[Bug 45034] New: Hired Team: Trial Gold(2001) crashes with setup_exception_record stack overflow

List overview All Threads

newer

older

[Bug 45041] New: eldorado 0.6 /...

[Bug 45020] New: Dead by Daylight...

wine-bugs＠winehq.org

20 Apr 2018 20 Apr '18

7:20 p.m.

https://bugs.winehq.org/show_bug.cgi?id=45034

Bug ID: 45034 Summary: Hired Team: Trial Gold(2001) crashes with setup_exception_record stack overflow Product: Wine Version: 3.6 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: spleefer90@gmail.com Distribution: ---

Tested under Wine-devel 32/64bit and wine-staging 64 bit, result is the same under all.

The Wine-devel 32 bit prefix was completely fresh.

I tried running this in a different TTY and launched the game from there. This got rid of the BPP fixme but it still crashed.

xinit /usr/bin/xterm -- :1 -ac -depth 16

WINEPREFIX=~/wine/wine32 wine Shine.exe

0009:fixme:x11drv:X11DRV_desktop_SetCurrentMode Cannot change screen BPP from 32 to 16

0009:err:seh:setup_exception_record stack overflow 1184 bytes in thread 0009 eip 7bc45116 esp 00230e90 stack 0x230000-0x231000-0x330000

The game uses DX7.0a/OpenGL(?).

If I can provide any other info, please do tell what's needed.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

21 Apr 21 Apr

9:21 a.m.

New subject: [Bug 45034] Hired Team: Trial Gold(2001) crashes with setup_exception_record stack overflow ( GL_EXTENSION string overflow)

https://bugs.winehq.org/show_bug.cgi?id=45034

Anastasius Focht focht@gmx.net changed:

--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,

dupe of bug 25362

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/NMG/HTT/Bin

$ WINEDEBUG=+seh,+relay wine ./Shine.exe >>log.txt 2>&1 ... 0039:Call opengl32.glGetString(00001f03) ret=2005f303 0039:Ret opengl32.glGetString() retval=00176048 ret=2005f303 0039:Call msvcrt.vsprintf(0032de54,20086ad4 "GL_EXTENSIONS:\n",0032e664) ret=1013f442 0039:Ret msvcrt.vsprintf() retval=0000000f ret=1013f442 0039:Call msvcrt.vsprintf(0032cd44,0032de54 "GL_EXTENSIONS:\n",0032dd50) ret=101251a7 0039:Ret msvcrt.vsprintf() retval=0000000f ret=101251a7 ... 0039:Call msvcrt.strtok(0032e670 "GL_ARB_multisample GL_EXT_abgr GL_EXT_bgra GL_EXT_blend_color GL_EXT_blend_minmax GL_EXT_blend_subtract GL_EXT_copy_texture GL_EXT_polygon_offset GL_EXT_subtexture GL_EXT_texture_object GL_EXT_vertex_array GL_EXT_compiled_vertex_array GL_EXT_texture GL_EXT_texture3D GL_IBM_rasterpos_clip GL_ARB_point"...,2007f430 " ") ret=2005f35b 0039:Ret msvcrt.strtok() retval=0032e670 ret=2005f35b 0039:Call msvcrt.vsprintf(0032de50,20086acc " %s\n",0032e660) ret=1013f442 0039:Ret msvcrt.vsprintf() retval=00000015 ret=1013f442 0039:Call msvcrt.vsprintf(0032cd40,0032de50 " GL_ARB_multisample\n",0032dd4c) ret=101251a7 0039:Ret msvcrt.vsprintf() retval=00000015 ret=101251a7 ... 0039:Call msvcrt.vsprintf(0032d944,0032de54 "\n",0032dd50) ret=1013c33e 0039:Ret msvcrt.vsprintf() retval=00000001 ret=1013c33e 0039:Call msvcrt.strchr(0032d944 "\n",0000000a) ret=1013c374 0039:Ret msvcrt.strchr() retval=0032d944 ret=1013c374 0039:Call msvcrt.strncpy(00c18000,00c13c00 "",000001ff) ret=1013c3e8 0039:Ret msvcrt.strncpy() retval=00c18000 ret=1013c3e8 0039:Call msvcrt.strncat(00c18000 "",0032d944 "\n",00000000) ret=1013c426 0039:Ret msvcrt.strncat() retval=00c18000 ret=1013c426 0039:Call msvcrt.vsprintf(0032d524,00c18000 "",0032d930) ret=1013c232 0039:Ret msvcrt.vsprintf() retval=00000000 ret=1013c232 0039:Call msvcrt.strncpy(00be8000,0032d524 "",000001ff) ret=1013c2dd 0039:Ret msvcrt.strncpy() retval=00be8000 ret=1013c2dd 0039:Call msvcrt._ftol() ret=1013c2eb 0039:Ret msvcrt._ftol() retval=0000000000000000 ret=1013c2eb 0039:Call msvcrt._ftol() ret=10127605 0039:Ret msvcrt._ftol() retval=00000000000347c3 ret=10127605 0039:Call msvcrt.strchr(0032d944 "",0000000a) ret=1013c374 0039:Ret msvcrt.strchr() retval=00000000 ret=1013c374 0039:Call msvcrt.strncat(00c13c00 "",0032d944 "",000001ff) ret=1013c49e 0039:Ret msvcrt.strncat() retval=00c13c00 ret=1013c49e 0039:trace:seh:raise_exception code=c0000005 flags=0 addr=0x2005f39f ip=2005f39f tid=0039 0039:trace:seh:raise_exception info[0]=00000000 0039:trace:seh:raise_exception info[1]=61703042 0039:trace:seh:raise_exception eax=00000000 ebx=0133a000 ecx=0032f7a0 edx=61703032 esi=20086ac0 edi=0032fe2b 0039:trace:seh:raise_exception ebp=0032f7ac esp=0032e664 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210212 0039:trace:seh:call_stack_handlers calling handler at 0x616c5f67 code=c0000005 flags=0 0039:trace:seh:raise_exception code=c0000005 flags=0 addr=0x616c5f67 ip=616c5f67 tid=0039 0039:trace:seh:raise_exception info[0]=00000000 0039:trace:seh:raise_exception info[1]=616c5f67 0039:trace:seh:raise_exception eax=0032e1fc ebx=00000023 ecx=616c5f67 edx=7bc91675 esi=0000002b edi=0000002b 0039:trace:seh:raise_exception ebp=0032e1a8 esp=0032e17c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210216 0039:trace:seh:call_stack_handlers calling handler at 0x7bc91675 code=c0000005 flags=0 0039:trace:seh:call_stack_handlers handler at 0x7bc91675 returned 2 0039:trace:seh:call_stack_handlers calling handler at 0x616c5f67 code=c0000005 flags=10 ... 0039:trace:seh:call_stack_handlers calling handler at 0x616c5f67 code=c00000fd flags=10 0039:err:seh:setup_exception_record stack overflow 1408 bytes in thread 0039 eip f7c635fd esp 00230db0 stack 0x230000-0x231000-0x330000 --- snip ---

Broken code in 'RendOGL.dll' for proof:

Executable modules: Base = 20000000 Size = 00477000 (4681728.) Entry = 2006E0DD Name = RendOGL Type = File version = Static links = GDI32, ijl15, KERNEL32, MSVCRT, png, Sipl, USER32, WINMM, zlib Path = C:\Program Files (x86)\NMG\HTT\Bin\RendOGL.dll

--- snip --- 2005EFF0 PUSH EBP 2005EFF1 MOV EBP,ESP 2005EFF3 PUSH -1 2005EFF5 PUSH 2006F450 2005EFFA MOV EAX,DWORD PTR FS:[0] 2005F000 PUSH EAX 2005F001 MOV DWORD PTR FS:[0],ESP 2005F008 PUSH ECX 2005F009 MOV EAX,112C 2005F00E CALL 2006DE80 ; allocate 0x112C on stack ... 2005F2F5 ADD ESP,10 2005F2F8 PUSH 1F03 ; enum GL_EXTENSIONS 2005F2FD CALL DWORD PTR DS:[203992B4] ; opengl32.glGetString() 2005F303 MOV DWORD PTR DS:[EBX+4444],EAX ; result buffer 2005F309 MOV EAX,DWORD PTR DS:[2041D0B4] 2005F30E PUSH OFFSET 20086AD4 ; ASCII "GL_EXTENSIONS:" 2005F313 PUSH 4 2005F315 MOV ECX,DWORD PTR DS:[EAX] 2005F317 PUSH EAX 2005F318 CALL DWORD PTR DS:[ECX+3C] ; log string/message 2005F31B MOV EDI,DWORD PTR DS:[EBX+4444] 2005F321 OR ECX,FFFFFFFF 2005F324 XOR EAX,EAX 2005F326 ADD ESP,0C 2005F329 REPNE SCAS BYTE PTR ES:[EDI] 2005F32B NOT ECX 2005F32D SUB EDI,ECX 2005F32F LEA EDX,[EBP-113C] 2005F335 MOV EAX,ECX 2005F337 MOV ESI,EDI 2005F339 MOV EDI,EDX 2005F33B SHR ECX,2 2005F33E REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; corrupt stk 2005F340 MOV ECX,EAX 2005F342 PUSH OFFSET 2007F430 2005F347 AND ECX,00000003 2005F34A REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] 2005F34C MOV ESI,DWORD PTR DS:[<&MSVCRT.strtok>] 2005F352 LEA ECX,[EBP-113C] 2005F358 PUSH ECX 2005F359 CALL ESI ; MSVCRT.strtok 2005F35B ADD ESP,8 2005F35E TEST EAX,EAX 2005F360 JE SHORT 2005F382 ; all extensions processed 2005F362 MOV ECX,DWORD PTR DS:[2041D0B4] 2005F368 PUSH EAX 2005F369 PUSH OFFSET 20086ACC ; ASCII " %s" 2005F36E PUSH 4 2005F370 MOV EDX,DWORD PTR DS:[ECX] 2005F372 PUSH ECX 2005F373 CALL DWORD PTR DS:[EDX+3C] ; log string/message 2005F376 ADD ESP,10 2005F379 PUSH OFFSET 2007F430 2005F37E PUSH 0 2005F380 JMP SHORT 2005F359 2005F382 MOV EAX,DWORD PTR DS:[2041D0B4] 2005F387 PUSH OFFSET 2007D1F8 2005F38C PUSH 4 2005F38E PUSH EAX 2005F38F MOV ECX,DWORD PTR DS:[EAX] 2005F391 CALL DWORD PTR DS:[ECX+3C] ; log string/message 2005F394 MOV EDX,DWORD PTR SS:[EBP-1C] ; garbage due to stack corrupt 2005F397 ADD ESP,0C 2005F39A MOV ESI,OFFSET 20086AC0 ; ASCII "FullScreen" 2005F39F MOV EAX,DWORD PTR DS:[EDX+10] ; *boom* 2005F3A2 TEST EAX,EAX 2005F3A4 JNE SHORT 2005F3AB ... --- snip ---

Game starts fine if you work around with:

--- snip --- $ export MESA_EXTENSION_MAX_YEAR=2001 $ wine ./Shine.exe --- snip ---

Tidbit: You can configure the game to windowed mode ('fullscreen=0') and custom resolutions by editing 'Shine.ini'.

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/NMG/HTT/Bin

$ grep -Hrni -B 5 fullscreen Shine.ini Shine.ini-18-ZDepth = 16 Shine.ini-19-StencilDepth = 8 Shine.ini-20-width = 1024 Shine.ini-21-height = 768 Shine.ini-22-colordepth = 16 Shine.ini:23:fullscreen = 0 --- snip ---

ProtectionID scan:

--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\Program Files (x86)\NMG\HTT\Bin\Shine.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 28672 (07000h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x3A6D5691 -> Tue 23rd Jan 2001 10:01:53 (GMT) [TimeStamp] 0x3A6D5691 -> Tue 23rd Jan 2001 10:01:53 (GMT) | PE Header | - | Offset: 0x000000F0 | VA: 0x004000F0 | - [TimeStamp] 0x3A6D5691 -> Tue 23rd Jan 2001 10:01:53 (GMT) | Export | - | Offset: 0x00002014 | VA: 0x00402014 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000000000000000000000100000000 (0x00000100) [Entrypoint Section Entropy] : 5.40 (section #0) ".text " | Size : 0x20C (524) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 6 (0x6) | ImageSize 0x7000 (28672) byte(s) [Export] 100% of function(s) (3 of 3) are in file | 0 are forwarded | 3 code | 0 data | 0 uninit data | 0 unknown | [ModuleReport] [IAT] Modules -> ShineEng.dll | USER32.dll | MSVCRT.dll | KERNEL32.dll [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.246 Second(s) [0000000F6h (246) tick(s)] [506 of 580 scan(s) done]

Scanning -> C:\Program Files (x86)\NMG\HTT\Bin\ShineEng.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 1765376 (01AF000h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x3A7FE821 -> Tue 06th Feb 2001 12:03:45 (GMT) [TimeStamp] 0x3A7FE821 -> Tue 06th Feb 2001 12:03:45 (GMT) | PE Header | - | Offset: 0x00000128 | VA: 0x10000128 | - [TimeStamp] 0x3A7FE821 -> Tue 06th Feb 2001 12:03:45 (GMT) | Export | - | Offset: 0x0015A004 | VA: 0x1015A004 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000000000000000000000100000000 (0x00000100) [Entrypoint Section Entropy] : 6.69 (section #0) ".text " | Size : 0x14AA62 (1354338) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 6 (0x6) | ImageSize 0x508000 (5275648) byte(s) [Export] 80% of function(s) (4 of 5) are in file | 0 are forwarded | 4 code | 1 data | 0 uninit data | 0 unknown | [VersionInfo] Company Name : New Media Generation [VersionInfo] Product Name : New Media Generation ShineEng [VersionInfo] Product Version : 1. 0. 0. 1 [VersionInfo] File Description : ShineEng [VersionInfo] File Version : 1. 0. 0. 1 [VersionInfo] Original FileName : ShineEng.dll [VersionInfo] Internal Name : ShineEng [VersionInfo] Legal Copyrights : Copyright © 1998 [ModuleReport] [IAT] Modules -> WINMM.dll | COMCTL32.dll | Shine.exe | zlib.dll | KERNEL32.dll | USER32.dll | GDI32.dll | ADVAPI32.dll | ole32.dll | AVIFIL32.dll | MSVFW32.dll | MSVCRT.dll [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.598 Second(s) [000000256h (598) tick(s)] [246 of 580 scan(s) done] --- snip ---

$ wine --version wine-3.6-105-g448344c5e4

Regards

*** This bug has been marked as a duplicate of bug 25362 ***

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

12 May 12 May

8:27 p.m.

New subject: [Bug 45034] Hired Team: Trial Gold(2001) crashes with setup_exception_record stack overflow ( GL_EXTENSION string overflow)

https://bugs.winehq.org/show_bug.cgi?id=45034

André H. nerv@dawncrow.de changed:

--- Comment #2 from André H. nerv@dawncrow.de --- closing dup

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2436

Age (days ago)

2458

Last active (days ago)

wine-bugs@winehq.org

2 comments

1 participants

tags (0)

participants (1)

wine-bugs＠winehq.org