[Bug 46804] New: StarForce v3 kernel driver service 'sfhlp02' crashes in driver entry point due to ' ntoskrnl.exe.IoCreateSynchronizationEvent' stub
https://bugs.winehq.org/show_bug.cgi?id=46804
Bug ID: 46804 Summary: StarForce v3 kernel driver service 'sfhlp02' crashes in driver entry point due to 'ntoskrnl.exe.IoCreateSynchronizationEvent' stub Product: Wine Version: 4.3 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
while revisiting bug 44925 I've noticed the SF driver crashes now in entry point. Technically a regression due to the introduction of "kernel" synchronization objects/functions. Bug 44588 and friends.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/TmSunriseDemoMag
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll,+process wine ./TmSunriseDemoMag.exe
log.txt 2>&1
... 0031:trace:ntoskrnl:load_driver loading driver L"System32\drivers\sfhlp02.sys" 0031:Call KERNEL32.LoadLibraryW(0011d880 L"System32\drivers\sfhlp02.sys") ret=7e97f680 0031:trace:loaddll:load_native_dll Loaded L"C:\windows\System32\drivers\sfhlp02.sys" at 0x550000: native 0031:Ret KERNEL32.LoadLibraryW() retval=00550000 ret=7e97f680 ... 0031:trace:ntoskrnl:load_driver_module L"System32\drivers\sfhlp02.sys": relocating from 0x10000 to 0x550000 ... 0031:Call driver init 0x555300 (obj=0x11d7a8,str=L"\Registry\Machine\System\CurrentControlSet\Services\sfhlp02") ... 0031:Call ntoskrnl.exe.IoCreateSymbolicLink(0042fbe4,0042fbec) ret=0055515b 0031:trace:ntoskrnl:IoCreateSymbolicLink L"\DosDevices\sfhlp02i" -> L"\Device\sfhlp02i" 0031:Call ntdll.NtCreateSymbolicLinkObject(0042fb54,000f0001,0042fb3c,0042fbec) ret=7e97adb0 0031:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7e97adb0 0031:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=0055515b ... 0031:Call ntoskrnl.exe.RtlInitUnicodeString(0042fbf0,00555334 L"\Device\StarForce - {60E30D10-C32F-4845-8477-139131D5E900}") ret=00555406 0031:Call ntdll.RtlInitUnicodeString(0042fbf0,00555334 L"\Device\StarForce - {60E30D10-C32F-4845-8477-139131D5E900}") ret=7bc87f7c 0031:Ret ntdll.RtlInitUnicodeString() retval=0042fbf0 ret=7bc87f7c 0031:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0042fbf0 ret=00555406 0031:Call ntoskrnl.exe.IoCreateSynchronizationEvent(0042fbf0,0042fbfc) ret=00555414 0031:fixme:ntoskrnl:IoCreateSynchronizationEvent (0x42fbf0 0x42fbfc) stub 0031:Ret ntoskrnl.exe.IoCreateSynchronizationEvent() retval=deadbeaf ret=00555414 0031:Call ntoskrnl.exe.KeEnterCriticalRegion() ret=0055542c 0031:fixme:ntoskrnl:KeEnterCriticalRegion : stub 0031:Ret ntoskrnl.exe.KeEnterCriticalRegion() retval=00000031 ret=0055542c 0031:Call ntoskrnl.exe.KeWaitForSingleObject(deadbeaf,00000000,00000000,00000000,00000000) ret=00555437 0031:trace:ntoskrnl:KeWaitForMultipleObjects count 1, objs 0x42fb70, wait_type 1, reason 0, mode 0, alertable 0, timeout (nil), wait_blocks (nil). 0031:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e9817a9 ip=7e9817a9 tid=0031 0031:trace:seh:raise_exception info[0]=00000000 0031:trace:seh:raise_exception info[1]=deadbeb7 0031:trace:seh:raise_exception eax=deadbeb7 ebx=0042fb20 ecx=0042f9b0 edx=00000000 esi=0042fbc4 edi=0042fb84 0031:trace:seh:raise_exception ebp=0042fb08 esp=0042f9c0 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210296 0031:trace:seh:call_vectored_handlers calling handler at 0x7e976ddd code=c0000005 flags=0 0031:trace:seh:call_vectored_handlers handler at 0x7e976ddd returned 0 0031:trace:seh:call_stack_handlers calling handler at 0x7bcbae2a code=c0000005 flags=0 wine: Unhandled page fault on read access to 0xdeadbeb7 at address 0x7e9817a9 (thread 0031), starting debugger... --- snip ---
KeWaitForXXX functions now expect valid handles and can't deal with the fake ones from (semi) stubs.
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl...
--- snip --- 3139 PKEVENT WINAPI IoCreateSynchronizationEvent(PUNICODE_STRING name, PHANDLE handle) 3140 { 3141 FIXME("(%p %p) stub\n", name, handle); 3142 return (KEVENT *)0xdeadbeaf; 3143 } --- snip ---
$ sha1sum tmsunrisedemo_setup.exe 2d44577a71718464c595d9da91a017fb0914afc4 tmsunrisedemo_setup.exe
$ du -sh tmsunrisedemo_setup.exe 210M tmsunrisedemo_setup.exe
$ wine --version wine-4.3-188-gab7756619c
Regards
https://bugs.winehq.org/show_bug.cgi?id=46804
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, obfuscation URL| |https://www.fileplanet.com/ | |151268/download/TrackMania: | |-Sunrise-Demo
https://bugs.winehq.org/show_bug.cgi?id=46804
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |fd8bc0c16dcfab29007b4e3af32 | |531aa23145007 Resolution|--- |FIXED URL|https://www.fileplanet.com/ |https://web.archive.org/web |151268/download/TrackMania: |/20190405224925/http://down |-Sunrise-Demo |load.fileplanet.com/ftp1/03 | |2005/tmsunrisedemo_setup.ex | |e?st=5enhbbW_nPuPEL3JShfg3Q | |&e=1554515342 Status|NEW |RESOLVED
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/fd8bc0c16dcfab29007b4e3af3... ("ntoskrnl.exe: Implement IoCreateSynchronizationEvent.").
Thanks Jacek
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/TmSunriseDemoMag
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll,+process wine ./TmSunriseDemoMag.exe
log.txt 2>&1
... 0009:Call advapi32.CreateServiceA(001713a0,01daa35c "sfhlp02",01daa328 "StarForce Protection Helper Driver (version 2.x)",00000000,00000001,00000000,00000001,0033e720 "System32\drivers\sfhlp02.sys",00000000,00000000,00000000,00000000,00000000) ret=00cb23a0 ... 0031:Call driver init 0x555300 (obj=0x11d7e0,str=L"\Registry\Machine\System\CurrentControlSet\Services\sfhlp02") ... 0031:Call ntoskrnl.exe.RtlInitUnicodeString(0042fbf0,00555334 L"\Device\StarForce - {60E30D10-C32F-4845-8477-139131D5E900}") ret=00555406 ... 0031:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0042fbf0 ret=00555406 0031:Call ntoskrnl.exe.IoCreateSynchronizationEvent(0042fbf0,0042fbfc) ret=00555414 0031:trace:ntoskrnl:IoCreateSynchronizationEvent (0x42fbf0 0x42fbfc) 0031:Call ntdll.NtCreateEvent(0042fb48,001f0003,0042fb4c,00000001,00000001) ret=7e960671 0031:Ret ntdll.NtCreateEvent() retval=00000000 ret=7e960671 0031:Call ntdll.NtQueryObject(0000003c,00000002,0042f9f0,00000100,0042faf0) ret=7e956d72 0031:Ret ntdll.NtQueryObject() retval=00000000 ret=7e956d72 0031:Call ntdll.RtlCompareUnicodeStrings(7e96b168,00000005,0042fa50,00000005,00000000) ret=7e956eab 0031:Ret ntdll.RtlCompareUnicodeStrings() retval=00000000 ret=7e956eab ... 0031:Call ntdll.NtQueryEvent(0000003c,00000000,0042f9c4,00000008,00000000) ret=7e9605ad 0031:Ret ntdll.NtQueryEvent() retval=00000000 ret=7e9605ad 0031:trace:ntoskrnl:KeInitializeEvent event 0x11d620, type 1, state 1. 0031:Ret ntoskrnl.exe.IoCreateSynchronizationEvent() retval=0011d620 ret=00555414 0031:Call ntoskrnl.exe.KeEnterCriticalRegion() ret=0055542c 0031:fixme:ntoskrnl:KeEnterCriticalRegion : stub 0031:Ret ntoskrnl.exe.KeEnterCriticalRegion() retval=00000031 ret=0055542c 0031:Call ntoskrnl.exe.KeWaitForSingleObject(0011d620,00000000,00000000,00000000,00000000) ret=00555437 0031:trace:ntoskrnl:KeWaitForMultipleObjects count 1, objs 0x42fb70, wait_type 1, reason 0, mode 0, alertable 0, timeout (nil), wait_blocks (nil). 0031:Call ntdll.NtWaitForMultipleObjects(00000001,0042f9d8,00000001,00000000,00000000) ret=7e960266 0031:Ret ntdll.NtWaitForMultipleObjects() retval=00000000 ret=7e960266 0031:Call ntdll.NtClose(00000040) ret=7e960331 0031:Ret ntdll.NtClose() retval=00000000 ret=7e960331 0031:Ret ntoskrnl.exe.KeWaitForSingleObject() retval=00000000 ret=00555437 ... --- snip ---
$ wine --version wine-4.5-222-g8ee1e3453e
Regards
https://bugs.winehq.org/show_bug.cgi?id=46804
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.6.
-
wine-bugs@winehq.org