[Bug 45083] New: MetaTrader 5 hangs on exit

List overview All Threads

newer

older

[Bug 33858] New: FarCry 3 needs...

[Bug 49193] New: Denuvo Anti-Cheat...

wine-bugs＠winehq.org

28 Apr 2018 28 Apr '18

6:20 p.m.

https://bugs.winehq.org/show_bug.cgi?id=45083

Bug ID: 45083 Summary: MetaTrader 5 hangs on exit Product: Wine Version: 3.7 Hardware: x86-64 OS: Mac OS X Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: persiantools@yahoo.com

Created attachment 61238 --> https://bugs.winehq.org/attachment.cgi?id=61238 Console error log

MetaTrader 5 hangs on exit. Please refer to the attached console log for details.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

28 Apr 28 Apr

6:25 p.m.

New subject: [Bug 45083] MetaTrader 5 hangs on exit

https://bugs.winehq.org/show_bug.cgi?id=45083

--- Comment #1 from Amin persiantools@yahoo.com --- Metatrader 5 download link:

https://download.mql5.com/cdn/web/metaquotes.software.corp/mt5/mt5setup.exe?...

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

29 Apr 29 Apr

12:15 p.m.

New subject: [Bug 45083] 64-bit MetaTrader 5 hangs on exit

https://bugs.winehq.org/show_bug.cgi?id=45083

Anastasius Focht focht@gmx.net changed:

--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,

I can't produce this, works fine here.

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/MetaTrader 5

$ file *.exe metaeditor64.exe: PE32+ executable (GUI) x86-64, for MS Windows metatester64.exe: PE32+ executable (GUI) x86-64, for MS Windows terminal64.exe: PE32+ executable (GUI) x86-64, for MS Windows uninstall.exe: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

$ WINEDEBUG=+seh,+loaddll,+process wine ./terminal64.exe ... 002e:trace:loaddll:free_modref Unloaded module L"C:\windows\system32\d3d9.dll" : builtin 002e:trace:loaddll:free_modref Unloaded module L"C:\windows\system32\wined3d.dll" : builtin 002e:trace:loaddll:free_modref Unloaded module L"C:\windows\system32\opengl32.dll" : builtin ioctl 2d1400 (device=2d access=0 func=500 method=0) ... 002e:trace:loaddll:free_modref Unloaded module L"C:\windows\system32\ieframe.dll" : builtin 002e:fixme:kernelbase:AppPolicyGetProcessTerminationMethod 0xfffffffffffffffa, 0x22fcc0 --- snip ---

I've logged in using test account and watched some marketplace updates. Then exited the app through main menu.

You log shows an app thread dying unexpectedly which could likely be the culprit here:

--- snip --- ... 003a:err:seh:setup_exception stack overflow 2336 bytes in thread 003a eip 000000007bc75aa1 esp 0000000000610cf0 stack 0x610000-0x611000-0x710000 ... 003b:err:ntdll:RtlpWaitForCriticalSection section 0x140d7ad40 "?" wait timed out in thread 003b, blocked by 003a, retrying (60 sec) 003d:err:ntdll:RtlpWaitForCriticalSection section 0x140d7ad40 "?" wait timed out in thread 003d, blocked by 003a, retrying (60 sec) 003f:err:ntdll:RtlpWaitForCriticalSection section 0x140d7ad40 "?" wait timed out in thread 003f, blocked by 003a, retrying (60 sec) ... --- snip ---

You could attach a full relay log (compressed) from start to hang of app o exit (CTRL+C or 'wineserver -k' from other terminal).

--- snip --- $ WINEDEBUG=+seh,+relay wine ./terminal64.exe >>log.txt 2>&1 --- snip ---

ProtectionID scan (for my own documentation):

--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\Program Files\MetaTrader 5\terminal64.exe File Type : 64-Bit Exe (Subsystem : Win GUI / 2), Size : 45852872 (02BBA8C8h) Byte(s) | Machine: 0x8664 (AMD64) Compilation TimeStamp : 0x02B46800 -> Thu 10th Jun 1971 04:52:16 (GMT) [TimeStamp] 0x02B46800 -> Thu 10th Jun 1971 04:52:16 (GMT) | PE Header | - | Offset: 0x00000000:00000140 | VA: 0x00000001:40000140 | - [TimeStamp] 0x5A6F7A54 -> Mon 29th Jan 2018 19:47:32 (GMT) | DebugDirectory | - | Offset: 0x00000000:00BA4724 | VA: 0x00000001:40BA5524 | - [TimeStamp] 0x5A6F7A54 -> Mon 29th Jan 2018 19:47:32 (GMT) | DebugDirectory | - | Offset: 0x00000000:00BA4740 | VA: 0x00000001:40BA5540 | - [TimeStamp] 0x5A6F7A54 -> Mon 29th Jan 2018 19:47:32 (GMT) | DebugDirectory | - | Offset: 0x00000000:00BA475C | VA: 0x00000001:40BA555C | - -> File Appears to be Digitally Signed @ Offset 02BB8EB0h, size : 01A18h / 06680 byte(s) -> File has 468656 (0726B0h) bytes of appended data starting at offset 02B46800h [!] Executable uses TLS callbacks (3 total... 0 invalid addresses) [LoadConfig] Struct determined as v8 (Expected size 232 | Actual size 256) [LoadConfig] CFG (/Guard) - Handler @ 0x1:40A12FF0 [LoadConfig] CFG Table @ 0x0:00000000 | 0x00 (00) entries [LoadConfig] CFG Flags : 0x100 [LoadConfig] CodeIntegrity -> Flags 0x0 | Catalog 0x0 (0) | Catalog Offset 0x0 | Reserved 0x0 [LoadConfig] GuardAddressTakenIatEntryTable 0x0:00000000 | Count 0x000000000 (00) [LoadConfig] GuardLongJumpTargetTable 0x0:00000000 | Count 0x000000000 (00) [LoadConfig] HybridMetadataPointer 0x1:00000000 | DynamicValueRelocTable 0x0:00000000 [LoadConfig] FailFastIndirectProc 0x0:00000000 | FailFastPointer 0x0:00000000 [LoadConfig] UnknownZero1 0x0 0 [LoadConfig] CFG Data Present, yet setting is not present in the DllCharacteristics.. patched out? [File Heuristics] -> Flag #1 : 00000100000001001101000000000101 (0x0404D005) [Entrypoint Section Entropy] : 7.57 (section #5) ".cod1 " | Size : 0x389568 (3708264) byte(s) [DllCharacteristics] -> Flag : (0x8160) -> HEVA | ASLR | DEP | TSA [SectionCount] 8 (0x8) | ImageSize 0x2BCC000 (45924352) byte(s) [VersionInfo] Company Name : MetaQuotes Software Corp. [VersionInfo] Product Name : MetaTrader 5 Client Terminal [VersionInfo] Product Version : 5.0.0.1755 [VersionInfo] File Description : MetaTrader 5 Client Terminal [VersionInfo] File Version : 5.0.0.1755 [VersionInfo] Original FileName : terminal.exe [VersionInfo] Internal Name : terminal.exe [VersionInfo] Version Comments : https://www.metaquotes.net [VersionInfo] Legal Trademarks : MetaTrader [VersionInfo] Legal Copyrights : © 2001-2018. MetaQuotes Software Corp. [ModuleReport] [IAT] Modules -> CRYPT32.dll | WINMM.dll | VERSION.dll | NETAPI32.dll | WINHTTP.dll | gdiplus.dll | UxTheme.dll | KERNEL32.dll | USER32.dll | GDI32.dll | MSIMG32.dll | WINSPOOL.DRV | ADVAPI32.dll | SHELL32.dll | COMCTL32.dll | SHLWAPI.dll | ole32.dll | OLEAUT32.dll | oledlg.dll | urlmon.dll | IPHLPAPI.DLL | dbghelp.dll | WS2_32.dll | Secur32.dll | OLEACC.dll | IMM32.dll | WTSAPI32.dll | KERNEL32.dll | USER32.dll | KERNEL32.dll | USER32.dll [Debug Info] (record 1 of 3) (file offset 0xBA4720) Characteristics : 0x0 | TimeDateStamp : 0x5A6F7A54 (Mon 29th Jan 2018 19:47:32 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x5B (91) AddressOfRawData : 0xBB5CFC | PointerToRawData : 0xBB4EFC CvSig : 0x53445352 | SigGuid 3FFB8A37-51F2-4DBD-A6FF31E4B624C76E Age : 0x1 (1) | Pdb : E:\MetaTrader5\Client\MetaTrader5Terminal\Release64\terminal64.pdb [Debug Info] (record 2 of 3) (file offset 0xBA473C) Characteristics : 0x0 | TimeDateStamp : 0x5A6F7A54 (Mon 29th Jan 2018 19:47:32 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 12 (0xC) -> Undocumented | Size : 0x14 (20) AddressOfRawData : 0xBB5D58 | PointerToRawData : 0xBB4F58 [Debug Info] (record 3 of 3) (file offset 0xBA4758) Characteristics : 0x0 | TimeDateStamp : 0x5A6F7A54 (Mon 29th Jan 2018 19:47:32 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 13 (0xD) -> Undocumented | Size : 0x3EC (1004) AddressOfRawData : 0xBB5D6C | PointerToRawData : 0xBB4F6C [CompilerDetect] -> Borland Delphi (unknown version) - 20% probability [CompilerDetect] -> Visual C/C++ [!] File appears to have no protection or is using an unknown protection - Scan Took : 6.158 Second(s) [000001ABAh (6842) tick(s)] [234 of 580 scan(s) done] --- snip ---

$ sha1sum mt5setup.exe bcb518ce2df731ef0a9bcb808ac3829e41a90f99 mt5setup.exe

$ du -sh mt5setup.exe 1.3M mt5setup.exe

$ wine --version wine-3.7

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

30 Apr 30 Apr

6:59 a.m.

New subject: [Bug 45083] 64-bit MetaTrader 5 hangs on exit

https://bugs.winehq.org/show_bug.cgi?id=45083

--- Comment #3 from Amin persiantools@yahoo.com --- Created attachment 61263 --> https://bugs.winehq.org/attachment.cgi?id=61263 Full relay log (compressed) link from start to hang of app o exit

Here is the debug info as requested. I use wine devel 3.7 on macOS 10.13.4.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

1 May 1 May

12:05 p.m.

New subject: [Bug 45083] 64-bit MetaTrader 5 hangs on exit (VMProtect 3.x, exception in TLS callback under macOS)

https://bugs.winehq.org/show_bug.cgi?id=45083

Anastasius Focht focht@gmx.net changed:

--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello Amin,

the app is protected with a very recent version of VMProtect (virtual machine + obfuscation + anti-debug), probably some 3.x version. VMProtect is some state-of-the art software protection scheme (Denuvo uses it too -> http://vmpsoft.com/blog/).

I've tried to find the exact version but it seems all the detectors failed or incorrectly identify it as 1.x.

https://www.virustotal.com/#/file/9135933cf76fb0cd3b1ced462559dfd6915e715ed1...

https://www.reverse.it/sample/9135933cf76fb0cd3b1ced462559dfd6915e715ed1dbcf...

The PE has two VM segments '.cod0', '.cod1' (usually the segments are named '.vmp0', '.vmp1'). Various patterns strongly hint at VMProtect (heavy use of virtual machine code).

It seems there might be an incompatibility of the software protection scheme with Wine on macOS. Does the app itself work for you with all features, except for the process exit issue?

There are 3 TLS callbacks in the app:

--- snip --- (proc=0x141966898,module=0x140000000,reason=THREAD_ATTACH,reserved=0) (proc=0x140305790,module=0x140000000,reason=THREAD_ATTACH,reserved=0) (proc=0x1402f6290,module=0x140000000,reason=THREAD_ATTACH,reserved=0) --- snip ---

Your log shows the second TLS callback (0x140305790) causes an exception:

--- snip --- ... 003a:Call KERNEL32.GetFileAttributesW(004f5478 L"C:\Program Files\MetaTrader 5\config\certificates") ret=140056a92 003a:Ret KERNEL32.GetFileAttributesW() retval=00000010 ret=140056a92 003a:Call ntdll.RtlAllocateHeap(00010000,00000000,00000da8) ret=1402d2b54 003a:Ret ntdll.RtlAllocateHeap() retval=00510d00 ret=1402d2b54 003a:Call KERNEL32.InitializeCriticalSection(00510d38) ret=140962b9f 003a:Ret KERNEL32.InitializeCriticalSection() retval=00000000 ret=140962b9f 003a:Call KERNEL32.GetSystemTimeAsFileTime(0022d580) ret=140962cf0 003a:Ret KERNEL32.GetSystemTimeAsFileTime() retval=01d3e04e ret=140962cf0 003a:Call KERNEL32.GetSystemTimeAsFileTime(0022d588) ret=140962d1f 003a:Ret KERNEL32.GetSystemTimeAsFileTime() retval=01d3e04e ret=140962d1f 003a:Call ntdll.RtlAllocateHeap(00010000,00000008,00000028) ret=1402d2bcb 003a:Ret ntdll.RtlAllocateHeap() retval=00511b00 ret=1402d2bcb 003a:Call KERNEL32.GetModuleHandleExW(00000004,140966480,00511b18) ret=1402bc3c2 003a:Ret KERNEL32.GetModuleHandleExW() retval=00000001 ret=1402bc3c2 003a:Call KERNEL32.CreateThread(00000000,00100000,1402bc234,00511b00,00010000,0022d4e0) ret=1402bc513 003b:trace:seh:mac_thread_gsbase pthread_self() 0xb0002000 + offset 0x000000e0 -> gsbase 0xb00020e0 003a:Ret KERNEL32.CreateThread() retval=00000250 ret=1402bc513 003a:Call KERNEL32.GetSystemInfo(0022d540) ret=14096694e 003a:Ret KERNEL32.GetSystemInfo() retval=00004601 ret=14096694e 003a:Call KERNEL32.CreateIoCompletionPort(ffffffffffffffff,00000000,00000000,00000000) ret=140093c40 003a:Ret KERNEL32.CreateIoCompletionPort() retval=00000254 ret=140093c40 003b:Call PE DLL (proc=0x4523feb0,module=0x45190000 L"user32.dll",reason=THREAD_ATTACH,res=0x0) ... 003b:Ret PE DLL (proc=0x4523feb0,module=0x45190000 L"user32.dll",reason=THREAD_ATTACH,res=0x0) retval=1 ... 003b:Ret PE DLL (proc=0x463e1d60,module=0x463a0000 L"wininet.dll",reason=THREAD_ATTACH,res=0x0) retval=1 003b:Call TLS callback (proc=0x141966898,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 003b:Ret TLS callback (proc=0x141966898,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 003b:Call TLS callback (proc=0x140305790,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 003b:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x14182994a ip=14182994a tid=003b 003b:trace:seh:NtRaiseException info[0]=0000000000000000 003b:trace:seh:NtRaiseException info[1]=0000000000000120 003b:trace:seh:NtRaiseException rax=000000000000ffb0 rbx=00000001bfa11b40 rcx=fffffffffffffdf9 rdx=0000000000000120 003b:trace:seh:NtRaiseException rsi=0000000140efbfac rdi=000000000003f5cc rbp=fffffffffffb4ba9 rsp=000000000071e570 003b:trace:seh:NtRaiseException r8=0000000000000058 r9=000000000071e786 r10=000000000081e20b r11=0000000141829945 003b:trace:seh:NtRaiseException r12=0000000000000202 r13=0000000000000000 r14=0000000000000040 r15=0000000000000120 ... 003b:trace:seh:call_stack_handlers found wine frame 0x71e7e8 rsp 71e930 handler 0x7bc9eb80 003b:trace:seh:call_teb_handler calling TEB handler 0x7bc9eb80 (rec=0x71e430, frame=0x71e7e8 context=0x71d950, dispatch=0x71d828) 003b:trace:seh:RtlUnwindEx code=c0000005 flags=2 end_frame=0x71e7e8 target_ip=0x7bc9ea60 rip=000000007bc78c17 003b:trace:seh:RtlUnwindEx info[0]=0000000000000000 003b:trace:seh:RtlUnwindEx info[1]=0000000000000120 003b:trace:seh:RtlUnwindEx rax=000000000071e7e8 rbx=000000000071e430 rcx=000000000071d1a0 rdx=000000007bc9ea60 003b:trace:seh:RtlUnwindEx rsi=6d0ee98053420061 rdi=000000000071e7e8 rbp=000000000071d160 rsp=000000000071c9e0 003b:trace:seh:RtlUnwindEx r8=000000000071e430 r9=000000007bc9ebf0 r10=0000000000721b50 r11=ffffffffffffff7e 003b:trace:seh:RtlUnwindEx r12=000000000071df60 r13=000000000071d950 r14=000000000071d1a0 r15=000000000071e7e8 ... 003b:trace:seh:RtlRestoreContext returning to 7bc9ea60 stack 71e7a0 003b:exception in TLS callback (proc=0x141ad1f68,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 003b:Starting thread proc 0x1402bc234 (arg=0x511b00) 003a:Ret KERNEL32.GetModuleHandleExW() retval=00000001 ret=1402bc3c2 003a:Call KERNEL32.CreateThread(00000000,00100000,1402bc234,00511c80,00010000,0022d4c0) ret=1402bc513 003b:Call KERNEL32.GetLastError() ret=1402d2f70 003b:Ret KERNEL32.GetLastError() retval=00000000 ret=1402d2f70 ... 003b:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x1402d5d06 ip=1402d5d06 tid=003b 003b:trace:seh:NtRaiseException info[0]=0000000000000000 003b:trace:seh:NtRaiseException info[1]=0000000000000020 003c:trace:seh:mac_thread_gsbase pthread_self() 0xb0004000 + offset 0x000000e0 -> gsbase 0xb00040e0 003b:trace:seh:NtRaiseException rax=0000000000000000 rbx=0000000000000001 rcx=0000000000000000 rdx=0000000140cb1a78 003a:Ret KERNEL32.CreateThread() retval=00000258 ret=1402bc513 ... 003c:err:ntdll:RtlpWaitForCriticalSection section 0x140d7ad40 "?" wait timed out in thread 003c, blocked by 003b, retrying (60 sec) --- snip ---

The exception causes the thread to die while holding a lock. All other threads depending/using it will block too, preventing clean exit.

Same TLS callback sequence on my system (Linux x86_64, Fedora 27):

--- snip --- ... 0031:Call KERNEL32.GetFileAttributesW(0053e268 L"C:\Program Files\MetaTrader 5\config\certificates") ret=140056a92 0031:Ret KERNEL32.GetFileAttributesW() retval=00000010 ret=140056a92 ... 0031:Call KERNEL32.InitializeCriticalSection(005658e8) ret=140962b9f 0031:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=140962b9f 0031:Call KERNEL32.GetSystemTimeAsFileTime(0022d4f0) ret=140962cf0 0031:Ret KERNEL32.GetSystemTimeAsFileTime() retval=0022d4f0 ret=140962cf0 0031:Call KERNEL32.GetSystemTimeAsFileTime(0022d4f8) ret=140962d1f 0031:Ret KERNEL32.GetSystemTimeAsFileTime() retval=0022d4f8 ret=140962d1f ... 0031:Call KERNEL32.GetModuleHandleExW(00000004,140966480,0055a2a8) ret=1402bc3c2 0031:Ret KERNEL32.GetModuleHandleExW() retval=00000001 ret=1402bc3c2 0031:Call KERNEL32.CreateThread(00000000,00100000,1402bc234,0055a290,00010000,0022d450) ret=1402bc513 0031:Ret KERNEL32.CreateThread() retval=00000250 ret=1402bc513 0031:Call KERNEL32.GetSystemInfo(0022d4b0) ret=14096694e 0031:Ret KERNEL32.GetSystemInfo() retval=0022d4b0 ret=14096694e 0031:Call KERNEL32.CreateIoCompletionPort(ffffffffffffffff,00000000,00000000,00000000) ret=140093c40 0031:Ret KERNEL32.CreateIoCompletionPort() retval=00000254 ret=140093c40 0031:Call ntdll.RtlAllocateHeap(00010000,00000008,00000028) ret=1402d2bcb 0031:Ret ntdll.RtlAllocateHeap() retval=0055a2d0 ret=1402d2bcb 0031:Call KERNEL32.GetModuleHandleExW(00000004,140965fb0,0055a2e8) ret=1402bc3c2 0031:Ret KERNEL32.GetModuleHandleExW() retval=00000001 ret=1402bc3c2 0031:Call KERNEL32.CreateThread(00000000,00100000,1402bc234,0055a2d0,00010000,0022d430) ret=1402bc513 0032:Call PE DLL (proc=0x7faddb1dbe6a,module=0x7faddb0e0000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) ... 0032:Ret PE DLL (proc=0x7fadd969692e,module=0x7fadd9640000 L"wininet.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 0032:Call TLS callback (proc=0x141966898,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0031:Ret KERNEL32.CreateThread() retval=00000258 ret=1402bc513 0031:Call ntdll.RtlAllocateHeap(00010000,00000008,00000028) ret=1402d2bcb 0031:Ret ntdll.RtlAllocateHeap() retval=0055a420 ret=1402d2bcb 0031:Call KERNEL32.GetModuleHandleExW(00000004,140965fb0,0055a438) ret=1402bc3c2 0032:Ret TLS callback (proc=0x141966898,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0032:Call TLS callback (proc=0x140305790,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0032:Ret TLS callback (proc=0x140305790,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0032:Call TLS callback (proc=0x1402f6290,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0032:Call ntdll.RtlAllocateHeap(00360000,00000000,00000018) ret=140e12c83 0032:Ret ntdll.RtlAllocateHeap() retval=00364d60 ret=140e12c83 0032:Call ntdll.RtlAllocateHeap(00360000,00000000,00000018) ret=140e12c83 0032:Ret ntdll.RtlAllocateHeap() retval=00364d90 ret=140e12c83 0032:Call ntdll.LdrGetProcedureAddress(7b460000,0070e360,00000000,0070e398) ret=14193d460 0032:Ret ntdll.LdrGetProcedureAddress() retval=00000000 ret=14193d460 ... 0032:Ret TLS callback (proc=0x1402f6290,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0031:Ret KERNEL32.GetModuleHandleExW() retval=00000001 ret=1402bc3c2 0031:Call KERNEL32.CreateThread(00000000,00100000,1402bc234,0055a420,00010000,0022d430) ret=1402bc513 0032:Starting thread proc 0x1402bc234 (arg=0x55a290) 0033:Call PE DLL (proc=0x7faddb1dbe6a,module=0x7faddb0e0000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) 0032:Call KERNEL32.GetLastError() ret=1402d2f70 0033:Ret PE DLL (proc=0x7faddb1dbe6a,module=0x7faddb0e0000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 0032:Ret KERNEL32.GetLastError() retval=00000000 ret=1402d2f70 ... 0033:Call PE DLL (proc=0x7fadda5aa963,module=0x7fadda580000 L"ws2_32.dll",reason=THREAD_ATTACH,res=(nil)) 0032:Call KERNEL32.LoadLibraryExW(140a76db0 L"api-ms-win-appmodel-runtime-l1-1-2",00000000,00000800) ret=1402d336d 0033:Ret PE DLL (proc=0x7fadda5aa963,module=0x7fadda580000 L"ws2_32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 0033:Call PE DLL (proc=0x7fadd969692e,module=0x7fadd9640000 L"wininet.dll",reason=THREAD_ATTACH,res=(nil)) 0033:Ret PE DLL (proc=0x7fadd969692e,module=0x7fadd9640000 L"wininet.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 0033:Call TLS callback (proc=0x141966898,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0031:Ret KERNEL32.CreateThread() retval=0000025c ret=1402bc513 ... 0031:Call KERNEL32.GetModuleHandleExW(00000004,140965fb0,0055a4e8) ret=1402bc3c2 0033:Ret TLS callback (proc=0x141966898,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0033:Call TLS callback (proc=0x140305790,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0033:Ret TLS callback (proc=0x140305790,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0033:Call TLS callback (proc=0x1402f6290,module=0x140000000,reason=THREAD_ATTACH,reserved=0) ... 0033:Call ntdll.LdrGetProcedureAddress(7b460000,0081e360,00000000,0081e398) ret=14193d460 0033:Ret ntdll.LdrGetProcedureAddress() retval=00000000 ret=14193d460 ... 0033:Ret TLS callback (proc=0x1402f6290,module=0x140000000,reason=THREAD_ATTACH,reserved=0) 0033:Starting thread proc 0x1402bc234 (arg=0x55a2d0) --- snip ---

The problem seems to occur on your system when the second TLS callback is called the second time (thread creation -> thread attach notification).

The first time (process attach notification) it goes fine on your system too, from your log:

--- snip --- ... 003a:Call TLS callback (proc=0x140305790,module=0x140000000,reason=PROCESS_ATTACH,reserved=0) ... 003a:Call KERNEL32.GetModuleHandleW(003638b0 L"ntdll.dll") ret=14193d4be 003a:Ret KERNEL32.GetModuleHandleW() retval=7bc10000 ret=14193d4be 003a:Call KERNEL32.GetProcAddress(7bc10000,00363910 "wine_get_version") ret=14193d4c9 003a:Ret KERNEL32.GetProcAddress() retval=7bc19728 ret=14193d4c9 ... 003a:Call advapi32.RegOpenKeyExA(ffffffff80000002,0022e2e0 "HARDWARE\ACPI\DSDT\VBOX__",00000000,00020019,0022e338) ret=1403055f1 003a:Ret advapi32.RegOpenKeyExA() retval=00000002 ret=1403055f1 003a:Call KERNEL32.GetModuleHandleW(0022e300 L"VBoxHook.dll") ret=140305653 003a:Ret KERNEL32.GetModuleHandleW() retval=00000000 ret=140305653 ... 003a:Call KERNEL32.GetModuleHandleW(003638b0 L"ntdll.dll") ret=14193d7d5 003a:Ret KERNEL32.GetModuleHandleW() retval=7bc10000 ret=14193d7d5 003a:Call KERNEL32.GetModuleHandleW(00363910 L"kernel32.dll") ret=14193d7f6 003a:Ret KERNEL32.GetModuleHandleW() retval=7b410000 ret=14193d7f6 003a:Call KERNEL32.GetProcAddress(7bc10000,003639d0 "NtQueryInformationProcess") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc13780 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363a90 "NtSetInformationThread") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc13ee0 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363a30 "NtQuerySystemInformation") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc139cc ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363af0 "NtFreeVirtualMemory") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc1308c ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363b50 "NtQueryVirtualMemory") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc13a94 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363bb0 "NtAllocateVirtualMemory") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc12b08 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363c10 "NtProtectVirtualMemory") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc135d8 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363c70 "NtCreateFile") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc12c6c ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363cd0 "NtReadFile") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc13b44 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363d30 "NtWriteFile") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc14258 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363d90 "NtWaitForSingleObject") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc14238 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363df0 "NtQueryInformationFile") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc13738 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363e50 "NtSetInformationFile") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc13e2c ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363eb0 "NtQueryFullAttributesFile") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc136f8 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363f10 "NtRemoveProcessDebug") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00363f70 "NtTerminateProcess") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc14124 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364030 "NtClose") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc12bd4 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364090 "NtDeviceIoControlFile") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc12f28 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,003640f0 "NtFsControlFile") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc130b0 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364150 "NtWriteVirtualMemory") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc142a0 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,003641b0 "NtFlushInstructionCache") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc13030 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364210 "NtReadVirutalMemory") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364270 "NtDelayExecution") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc12ea8 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,003642d0 "NtMapViewOfSection") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc13240 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364330 "NtUnmapViewOfSection") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc141d4 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364390 "NtCreateSection") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc12df4 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,003643f0 "NtCreateDebugObject") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=00000000 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364450 "NtQueryObject") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc138b8 ret=14193d48d 003a:Call KERNEL32.GetProcAddress(7bc10000,00364510 "LdrGetProcedureAddress") ret=14193d48d 003a:Ret KERNEL32.GetProcAddress() retval=7bc12858 ret=14193d48d 003a:Call ntdll.LdrGetProcedureAddress(7bc10000,0022e310,00000000,0022e348) ret=14193d460 003a:Ret ntdll.LdrGetProcedureAddress() retval=00000000 ret=14193d460 ... 003a:Call KERNEL32.GetModuleHandleW(003638b0 L"ntdll.dll") ret=14193d4be 003a:Ret KERNEL32.GetModuleHandleW() retval=7bc10000 ret=14193d4be 003a:Call KERNEL32.GetProcAddress(7bc10000,00364570 "wine_get_version") ret=14193d4c9 003a:Ret KERNEL32.GetProcAddress() retval=7bc19728 ret=14193d4c9 ... 003a:Call KERNEL32.Wow64DisableWow64FsRedirection(0022e108) ret=140043ebe 003a:Ret KERNEL32.Wow64DisableWow64FsRedirection() retval=00000000 ret=140043ebe 003a:Call KERNEL32.GetSystemDirectoryW(0022e110,00000104) ret=14193f3e7 003a:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=14193f3e7 003a:Call KERNEL32.GetFileAttributesW(0022e110 L"C:\windows\system32\drivers\vmmouse.sys") ret=14193d2ac 003a:Ret KERNEL32.GetFileAttributesW() retval=ffffffff ret=14193d2ac 003a:Call KERNEL32.Wow64RevertWow64FsRedirection(00000000) ret=14030576f 003a:Ret KERNEL32.Wow64RevertWow64FsRedirection() retval=00000000 ret=14030576f 003a:Call advapi32.RegOpenKeyExA(ffffffff80000002,0022ded0 "HARDWARE\Description\System",00000000,00020019,0022e340) ret=140301235 003a:Ret advapi32.RegOpenKeyExA() retval=00000000 ret=140301235 003a:Call advapi32.RegQueryValueExA(00000084,0022def0 "SystemBiosVersion",00000000,00000000,0022df10,0022e330) ret=14030127d 003a:Ret advapi32.RegQueryValueExA() retval=00000002 ret=14030127d ... 003a:Ret TLS callback (proc=0x140305790,module=0x140000000,reason=PROCESS_ATTACH,reserved=0) --- snip ---

VMProtect is Wine aware and falls back to more conservative methods of using native API. It would not work otherwise due some advanced/direct usage of syscalls (https://lifeinhex.com/tag/vmprotect/).

The TLS callbacks are like the other code completely virtualized (VM), so there is not much to see. Example:

--- snip --- 0000000140305790 | E9 09 | jmp terminal64.140FE309E ... 0000000140FE309E | 68 39 | push 64A05339 0000000140FE30A3 | E8 DC | call terminal64.1411E9284 0000000140FE30A8 | 66 BB | mov bx, 2033 0000000140FE30AC | 45 0F | movsx r11d, r12w 0000000140FE30B0 | 41 59 | pop r9 0000000140FE30B2 | 41 0F | movsx ebp, r9w 0000000140FE30B6 | 41 5D | pop r13 0000000140FE30B8 | 48 87 | xchg rbp, rbp 0000000140FE30BB | 4C 0F | movzx r11, bp 0000000140FE30BF | 41 5B | pop r11 0000000140FE30C1 | 49 0F | movsx rsi, r11w 0000000140FE30C5 | 41 5F | pop r15 0000000140FE30C7 | 5D | pop rbp 0000000140FE30C8 | 66 44 | movsx r10w, spl 0000000140FE30CD | 41 B2 | mov r10b, E3 0000000140FE30D0 | 66 41 | movzx bx, r9b 0000000140FE30D5 | 5B | pop rbx 0000000140FE30D6 | 40 0F | setl sil 0000000140FE30DA | 4C 0F | movzx r10, cx 0000000140FE30DE | 41 5A | pop r10 0000000140FE30E0 | 48 0F | movsx rsi, cx 0000000140FE30E4 | 66 0F | bswap si 0000000140FE30E7 | 5E | pop rsi 0000000140FE30E8 | E9 C4 | jmp terminal64.1412426B1 ... 00000001412426B1 | C3 | ret --- snip ---

Sadly, the only usable 64-bit GUI debugger x64dbg is also broken in several aspects when it comes to 64-bit Wine, making it rather painful to work with.

I don't see how can I further analyse your problem without debugging the actual target. There are likely pecularities of the underlying host OS -> macOS here that makes the foul play.

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

2:06 p.m.

New subject: [Bug 45083] 64-bit MetaTrader 5 hangs on exit (VMProtect 3.x, exception in TLS callback under macOS)

https://bugs.winehq.org/show_bug.cgi?id=45083

--- Comment #5 from Amin persiantools@yahoo.com --- **** Does the app itself work for you with all features, except for the process exit issue?

No, the app is unusable. Like you said, there are communication issues that prevent the market charts showing up.

**** Sadly, the only usable 64-bit GUI debugger x64dbg is also broken in several aspects when it comes to 64-bit Wine, making it rather painful to work with.

Would it help if I just installed 32 bit MetaTrader on 32 bit wine?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

7 May 7 May

5:14 a.m.

New subject: [Bug 45083] 64-bit MetaTrader 5 hangs on exit (VMProtect 3.x, exception in TLS callback under macOS)

https://bugs.winehq.org/show_bug.cgi?id=45083

tokktokk fdsfgs@krutt.org changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

10 Jun 10 Jun

10:16 a.m.

New subject: [Bug 45083] 64-bit MetaTrader 5 hangs on exit (VMProtect 3.x, exception in TLS callback under macOS)

https://bugs.winehq.org/show_bug.cgi?id=45083

Anya animegirl@stronzi.org changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |animegirl@stronzi.org

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

9 Jul 9 Jul

7:22 p.m.

New subject: [Bug 45083] 64-bit MetaTrader 5 hangs on exit (VMProtect 3.x, exception in TLS callback under macOS)

https://bugs.winehq.org/show_bug.cgi?id=45083

soredake broaden_acid002@simplelogin.com changed:

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

166

Age (days ago)

2430

Last active (days ago)

wine-bugs@winehq.org

8 comments

2 participants

tags (0)

participants (2)

wine-bugs＠winehq.org
WineHQ Bugzilla