/started.\r\n\r\nYou need administrator privileges in order to carry out this operation.\r\n\r\nPlease select "File | Drivers..." to check which drivers are currently operating.",000000ed,0033ed30,00000fff,00000000,00000000) ret=004052db ... --- snip ---
The reason for the error message is that all kernel drivers are crashing when being started as service.
--- snip --- $ egrep "(service:load_service_config.*\\Free)" log.txt | cut -d "=" -f2 L"C:\windows\system32\FreeOTFE.sys" L"C:\windows\system32\FreeOTFECypherAES_ltc.sys" L"C:\windows\system32\FreeOTFECypherBlowfish.sys" L"C:\windows\system32\FreeOTFECypherCAST5.sys" L"C:\windows\system32\FreeOTFECypherCAST6_Gladman.sys" L"C:\windows\system32\FreeOTFECypherDES.sys" L"C:\windows\system32\FreeOTFECypherMARS_Gladman.sys" L"C:\windows\system32\FreeOTFECypherRC6_ltc.sys" L"C:\windows\system32\FreeOTFECypherSerpent_Gladman.sys" L"C:\windows\system32\FreeOTFECypherTwofish_ltc.sys" L"C:\windows\system32\FreeOTFEHashMD.sys" L"C:\windows\system32\FreeOTFEHashRIPEMD.sys" L"C:\windows\system32\FreeOTFEHashSHA.sys" L"C:\windows\system32\FreeOTFEHashTiger.sys" L"C:\windows\system32\FreeOTFEHashWhirlpool.sys" --- snip ---
Example tracing of one kernel driver startup (applies to all other):
--- snip --- ... 001b:Starting thread proc 0x543f78 (arg=0x11eb90) 001b:Call ntoskrnl.exe.KeGetCurrentThread() ret=00543f88 001b:fixme:ntoskrnl:KeGetCurrentThread () stub 001b:Ret ntoskrnl.exe.KeGetCurrentThread() retval=00000000 ret=00543f88 001b:Call ntoskrnl.exe.KeSetPriorityThread(00000000,00000010) ret=00543f8f 001b:fixme:ntoskrnl:KeSetPriorityThread ((nil) 16) 001b:Ret ntoskrnl.exe.KeSetPriorityThread() retval=00000010 ret=00543f8f 001b:Call ntoskrnl.exe.KeWaitForSingleObject(0011f13c,00000000,00000000,00000000,00000000) ret=00543fa8 001b:fixme:ntoskrnl:KeWaitForSingleObject stub: 0x11f13c, 0, 0, 0, (nil) 001b:Ret ntoskrnl.exe.KeWaitForSingleObject() retval=c0000002 ret=00543fa8 001b:Call ntoskrnl.exe.PsTerminateSystemThread(00000000) ret=005440a7 001b:fixme:ntoskrnl:PsTerminateSystemThread stub: 0 001b:Ret ntoskrnl.exe.PsTerminateSystemThread() retval=c0000002 ret=005440a7 001b:Call PE DLL (proc=0xf71cea58,module=0xf7160000 L"msvcrt.dll",reason=THREAD_DETACH,res=(nil)) 001b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=f7196af8 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=f7196af8 001b:Ret PE DLL (proc=0xf71cea58,module=0xf7160000 L"msvcrt.dll",reason=THREAD_DETACH,res=(nil)) retval=1 001b:Call PE DLL (proc=0xf7372e84,module=0xf7320000 L"rpcrt4.dll",reason=THREAD_DETACH,res=(nil)) 001b:Ret PE DLL (proc=0xf7372e84,module=0xf7320000 L"rpcrt4.dll",reason=THREAD_DETACH,res=(nil)) retval=1 001b:Call PE DLL (proc=0xf72f9e84,module=0xf72a0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) 001b:Ret PE DLL (proc=0xf72f9e84,module=0xf72a0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 001b:Call PE DLL (proc=0xf70cea58,module=0xf7060000 L"msvcrt.dll",reason=THREAD_ATTACH,res=(nil)) 001b:Ret PE DLL (proc=0xf70cea58,module=0xf7060000 L"msvcrt.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 001b:Starting thread proc 0x541194 (arg=0x11ec80) 001b:Call ntoskrnl.exe.KeGetCurrentThread() ret=005411a3 001b:fixme:ntoskrnl:KeGetCurrentThread () stub 001b:Ret ntoskrnl.exe.KeGetCurrentThread() retval=00000000 ret=005411a3 001b:Call ntoskrnl.exe.KeSetPriorityThread(00000000,00000010) ret=005411aa 001b:fixme:ntoskrnl:KeSetPriorityThread ((nil) 16) 001b:Ret ntoskrnl.exe.KeSetPriorityThread() retval=00000010 ret=005411aa 001b:Call ntoskrnl.exe.KeWaitForSingleObject(0011eeb8,00000000,00000000,00000000,00000000) ret=005411c3 001b:fixme:ntoskrnl:KeWaitForSingleObject stub: 0x11eeb8, 0, 0, 0, (nil) 001b:Ret ntoskrnl.exe.KeWaitForSingleObject() retval=c0000002 ret=005411c3 001b:trace:ntdll:NtQueryInformationProcess (0xffffffff,0x00000022,0x75e6c8,0x00000004,(nil)) 001b:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000 tid=001b 001b:trace:seh:raise_exception info[0]=00000000 001b:trace:seh:raise_exception info[1]=00000000 001b:trace:seh:raise_exception eax=0075ea44 ebx=00000000 ecx=eabc3be3 edx=0075ef8c esi=0011ee98 edi=0011ed38 001b:trace:seh:raise_exception ebp=0075ea3c esp=0075ea28 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 001b:trace:seh:call_vectored_handlers calling handler at 0x7ecf78d8 code=c0000005 flags=0 001b:trace:seh:call_vectored_handlers handler at 0x7ecf78d8 returned 0 001b:trace:seh:call_stack_handlers calling handler at 0x7bc9ed1b code=c0000005 flags=0 --- snip ---
There is lots of stuff going wrong here.
For example, the KeWaitXXX family of wait functions does nothing, returning immediately instead of executing a potentially blocking wait.
This leads to driver threads immediately exiting as seen by calls to 'PsTerminateSystemThread' and 'THREAD_DETACH' notifications.
The crash itself is caused by 'IoCsqInitialize' being a stub, not initializing 'IO_CSQ' structure at all.
MSDN: http://msdn.microsoft.com/en-us/library/windows/hardware/ff549054%28v=vs.85%...
Driver-defined CsqXXXIrp functions are never "wired" up to be called later.
$ sha1sum FreeOTFE_5_21.exe 736f42d4f2ed216ff8fbb883c44055242599e812 FreeOTFE_5_21.exe
$ du -sh FreeOTFE_5_21.exe 2.9M FreeOTFE_5_21.exe
$ wine --version wine-1.7.34
Regards