http://bugs.winehq.org/show_bug.cgi?id=29899
Bug #: 29899 Summary: mapviewoffileex fails under certain condition with PE images Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: critical Priority: P2 Component: kernel32 AssignedTo: wine-bugs@winehq.org ReportedBy: tizbac2@gmail.com Classification: Unclassified
Created attachment 38887 --> http://bugs.winehq.org/attachment.cgi?id=38887 Test C program that fails on wine and works on windows
Using mapviewoffileex on the same pe image from 2 different file handles, on wine tries to relocate and if the dll does not have .reloc , it will fail , instead on windows the call to MapViewOfFileEx returns a valid pointer both times.
The attached C program together with a non relocatable DLL will fail on wine, but on windows xp it works and it gives both times "test succeeded"
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #1 from tizbac2@gmail.com 2012-02-15 07:04:00 CST --- Created attachment 38888 --> http://bugs.winehq.org/attachment.cgi?id=38888 DLL Without .reloc section
http://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|kernel32 |-unknown Severity|critical |minor
--- Comment #2 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-15 07:06:41 CST --- Wine version? Is there a real program that fails?
http://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #38887|text/x-csrc |text/plain mime type| |
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #3 from tizbac2@gmail.com 2012-02-15 07:09:32 CST --- alteriwnet fails cause of that bug, it maps iw4m1.dll 3 times, and iw4m1.dll is not relocatable
http://bugs.winehq.org/show_bug.cgi?id=29899
tizbac2@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |kernel32 Version|unspecified |1.4-rc3
http://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|kernel32 |-unknown
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #4 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-15 07:12:45 CST --- (In reply to comment #3)
alteriwnet fails cause of that bug
What's that? URL?
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #5 from tizbac2@gmail.com 2012-02-15 07:29:43 CST --- http://alteriw.net , currently it would be the only way to play call of duty mw2 and mw3 online on linux, cause they use their own anticheat system that should not have problems
http://bugs.winehq.org/show_bug.cgi?id=29899
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |testcase
http://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #38887|0 |1 is obsolete| |
--- Comment #6 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-16 00:29:17 CST --- Created attachment 38900 --> http://bugs.winehq.org/attachment.cgi?id=38900 Test C program that fails on wine and works on windows
Here is a version of the test without magic numbers, and its output under XP:
f 000007E8, fmap 000007F4, ptr 20000000 test succeeded f2 000007DC, fmap2 000007D8, ptr2 00350000 test succeeded
It looks like Windows successfully maps a PE file with SEC_IMAGE without relocations somewhere else if its specified base address already occupied.
http://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #7 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-16 02:53:42 CST --- Using NtMapViewOfSection() instead of MapViewOfFile() in the test shows that under XP although NtMapViewOfSection() returns STATUS_IMAGE_NOT_AT_BASE, it returns a valid pointer which matches what MapViewOfFile() returns.
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #8 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-16 04:51:41 CST --- Created attachment 38906 --> http://bugs.winehq.org/attachment.cgi?id=38906 ntdll: Separate image relocation from NtMapViewOfSection
Something like this should fix it.
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #9 from tizbac2@gmail.com 2012-02-16 04:58:26 CST --- Created attachment 38907 --> http://bugs.winehq.org/attachment.cgi?id=38907 Crash after applying proposed patch
Crash after applying patch
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #10 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-16 05:04:42 CST --- (In reply to comment #9)
Created attachment 38907 [details] Crash after applying proposed patch
Crash after applying patch
You are too fast :) The patch (or rather a prototype) was supposed to fix only your test case. What is missing is changing the section protection to read-write and back when applying relocations.
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #11 from tizbac2@gmail.com 2012-02-16 05:18:16 CST --- (In reply to comment #10)
(In reply to comment #9)
Created attachment 38907 [details] Crash after applying proposed patch
Crash after applying patch
You are too fast :) The patch (or rather a prototype) was supposed to fix only your test case. What is missing is changing the section protection to read-write and back when applying relocations.
ah ok :)
http://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #38906|0 |1 is obsolete| |
--- Comment #12 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-17 00:40:32 CST --- Created attachment 38922 --> http://bugs.winehq.org/attachment.cgi?id=38922 ntdll: Separate image relocation from NtMapViewOfSection
(In reply to comment #9)
Created attachment 38907 [details] Crash after applying proposed patch
Crash after applying patch
This version of the patch should fix the crash.
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #13 from tizbac2@gmail.com 2012-02-18 05:24:24 CST --- (In reply to comment #12)
Created attachment 38922 [details] ntdll: Separate image relocation from NtMapViewOfSection
(In reply to comment #9)
Created attachment 38907 [details] Crash after applying proposed patch
Crash after applying patch
This version of the patch should fix the crash.
It still crashes , but no stacktrace this time , just WineDbg starting on pid 0023 err:module:attach_process_dlls "CrashRpt.dll" failed to initialize, aborting err:module:LdrInitializeThunk Main exe initialization for L"Z:\media\Elements\Call Of Duty Modern Warfare 2\iw4mp.dat.exe" failed, status c0000005 Process of pid=0023 has terminated
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #14 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-18 23:53:48 CST --- (In reply to comment #13)
It still crashes , but no stacktrace this time , just WineDbg starting on pid 0023 err:module:attach_process_dlls "CrashRpt.dll" failed to initialize, aborting err:module:LdrInitializeThunk Main exe initialization for L"Z:\media\Elements\Call Of Duty Modern Warfare 2\iw4mp.dat.exe" failed, status c0000005 Process of pid=0023 has terminated
Could you please attach a +module,+virtual log (with the patch) here?
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #15 from tizbac2@gmail.com 2012-02-19 05:55:20 CST --- Created attachment 38964 --> http://bugs.winehq.org/attachment.cgi?id=38964 +virtual,+module log
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #16 from tizbac2@gmail.com 2012-02-19 05:57:24 CST --- You can download the game here http://staff.alteriw.net/tracker/torrents/aIW-Client.torrent if you want to try it yourself , update it under windows and then run iw4mp.dat , if you do not have windows i can give you python version of updater
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #17 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-19 11:18:44 CST --- Is there a demo version that could be used to reproduce it?
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #18 from tizbac2@gmail.com 2012-02-19 15:06:26 CST --- http://www.mediafire.com/?rnsrbkx72nlde0h *.dll and *.exe which is enough to reproduce the crash Launch iw4mp.dat.exe
http://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #38922|0 |1 is obsolete| |
--- Comment #19 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-19 22:09:39 CST --- Created attachment 38983 --> http://bugs.winehq.org/attachment.cgi?id=38983 ntdll: Separate image relocation from NtMapViewOfSection
This version of the patch should work better.
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #20 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-20 01:04:31 CST --- I sent a test case for this bug: http://www.winehq.org/pipermail/wine-patches/2012-February/111682.html
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #21 from tizbac2@gmail.com 2012-02-20 09:47:18 CST --- The bug seems to be solved with latest patch , now there's another problem but i think it's unrelated to that
http://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
--- Comment #22 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-21 02:43:32 CST --- http://www.winehq.org/pipermail/wine-patches/2012-February/111710.html
Probably going to be deferred though.
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #23 from tizbac2@gmail.com 2012-02-21 12:28:49 CST --- Seems that there's still something broken with that, i get random memory corruption on the fixed address dll ( it is a .NET 2.0 dll ) It crashes with random bad instructions on a runtime-created segment
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #24 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-21 13:16:37 CST --- (In reply to comment #23)
Seems that there's still something broken with that, i get random memory corruption on the fixed address dll ( it is a .NET 2.0 dll ) It crashes with random bad instructions on a runtime-created segment
Why do you think that it's related to the patch?
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #25 from tizbac2@gmail.com 2012-02-21 17:32:25 CST --- (In reply to comment #24)
(In reply to comment #23)
Seems that there's still something broken with that, i get random memory corruption on the fixed address dll ( it is a .NET 2.0 dll ) It crashes with random bad instructions on a runtime-created segment
Why do you think that it's related to the patch?
because it's .net crashing , and .net 2.0 especially its JIT compiler is known to work on wine
http://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #26 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-21 20:31:35 CST --- (In reply to comment #25)
because it's .net crashing , and .net 2.0 especially its JIT compiler is known to work on wine
Can you try to run some other .net application that needs a JIT compiler with and without the patch and reproduce the problem?
http://bugs.winehq.org/show_bug.cgi?id=29899
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #27 from Anastasius Focht focht@gmx.net 2012-02-22 01:41:48 CST --- Hello,
the patch fixes the mapping/relocation issue this bug is about.
With that patch applied you are now encountering a different class of problems -> different Wine bugs.
"corruption" = obfuscated code.
The code makes certain assumptions about the layout of Windows API entries. If you create a new bug for that, you'll get explanation and solution ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=29899
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |30000
https://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #28 from Austin English austinenglish@gmail.com --- This is your friendly reminder that there has been no bug activity for 2 years. Is this still an issue in current (1.7.16 or newer) wine?
https://bugs.winehq.org/show_bug.cgi?id=29899
--- Comment #29 from Anastasius Focht focht@gmx.net --- Hello folks,
the test was committed here: http://source.winehq.org/git/wine.git/commitdiff/20093556f92fbced66761526b88... ("kernel32: Add a test to show that NtMapViewOfSection should not perform an image... ")
The mailing list shows multiple attempts but no final resolution.
http://www.winehq.org/pipermail/wine-patches/2012-February/111710.html
2012-02-21 ntdll: Separate image relocation from NtMapViewOfSection
http://www.winehq.org/pipermail/wine-patches/2012-March/112565.html
2012-03-19 ntdll: Separate image relocation from NtMapViewOfSection. Resend.
http://www.winehq.org/pipermail/wine-patches/2012-April/113746.html
2012-04-27 ntdll: Separate image relocation from NtMapViewOfSection. Resend.
So it's obviously still present.
$ wine --version wine-1.7.16-133-gd8ca8c2
Regards
https://bugs.winehq.org/show_bug.cgi?id=29899
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fracting@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=29899
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
https://bugs.winehq.org/show_bug.cgi?id=29899
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |e67a00b46694625e3c40386008a | |ffac42e7e3847 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #30 from Dmitry Timoshkov dmitry@baikal.ru --- Should be fixed by e67a00b46694625e3c40386008affac42e7e3847.
https://bugs.winehq.org/show_bug.cgi?id=29899
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |ntdll
https://bugs.winehq.org/show_bug.cgi?id=29899
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #31 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.55.
-
wine-bugs@winehq.org