http://bugs.winehq.org/show_bug.cgi?id=23207
Summary: Mount & Blade Warband trial crashes quickly in GetSysColor Product: Wine Version: 1.2-rc3 Platform: x86 URL: http://download.taleworlds.com/mb_warband_setup_1123.e xe OS/Version: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
The game installs ok, but crashes with
Unhandled exception: page fault on read access to 0x002d5987 in 32-bit code (0x7ec65f27).
Backtrace: =>0 GetSysColor+0x17(nIndex=0x0005) [dlls/user32/sysparams.c:2917] in user32 1 0x002583f4 in skinmagic (+0x183f3) 2 ButtonWndProc_common+0xdf2(hWnd=0x7ebf0000, uMsg=0x7ff7, wParam=0, lParam=0, unicode=0) [dlls/user32/button.c:265] in user32 3 LoadBitmapW+0x27(instance=(nil), name=*** invalid address 0x7ff7 ***) [dlls/user32/cursoricon.c:2632] in user32 ... 13 CreateWindowExA+0xbe(exStyle=0, className="BUTTON", windowName="", style=0x40000000, x=0, y=0, width=0x000a, height=0x000a, parent=0x10064, menu=(nil), instance=0x400000, data=0x0(nil)) [dlls/user32/win.c:1472] in user32
Running with +relay works around the problem, and lets the game play (at least as far as I tried, which wasn't too far). Weird.
http://bugs.winehq.org/show_bug.cgi?id=23207
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression
--- Comment #1 from Dan Kegel dank@kegel.com 2010-06-16 07:50:33 --- Other people are playing successfully with older wine http://forums.taleworlds.com/index.php?topic=99405.0 and sure enough, it works for me with 1.1.38. So regression... and if other people can reproduce this, let's nominate for 1.2.
http://bugs.winehq.org/show_bug.cgi?id=23207
Wylda wylda@volny.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |wylda@volny.cz
--- Comment #2 from Wylda wylda@volny.cz 2010-06-17 17:09:34 ---
Hi Dan, i couldn't reproduce the crash under wine-1.2-rc3-106-gae942d6.
http://bugs.winehq.org/show_bug.cgi?id=23207
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID
--- Comment #3 from Alexandre Julliard julliard@winehq.org 2010-06-29 05:39:59 --- Cannot reproduce either, nonsensical backtrace, assuming invalid build. Please reopen if you can provide better information.
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #4 from Dan Kegel dank@kegel.com 2010-06-29 10:21:12 --- Still happening today with fresh build of wine.
Kernel is gentoo's 2.6.33, fwiw, which is affected by the wow bug.
http://bugs.winehq.org/show_bug.cgi?id=23207
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Nikolay Sivov bunglehead@gmail.com 2010-06-29 13:14:22 --- Closing.
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #6 from Connor C onesamildanach@gmail.com 2010-07-27 07:22:00 --- Created an attachment (id=29859) --> (http://bugs.winehq.org/attachment.cgi?id=29859) Output from terminal
When I try to start the game, I get an immediate 'Program Error'. I've copied and attached what the terminal spat out.
Fedora 12, Warband version 1.127, Wine version 1.2 from the official Fedora repositories.
Version 1.126 from Steam results in a zombie process, and doesn't spit any error messages at me (or did yesterday, unless my memory is acting up again).
Seems to work fine if I use PlayOnLinux to run it with Wine 1.2rc6.
http://bugs.winehq.org/show_bug.cgi?id=23207
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |farfrael@googlemail.com
--- Comment #7 from Dan Kegel dank@kegel.com 2010-10-19 20:43:13 CDT --- *** Bug 24186 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=23207
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|INVALID |
--- Comment #8 from Dan Kegel dank@kegel.com 2010-10-19 20:44:00 CDT --- Looks like other people are seeing this, so re-opening for now.
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #9 from - farfrael@googlemail.com 2010-10-23 04:14:56 CDT --- There is another (unrelated) bug with a user made patch attached (re-attached) which fixes the issue under wine 1.3.5. i.e. with that patch apllied, the game runs flawlessly.
The problem is apparently related to the nvidia driver not checking a certain value
Unfortunately, I am unable to find this other bug report again
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #10 from - farfrael@googlemail.com 2010-10-23 04:16:45 CDT --- Created an attachment (id=31456) --> (http://bugs.winehq.org/attachment.cgi?id=31456) made by another user - but works
found attached to another bug report yesterday (dealing with some strange Japanese fighting game of all things), cannot find the link again but can confirm the attached fixes the bug
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #11 from - farfrael@googlemail.com 2010-10-23 04:29:41 CDT --- This bug is solved by the patch posted here: http://bugs.winehq.org/show_bug.cgi?id=13490#c19
related bug number is 13490
http://bugs.winehq.org/show_bug.cgi?id=23207
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |DUPLICATE
--- Comment #12 from Dan Kegel dank@kegel.com 2010-10-23 10:20:22 CDT --- Thanks for digging that up!
*** This bug has been marked as a duplicate of bug 13490 ***
http://bugs.winehq.org/show_bug.cgi?id=23207
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from Dmitry Timoshkov dmitry@codeweavers.com 2010-10-23 10:46:42 CDT --- Closing duplicate.
http://bugs.winehq.org/show_bug.cgi?id=23207
Krzysztof Nowicki krissn@op.pl changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |krissn@op.pl
--- Comment #14 from Krzysztof Nowicki krissn@op.pl 2011-06-14 13:09:11 CDT --- The closing of this bug was a bit premature in my opinion. After some battle with winedbg I think I got to the bottom of it:
Wine-dbg>bt Backtrace: =>0 0x7ec1c81f GetSysColor+0x1e(nIndex=0x5) [sysparams.c:2916] in user32 (0x0440efe0) 1 0x002583f4 in skinmagic (+0x183f3) (0x0440f07c) 2 0x7eba8375 BITMAP_Load+0x2d5(instance=0x7eb80000, name=*** invalid address 0x7ff7 ***, desiredx=0, desiredy=0, loadflags=0) [cursoricon.c:2512] in user32 (0x0440f14c) 3 0x7eba898f LoadImageW+0xde(hinst=(nil), name=*** invalid address 0x7ff7 ***, type=0, desiredx=0, desiredy=0, loadflags=0) [cursoricon.c:2633] in user32 (0x0440f19c) 4 0x7eba937a LoadBitmapW+0x44(instance=(nil), name=*** invalid address 0x7ff7 ***) [cursoricon.c:2906] in user32 (0x0440f1cc)
Wine-dbg>disassemble ($eip-30),($eip+10) 0x7ec1c801 GetSysColor [sysparams.c:2914] in user32: jmp 0x00258393 0x7ec1c806 GetSysColor+0x5 [sysparams.c:2914] in user32: int $3 0x7ec1c807 GetSysColor+0x6 [sysparams.c:2914] in user32: int $3 0x7ec1c808 GetSysColor+0x7 [sysparams.c:2914] in user32: int $3 0x7ec1c809 GetSysColor+0x8 [sysparams.c:2914] in user32: popl %ecx 0x7ec1c80a GetSysColor+0x9 [sysparams.c:2914] in user32: addl $0x3a7eb,%ecx 0x7ec1c810 GetSysColor+0xf [sysparams.c:2915] in user32: cmpl $0,0x8(%ebp) 0x7ec1c814 GetSysColor+0x13 [sysparams.c:2915] in user32: js 0x7ec1c828 GetSysColor+0x27 [sysparams.c:2918] in user32 0x7ec1c816 GetSysColor+0x15 [sysparams.c:2915] in user32: cmpl $30,0x8(%ebp) 0x7ec1c81a GetSysColor+0x19 [sysparams.c:2915] in user32: jnle 0x7ec1c828 GetSysColor+0x27 [sysparams.c:2918] in user32 0x7ec1c81c GetSysColor+0x1b [sysparams.c:2916] in user32: movl 0x8(%ebp),%eax 0x7ec1c81f GetSysColor+0x1e [sysparams.c:2916] in user32: movl 0x3ef4c(%ecx,%eax,4),%eax 0x7ec1c826 GetSysColor+0x25 [sysparams.c:2916] in user32: jmp 0x7ec1c82d GetSysColor+0x2c [sysparams.c:2919] in user32 0x7ec1c828 GetSysColor+0x27 [sysparams.c:2918] in user32: movl $0x0,%eax
It looks like the skinmagic DLL has hooked the call to GetSysColor. This would have worked, except that the function is PIC and in place of the int $3 instructions there used to be a call $+5 instruction. This instruction was executed by the hook code, but obviously it's results were completely wrong.
I remember that GCC has a __attribute__((ms_hook_prologue)) for generating functions with the hot-patchable prologue. Is Wine using this option?
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #15 from Dan Kegel dank@kegel.com 2011-06-14 14:34:50 CDT --- Created an attachment (id=35146) --> (http://bugs.winehq.org/attachment.cgi?id=35146) patch to make GetSysColor hotpatchable
It can. Does this patch help for you?
http://bugs.winehq.org/show_bug.cgi?id=23207
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|regression | Status|CLOSED |REOPENED URL|http://download.taleworlds. | |com/mb_warband_setup_1123.e |http://games.on.net/file/35 |xe |089/MountBlade_Warband_Demo | |_v1.123 CC| |focht@gmx.net Component|-unknown |user32 Resolution|DUPLICATE | Summary|Mount & Blade Warband trial |Mount&Blade: Warband Demo |crashes quickly in |v1.123 crashes quickly in |GetSysColor |user32.GetSysColor (needs | |DECLSPEC_HOTPATCH entry for | |hooking code)
--- Comment #16 from Anastasius Focht focht@gmx.net 2011-06-14 14:47:07 CDT --- Hello Krzysztof,
--- quote --- The closing of this bug was a bit premature in my opinion. After some battle with winedbg I think I got to the bottom of it: ... --- quote ---
yes, you nailed it ;-)
--- quote --- I remember that GCC has a __attribute__((ms_hook_prologue)) for generating functions with the hot-patchable prologue. Is Wine using this option? --- quote ---
Yes, it is applied to APIs where a specific problem was found with hooking code or copy protections. This entry has no DECLSPEC_HOTPATCH decoration:
http://source.winehq.org/git/wine.git/blob/666c40f398087466bd0cc2ff0f511bf71...
With HOTPATCH applied to user32.GetSysColor:
Before hooking:
--- snip user32.GetSysColor --- 68424BB0 8BFF MOV EDI,EDI 68424BB2 55 PUSH EBP 68424BB3 8BEC MOV EBP,ESP 68424BB5 E8 46A9F7FF CALL 6839F500 68424BBA 81C1 3AE40300 ADD ECX,3E43A 68424BC0 837D 08 00 CMP DWORD PTR SS:[EBP+8],0 68424BC4 78 12 JS SHORT 68424BD8 ... --- snip user32.GetSysColor ---
After hooking:
--- snip user32.GetSysColor --- 68472BB0 - E9 DE57DD97 JMP 00248393 68472BB5 E8 46A9F7FF CALL 683ED500 68472BBA 81C1 3AE40300 ADD ECX,3E43A 68472BC0 837D 08 00 CMP DWORD PTR SS:[EBP+8],0 68472BC4 78 12 JS SHORT 68472BD8 68472BC6 837D 08 1E CMP DWORD PTR SS:[EBP+8],1E 68472BCA 7F 0C JG SHORT 68472BD8 68472BCC 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 68472BCF 8B8481 CC4B0400 MOV EAX,DWORD PTR DS:[EAX*4+ECX+44BCC] 68472BD6 EB 05 JMP SHORT 68472BDD 68472BD8 B8 00000000 MOV EAX,0 68472BDD 5D POP EBP 68472BDE C2 0400 RETN 4 --- snip user32.GetSysColor ---
This is the original function chunk saved by the hooker:
--- snip --- 00257C43 8BFF MOV EDI,EDI 00257C45 55 PUSH EBP 00257C46 8BEC MOV EBP,ESP 00257C48 - E9 68CF1C68 JMP 68424BB5 --- snip ---
So it works with the skinmagic hooker.
$ sha1sum mb_warband_setup_1123.exe 5c6f73b666e0634735bf89074d7a8bb0df2ba30e mb_warband_setup_1123.exe
Regards
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #17 from Krzysztof Nowicki krissn@op.pl 2011-06-14 15:05:44 CDT --- I made the GetSysColor hot-patchable and the game started.
I did a binary comparison of the original user32.dll and the memory contents after loading and I found more hot-patched functions that don't have the DECLSPEC_HOTPATCH attribute set.
I was just about to send a patch to wine-patches.
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #18 from Dan Kegel dank@kegel.com 2011-06-14 15:38:03 CDT --- Game does start with just GetSysColor patched, but the mouse pointer doesn't show up if you press esc to bring up menus during play...
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #19 from Krzysztof Nowicki krissn@op.pl 2011-06-14 15:51:38 CDT --- (In reply to comment #18)
Game does start with just GetSysColor patched, but the mouse pointer doesn't show up if you press esc to bring up menus during play...
Yes, I noticed that too. No idea as to the cause though.
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #20 from Austin English austinenglish@gmail.com 2011-06-14 16:10:36 CDT --- (In reply to comment #19)
(In reply to comment #18)
Game does start with just GetSysColor patched, but the mouse pointer doesn't show up if you press esc to bring up menus during play...
Yes, I noticed that too. No idea as to the cause though.
See bug 27349.
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #21 from Krzysztof Nowicki krissn@op.pl 2011-06-15 12:54:18 CDT --- (In reply to comment #18)
Game does start with just GetSysColor patched, but the mouse pointer doesn't show up if you press esc to bring up menus during play...
Could this be related to this error?
err:d3d_surface:surface_load Not supported on scratch surfaces.
This error doesn't appear neither when the menu is first shown nor after entering battle mode. It starts showing repeatedly once I exit from the battle mode to a menu. It stops showing when I quit the menu and return to the game.
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #22 from Krzysztof Nowicki krissn@op.pl 2011-06-15 15:57:11 CDT --- The patch adding DECLSPEC_HOTPATCH to a couple of user32 functions has been commited:
http://source.winehq.org/git/wine.git/commit/74159467168c7925857267f3aef71f0...
I have checked other DLLs for hot-patched functions that were missing the DECLSPEC_HOTPATCH attribute but I didn't find any.
The issue mentioned in this bug is now fixed and the bug itself can be marked as solved.
I beileve that the missing mouse pointer is a different issue and deserves a separate bug report (unless somebody can dig out an existing one).
http://bugs.winehq.org/show_bug.cgi?id=23207
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED
--- Comment #23 from Dan Kegel dank@kegel.com 2011-06-15 16:02:38 CDT --- Thanks!
http://bugs.winehq.org/show_bug.cgi?id=23207
--- Comment #24 from Krzysztof Nowicki krissn@op.pl 2011-06-16 15:27:34 CDT --- Raised bug 27507 for the mouse issue.
http://bugs.winehq.org/show_bug.cgi?id=23207
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #25 from Alexandre Julliard julliard@winehq.org 2011-06-24 17:43:47 CDT --- Closing bugs fixed in 1.3.23.
http://bugs.winehq.org/show_bug.cgi?id=23207
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Fixed by SHA1| |74159467168c7925857267f3aef | |71f09face2c9c URL| |http://games.on.net/file/35 |http://games.on.net/file/35 |089/MountBlade_Warband_Demo |089/MountBlade_Warband_Demo |_v1.123 |_v1.123 |
-
wine-bugs@winehq.org