http://bugs.winehq.org/show_bug.cgi?id=34125
Bug #: 34125 Summary: JX3Client.exe crashes at start Product: Wine Version: 1.6 Platform: x86 URL: http://jx3.client.cdn.kingsoft.com/JXOnline3-v3.0.4.49 80/JXOnline3-v3.0.4.4980.rar OS/Version: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: fracting@gmail.com Depends on: 34124 Classification: Unclassified
1. Download and install JX3 game http://jx3.client.cdn.kingsoft.com/JXOnline3-v3.0.4.4980/JXOnline3-v3.0.4.49...
2. winetricks -q wininet, workaround bug 34124
3. Start JX3Launhcer.exe, the laucher will start gameupdater.exe and download some update packages, wait for the downloading until finish. (The game refuse to start if it hasn't been upgrade to latest version)
4. Start JX3Client.exe:
One way is to start JX3Launcher.exe ~/.wine/drive_c/Program Files/Kingsoft/JX3$ wine JX3Launcher.exe And then click on '开始游戏'(Start game)
The other way is start JX3Client.exe with special parameter: drive_c/Program Files/Kingsoft/JX3/bin/zhcn$ wine JX3Client.exe DOTNOTSTARTGAMEBYJX3CLIENT.EXE
Expect result: The game should start normally Actual result: The game crashes at start.
game version after auto update: 3.0.4.5023
http://bugs.winehq.org/show_bug.cgi?id=34125
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |cherrot+wine@cherrot.com
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #1 from Qian Hong fracting@gmail.com 2013-07-24 07:03:04 CDT --- (In reply to comment #0)
- Download and install JX3 game
http://jx3.client.cdn.kingsoft.com/JXOnline3-v3.0.4.4980/JXOnline3-v3.0.4.49...
winetricks -q wininet, workaround bug 34124
Start JX3Launhcer.exe, the laucher will start gameupdater.exe and download
some update packages, wait for the downloading until finish. (The game refuse to start if it hasn't been upgrade to latest version)
Forgot to say, between Step2 and Step3, winetricks -q flash is needed
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #2 from Qian Hong fracting@gmail.com 2013-07-24 07:28:33 CDT --- Created attachment 45380 --> http://bugs.winehq.org/attachment.cgi?id=45380 patch: hack for JX3Client v1: d3d9/directx.c:d3d9_AddRef()
Interesting thing:
With +d3d9 trace, the crashing magically disappear. After a series of bisect, I found the attach patch hack-d3d9.txt is the simplest hack to workaround the crashing.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #3 from Nikolay Sivov bunglehead@gmail.com 2013-07-24 08:06:55 CDT --- And if you add a warn+heap? It's probably interesting what happens before that call, cause some memory could be trashed already at this point and more traces just hide a problem.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #4 from Qian Hong fracting@gmail.com 2013-07-24 08:13:44 CDT --- Created attachment 45381 --> http://bugs.winehq.org/attachment.cgi?id=45381 patch: hack for JX3Client v2: wined3d/directx.c:wined3d_get_device_caps()
Another interesting thing: +d3d magically workaround the crashing as well, the attach patch is the simplest hack.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #5 from Qian Hong fracting@gmail.com 2013-07-24 09:17:28 CDT --- Created attachment 45382 --> http://bugs.winehq.org/attachment.cgi?id=45382 Log: +tid,warn+heap
Thanks Nikolay, warn+heap log doesn't show any log, but I see some HeapSetInformation calls, HeapSetInformation is a stub in Wine, not sure if it matters, attach the log anyway.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #6 from Qian Hong fracting@gmail.com 2013-07-24 09:36:50 CDT --- Created attachment 45383 --> http://bugs.winehq.org/attachment.cgi?id=45383 valgrind log
Latest valgrind output before crashing:
==15203== Use of uninitialised value of size 4 ==15203== at 0xEC7E6CD: ??? (in /home/fracting/Wine/jian-wang-3/wineprefix.jian-wang-3/drive_c/Program Files/Kingsoft/JX3/bin/zhcn/KG3DEngine.dll) ==15203== ==15203== Invalid read of size 4 ==15203== at 0xEC7E6CD: ??? (in /home/fracting/Wine/jian-wang-3/wineprefix.jian-wang-3/drive_c/Program Files/Kingsoft/JX3/bin/zhcn/KG3DEngine.dll) ==15203== Address 0x1 is not stack'd, malloc'd or (recently) free'd ==15203== 0025:trace:seh:raise_exception code=c0000005 flags=0 addr=0xec7e6cd ip=0ec7e6cd tid=0025 0025:trace:seh:raise_exception info[0]=00000000 0025:trace:seh:raise_exception info[1]=00000001 0025:trace:seh:raise_exception eax=00000001 ebx=278127e0 ecx=0bac3650 edx=00000000 esi=0bddc9d8 edi=0bac3650 0025:trace:seh:raise_exception ebp=00000000 esp=7f23cda8 cs=0073 ds=007b es=007b fs=000b gs=0013 flags=00000095 0025:trace:seh:call_stack_handlers calling handler at 0xef50577 code=c0000005 flags=0 0025:trace:seh:call_stack_handlers handler at 0xef50577 returned 1
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #7 from Qian Hong fracting@gmail.com 2013-07-24 09:41:03 CDT --- Created attachment 45384 --> http://bugs.winehq.org/attachment.cgi?id=45384 Backtrace generated from winedbg
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #8 from Qian Hong fracting@gmail.com 2013-07-25 11:33:36 CDT --- Created attachment 45389 --> http://bugs.winehq.org/attachment.cgi?id=45389 dummy hack suggested by Ken
With this hack, the backtrace is:
--- snip --- fixme:d3d:wined3d_device_set_software_vertex_processing device 0x168d88, software 0 stub! Unhandled exception: page fault on read access to 0x55667788 in 32-bit code (0x0759e6e9). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:0759e6e9 ESP:0033cda8 EBP:00000000 EFLAGS:00210202( R- -- I - - - ) EAX:55667788 EBX:1aa55f98 ECX:00162060 EDX:00000000 ESI:23defcd8 EDI:23df20dc Stack dump: 0x0033cda8: 80004005 1aa53080 00000000 1aa55f98 0x0033cdb8: 00000000 23defcd8 23df20c0 1aa55f98 0x0033cdc8: 00000018 00000040 0000001c 00000000 0x0033cdd8: 0060161e 00000020 00000034 00000000 0x0033cde8: 001476a0 00000114 001476a4 001476a4 0x0033cdf8: 00000000 0000000c 0000001c 55667788 Backtrace: =>0 0x0759e6e9 in kg3dengine (+0x16e6e9) (0x00000000) 0x0759e6e9: movl 0x0(%eax),%ecx Wine-dbg> --- snip ---
Notice that the address 0x55667788 exactly matches dummy[7],dummy[6],dummy[5],dummy[4] in the hack.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #9 from Qian Hong fracting@gmail.com 2013-07-25 11:37:19 CDT --- Created attachment 45390 --> http://bugs.winehq.org/attachment.cgi?id=45390 dummy hack version 2
With (and only with) this patch:
--- snip --- fixme:d3d:wined3d_device_set_software_vertex_processing device 0x15b6a0, software 0 stub! Unhandled exception: page fault on read access to 0xaabbccdd in 32-bit code (0x0ca9e6e9). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:0ca9e6e9 ESP:0033cda8 EBP:00000000 EFLAGS:00210202( R- -- I - - - ) EAX:aabbccdd EBX:215d5838 ECX:00000000 EDX:00000000 ESI:24f38018 EDI:24f3afec Stack dump: 0x0033cda8: 80004005 215d2920 00000000 215d5838 0x0033cdb8: 00000000 24f38018 24f3afd0 215d5838 0x0033cdc8: 00000018 00000040 0000001c 00000000 0x0033cdd8: 00645670 00000020 00000034 00153448 0x0033cde8: 00153458 00000201 0003dec1 f5400248 0x0033cdf8: 00000000 0000000c 0000001c aabbccdd Backtrace: =>0 0x0ca9e6e9 in kg3dengine (+0x16e6e9) (0x00000000) 0x0ca9e6e9: movl 0x0(%eax),%ecx
--- snip ---
The address 0xaabbccdd match the dummy array as well.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #10 from Qian Hong fracting@gmail.com 2013-07-25 11:41:31 CDT --- Created attachment 45391 --> http://bugs.winehq.org/attachment.cgi?id=45391 Log: +tid,+relay,+seh,+d3d,+d3d9 trace with dummy hacks (combines hack v1 and hack v2)
When dummy hack 1 and dummy hack 2 are combined, the behavior is the same as dummy hack 1 only.
http://bugs.winehq.org/show_bug.cgi?id=34125
Jactry Zeng jactry92@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jactry92@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #11 from Nikolay Sivov bunglehead@gmail.com 2013-07-25 12:54:04 CDT --- I have no idea about anything related to d3d but this looks like where it fails:
--- 118566706:0025:trace:d3d9:d3d9_device_CreateVertexDeclaration iface 0x16d4d0, elements 0x1953365c, declaration 0x19533658. 118566707:0025:Call ntdll.RtlAllocateHeap(00110000,00000008,0000001c) ret=b73fb55e 118566708:0025:Ret ntdll.RtlAllocateHeap() retval=19530bd0 ret=b73fb55e 118566709:0025:trace:d3d9:convert_to_wined3d_declaration d3d9_elements 0x1953365c, wined3d_elements 0x33d448 118566710:0025:Call ntdll.RtlAllocateHeap(00110000,00000000,00000050) ret=b73fb051 118566711:0025:Ret ntdll.RtlAllocateHeap() retval=19531800 ret=b73fb051 118566712:0025:warn:d3d9:convert_to_wined3d_declaration Invalid element type 0xfe. 118566713:0025:Call ntdll.RtlFreeHeap(00110000,00000000,19531800) ret=b73fb15c 118566714:0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=b73fb15c 118566715:0025:warn:d3d9:vertexdeclaration_init Failed to create wined3d vertex declaration elements, hr 0x80004005. 118566716:0025:warn:d3d9:d3d9_vertex_declaration_create Failed to initialize vertex declaration, hr 0x80004005. ---
It's just a guess, but you could try to zero 'declaration' - out parameter in this call. It's probably possible that application checks for null and if not null it tries to call.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #12 from Qian Hong fracting@gmail.com 2013-07-25 14:09:27 CDT --- (In reply to comment #11)
It's just a guess, but you could try to zero 'declaration' - out parameter in this call. It's probably possible that application checks for null and if not null it tries to call.
Thanks Nikolay again, I've tried but it doesn't work. Maybe Ken is right, it is some App bug that we have nothing to do.
I've send a message to my friend in Kingsoft, not sure if anyone would like to fix it.
Mark as invalid? upstream?
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #13 from Bruno Jesus 00cpxxx@gmail.com 2013-07-25 14:11:42 CDT --- (In reply to comment #12)
Mark as invalid? upstream?
If the problem is in the software it's invalid.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #14 from Ken Sharp kennybobs@o2.co.uk 2013-07-25 18:52:30 CDT --- (In reply to comment #12)
Maybe Ken is right, it is some App bug that we have nothing to do.
Does it work in Windows?
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #15 from Henri Verbeet hverbeet@gmail.com 2013-07-26 06:30:10 CDT --- (In reply to comment #11)
I have no idea about anything related to d3d but this looks like where it fails:
118566706:0025:trace:d3d9:d3d9_device_CreateVertexDeclaration iface 0x16d4d0, elements 0x1953365c, declaration 0x19533658. 118566707:0025:Call ntdll.RtlAllocateHeap(00110000,00000008,0000001c) ret=b73fb55e 118566708:0025:Ret ntdll.RtlAllocateHeap() retval=19530bd0 ret=b73fb55e 118566709:0025:trace:d3d9:convert_to_wined3d_declaration d3d9_elements 0x1953365c, wined3d_elements 0x33d448 118566710:0025:Call ntdll.RtlAllocateHeap(00110000,00000000,00000050) ret=b73fb051 118566711:0025:Ret ntdll.RtlAllocateHeap() retval=19531800 ret=b73fb051 118566712:0025:warn:d3d9:convert_to_wined3d_declaration Invalid element type 0xfe. 118566713:0025:Call ntdll.RtlFreeHeap(00110000,00000000,19531800) ret=b73fb15c 118566714:0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=b73fb15c 118566715:0025:warn:d3d9:vertexdeclaration_init Failed to create wined3d vertex declaration elements, hr 0x80004005. 118566716:0025:warn:d3d9:d3d9_vertex_declaration_create Failed to initialize vertex declaration, hr 0x80004005.
It's just a guess, but you could try to zero 'declaration' - out parameter in this call. It's probably possible that application checks for null and if not null it tries to call.
It might make it worse, but I think the "Invalid element type 0xfe." warning suggests the stack is already corrupted at that point. (Specifically, that code is processing the data in "elements" / 0x1953365c.)
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #16 from Henri Verbeet hverbeet@gmail.com 2013-07-26 06:35:07 CDT --- (In reply to comment #15)
It might make it worse, but I think the "Invalid element type 0xfe." warning suggests the stack is already corrupted at that point. (Specifically, that code is processing the data in "elements" / 0x1953365c.)
Or well, it actually looks more like a heap address.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #17 from Cherrot Luo wine@cherrot.com 2013-08-07 10:27:45 CDT --- (In reply to comment #14)
Does it work in Windows?
It works well on Windows environment :(
It seems that it is D3D which causes the crashing. I have installed this game on my Windows XP in Virtualbox, and the crashing issue remains. And according to this article: https://www.virtualbox.org/ticket/2940 , Virtualbox uses WineD3D to implement the DirectX acceleration.
http://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #18 from Ken Sharp kennybobs@o2.co.uk 2013-08-07 11:20:18 CDT --- That link is five years old. This slightly newer one suggests WineD3D is not used. https://forums.virtualbox.org/viewtopic.php?f=2&t=15436
This needs testing on a real Windows install.
https://bugs.winehq.org/show_bug.cgi?id=34125
joaopa jeremielapuree@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr
--- Comment #19 from joaopa jeremielapuree@yahoo.fr --- What about this bug? INVALID?
https://bugs.winehq.org/show_bug.cgi?id=34125 Bug 34125 depends on bug 34124, which changed state.
Bug 34124 Summary: gameupdater from JX3 fails to update with builtin wininet https://bugs.winehq.org/show_bug.cgi?id=34124
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |ABANDONED
https://bugs.winehq.org/show_bug.cgi?id=34125
--- Comment #20 from joaopa jeremielapuree@yahoo.fr --- No news from the reporter since 8 years. Unable to find a download. Can an administrator close this bug as ABANDONED?
https://bugs.winehq.org/show_bug.cgi?id=34125
Jactry Zeng jactry92@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |ABANDONED
--- Comment #21 from Jactry Zeng jactry92@gmail.com --- (In reply to joaopa from comment #20)
No news from the reporter since 8 years. Unable to find a download. Can an administrator close this bug as ABANDONED?
I have tested the latest version of the game with Wine 6.2x some weeks ago, and I don't see any crashes with it. Since we don't have a way to test the old game, I think it is fine to close this one.
https://bugs.winehq.org/show_bug.cgi?id=34125
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #22 from Austin English austinenglish@gmail.com --- Closing.