[Bug 50428] New: 'BHDrvx64'.sys' (part of Norton Antivirus 2010) crashes on unimplemented function 'ntoskrnl.exe.SeCaptureSecurityDescriptor'

https://bugs.winehq.org/show_bug.cgi?id=50428

Bug ID: 50428 Summary: 'BHDrvx64'.sys' (part of Norton Antivirus 2010) crashes on unimplemented function 'ntoskrnl.exe.SeCaptureSecurityDescriptor' Product: Wine Version: 6.0-rc4 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---

Hello folks,

as it says. Continuation of bug 34083

The driver is part of Norton Antivirus 2010, installed as auto-start kernel service.

--- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl,+winedevice wineboot >>log.txt 2>&1 ... 0054:trace:ntoskrnl:load_driver loading driver L"C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys" 0054:Call KERNEL32.LoadLibraryW(00043480 L"C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys") ret=0032606e ... 0054:trace:ntoskrnl:ldr_notify_callback loading L"FLTMGR.SYS" ... 0054:trace:ntoskrnl:ldr_notify_callback loading L"BHDrvx64.sys" ... 0054:Ret KERNEL32.LoadLibraryW() retval=00d60000 ret=0032606e ... 0054:Call driver init 0000000000DFC064 (obj=00000000000431C0,str=L"\Registry\Machine\System\CurrentControlSet\Services\BHDrvx64") ... 0054:Call KERNEL32.RaiseException(80000100,00000001,00000002,00c3f570) ret=00330ad5 0054:Call ntdll.memcpy(00c3f450,00c3f570,00000010) ret=7b012ae3 0054:Ret ntdll.memcpy() retval=00c3f450 ret=7b012ae3 0054:trace:seh:dispatch_exception code=80000100 flags=1 addr=000000007B012AF2 ip=000000007B012AF2 tid=0054 0054:trace:seh:dispatch_exception info[0]=000000000034f000 0054:trace:seh:dispatch_exception info[1]=0000000000352f16 0054:trace:seh:call_vectored_handlers calling handler at 000000000031D2F0 code=80000100 flags=1 0054:trace:seh:call_vectored_handlers handler at 000000000031D2F0 returned 0 0054:trace:seh:call_vectored_handlers calling handler at 000000007B011BA0 code=80000100 flags=1 0054:trace:seh:call_vectored_handlers handler at 000000007B011BA0 returned 0 ... wine: Call from 000000007B012AF2 to unimplemented function ntoskrnl.exe.SeCaptureSecurityDescriptor, aborting --- snip ---

Wine source:

https://source.winehq.org/git/wine.git/blob/784cb2060ab63076adc349dcb1d15a6c...

--- snip --- 1317 @ stub SeCaptureSecurityDescriptor --- snip ---

Virustotal.com scan of the binary:

https://www.virustotal.com/gui/file/b8110fba782df5f9bfc25d39315b5ccd1f375b20...

$ sha1sum NAV10TBEN.exe eadfb9c860146186c548aba695a9be87607f5586 NAV10TBEN.exe

$ du -sh NAV10TBEN.exe 74M NAV10TBEN.exe

$ wine --version wine-6.0-rc4

Regards