[Bug 45800] New: Symantec Eraser Control Driver 'eeCtrl64.sys' (Norton 360 ) crashes on unimplemented function ntoskrnl.exe.ExReleaseResourceLite
https://bugs.winehq.org/show_bug.cgi?id=45800
Bug ID: 45800 Summary: Symantec Eraser Control Driver 'eeCtrl64.sys' (Norton 360) crashes on unimplemented function ntoskrnl.exe.ExReleaseResourceLite Product: Wine Version: 3.15 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/Norton 360/Engine/21.1.0.18
$ WINEDEBUG=+seh,+relay,+ntoskrnl wineboot >>log.txt 2>&1 ... 0016:trace:ntoskrnl:IoCreateDriver (L"\Driver\eeCtrl", 0x7fe1f23e121c) ... 0016:trace:ntoskrnl:load_driver loading driver L"C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys" 0016:Call KERNEL32.LoadLibraryW(00026fe0 L"C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys") ret=7fe1f23e06cb ... 0016:trace:ntoskrnl:load_driver_module L"C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys": relocating from 0x10000 to 0x460000 ... 0016:Call driver init 0x4c6118 (obj=0x26da0,str=L"\Registry\Machine\System\CurrentControlSet\Services\eeCtrl") 0016:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x4c60e8 ip=4c60e8 tid=0016 0016:trace:seh:NtRaiseException info[0]=0000000000000000 0016:trace:seh:NtRaiseException info[1]=fffff78000000320 0016:trace:seh:NtRaiseException rax=fffff78000000320 rbx=0000000000000000 rcx=00000000004bd100 rdx=00002b992ddfa232 0016:trace:seh:NtRaiseException rsi=0000000000342b45 rdi=0000000000342ad0 rbp=000000000033f740 rsp=000000000033f5a8 0016:trace:seh:NtRaiseException r8=0000000000026f08 r9=0000000000026da0 r10=0000000000000000 r11=0000000000000000 0016:trace:seh:NtRaiseException r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 0016:trace:seh:call_vectored_handlers calling handler at 0x7fe1f23cf031 code=c0000005 flags=0 0016:trace:seh:call_vectored_handlers handler at 0x7fe1f23cf031 returned ffffffff 0016:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000001,00001548,41644343) ret=004c6054 0016:Call ntdll.RtlAllocateHeap(00010000,00000000,00001548) ret=7fe1f23d874f 0016:Ret ntdll.RtlAllocateHeap() retval=0002d390 ret=7fe1f23d874f 0016:trace:ntoskrnl:ExAllocatePoolWithTag 5448 pool 1 -> 0x2d390 ... 0016:Call ntoskrnl.exe.KeEnterCriticalRegion() ret=00480d84 0016:fixme:ntoskrnl:KeEnterCriticalRegion : stub 0016:Ret ntoskrnl.exe.KeEnterCriticalRegion() retval=00000031 ret=00480d84 0016:Call ntoskrnl.exe.ExAcquireResourceExclusiveLite(000270d8,00342a01) ret=00480d95 0016:fixme:ntoskrnl:ExAcquireResourceExclusiveLite :0x270d8 1 stub 0016:Ret ntoskrnl.exe.ExAcquireResourceExclusiveLite() retval=00000001 ret=00480d95 0016:Call KERNEL32.RaiseException(80000100,00000001,00000002,0033f4a0) ret=7fe1f23e4898 0016:trace:seh:NtRaiseException code=80000100 flags=1 addr=0x7b4949ed ip=7b4949ed tid=0016 0016:trace:seh:NtRaiseException info[0]=00007fe1f23e48c0 0016:trace:seh:NtRaiseException info[1]=00007fe1f23e4999 wine: Call from 0x7b4949ed to unimplemented function ntoskrnl.exe.ExReleaseResourceLite, aborting ... --- snip ---
ProtectionID scan:
--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys File Type : 64-Bit Driver (good checksum) (Subsystem : Native / 1), Size : 484952 (076658h) Byte(s) | Machine: 0x8664 (AMD64) Compilation TimeStamp : 0x521532E2 -> Wed 21st Aug 2013 21:36:34 (GMT) [TimeStamp] 0x521532E2 -> Wed 21st Aug 2013 21:36:34 (GMT) | PE Header | - | Offset: 0x00000000:00000110 | VA: 0x00000000:00010110 | - [TimeStamp] 0x521532E2 -> Wed 21st Aug 2013 21:36:34 (GMT) | DebugDirectory | - | Offset: 0x00000000:00000B34 | VA: 0x00000000:00012334 | - -> File Appears to be Digitally Signed @ Offset 074A00h, size : 01C58h / 07256 byte(s) [LoadConfig] CodeIntegrity -> Flags 0xAA60 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46AB40 [LoadConfig] GuardAddressTakenIatEntryTable 0x46AC88:02000011 | Count 0x46AE9C02000011 (463222033554449) [LoadConfig] GuardLongJumpTargetTable 0x46AF38:08000011 | Count 0x46AFE008000011 (4632544134217745) [LoadConfig] HybridMetadataPointer 0x46A66C:08000011 | DynamicValueRelocTable 0x8000011:0046B0A8 [LoadConfig] FailFastIndirectProc 0x8000011:0046B264 | FailFastPointer 0x8000011:0046B2FC [LoadConfig] UnknownZero1 0x8000011 46B448 [File Heuristics] -> Flag #1 : 00000100000001001100000000010111 (0x0404C017) [Entrypoint Section Entropy] : 5.38 (section #6) "INIT " | Size : 0xD4C (3404) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 9 (0x9) | ImageSize 0x7A000 (499712) byte(s) [VersionInfo] Company Name : Symantec Corporation [VersionInfo] Product Name : ERASER ENGINE [VersionInfo] Product Version : 113.1.1.1 [VersionInfo] File Description : Symantec Eraser Control Driver [VersionInfo] File Version : 113.1.1.1 [VersionInfo] Original FileName : eeCtrl64.sys [VersionInfo] Internal Name : eeCtrl [VersionInfo] Legal Copyrights : Copyright (c) 2000-2013 Symantec Corporation. All rights reserved. [ModuleReport] [IAT] Modules -> ntoskrnl.exe [Debug Info] (record 1 of 1) (file offset 0xB30) Characteristics : 0x0 | TimeDateStamp : 0x521532E2 (Wed 21st Aug 2013 21:36:34 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x57 (87) AddressOfRawData : 0x6FA0 | PointerToRawData : 0x57A0 CvSig : 0x53445352 | SigGuid A8C2DA92-6D6F-4708-81D9A01E0C1E0547 Age : 0x1 (1) | Pdb : C:\bld_area\EraserTrunk\src\bin\x64.Release\amd64\eeCtrl64.pdb [Raw/Hidden Debug Record] (File Offset 0x63A2C) CvSig : 0x53445352 | SigGuid 1B199A45-1CAA-4523-B2D64E66FE6A62EF Age : 0x1 (1) | Pdb : e:\msln\trunk\src\dev\test\objfre_wnet_amd64\amd64\driver.pdb [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.315 Second(s) [00000013Bh (315) tick(s)] [134 of 580 scan(s) done] --- snip ---
$ sha1sum N360-TW-21.1.0-EN.exe aa05ccf9668e166ef28923d451f1c2ecad6f75f1 N360-TW-21.1.0-EN.exe
$ du -sh N360-TW-21.1.0-EN.exe 202M N360-TW-21.1.0-EN.exe
$ wine --version wine-3.15-94-gbfe8510ec0
Regards
https://bugs.winehq.org/show_bug.cgi?id=45800
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |http://buy-download.norton. | |com/downloads/2014/21.1/N36 | |0/US/N360-TW-21.1.0-EN.exe Keywords| |download
https://bugs.winehq.org/show_bug.cgi?id=45800
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |2e807d4bf59e6311b027415a9ba | |62a2fa86ee6e8 Resolution|--- |FIXED Status|NEW |RESOLVED
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/2e807d4bf59e6311b027415a9b...
Thanks Gijs
Regards
https://bugs.winehq.org/show_bug.cgi?id=45800
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.16.
https://bugs.winehq.org/show_bug.cgi?id=45800
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://buy-download.norton. |https://web.archive.org/web |com/downloads/2014/21.1/N36 |/20190410163558/http://buy- |0/US/N360-TW-21.1.0-EN.exe |download.norton.com/downloa | |ds/2014/21.1/N360/US/N360-T | |W-21.1.0-EN.exe
-
wine-bugs@winehq.org