http://bugs.winehq.org/show_bug.cgi?id=7679
------- Additional Comments From focht@gmx.net 2007-30-04 03:48 ------- Hello,
seems i have to provide more info to get someone adding a patch ;)
The following is a trace from problematic hooker call:
--- snip --- .. trace:virtual:NtProtectVirtualMemory 0xffffffff 0x1c7812c 0000000c 0000000c trace:virtual:VIRTUAL_SetProt 0x1c78000-0x1c78fff c---- trace:virtual:VIRTUAL_DumpView View: 0x1c70000 - 0x1c79fff 0x140 trace:virtual:VIRTUAL_DumpView 0x1c70000 - 0x1c70fff c-r-- trace:virtual:VIRTUAL_DumpView 0x1c71000 - 0x1c73fff c-r-x trace:virtual:VIRTUAL_DumpView 0x1c74000 - 0x1c76fff c-rW- trace:virtual:VIRTUAL_DumpView 0x1c77000 - 0x1c77fff c-r-- trace:virtual:VIRTUAL_DumpView 0x1c78000 - 0x1c78fff c---- trace:virtual:VIRTUAL_DumpView 0x1c79000 - 0x1c79fff c-r-- .. --- snip ---
The problem is VIRTUAL_GetProt() in dlls/ntdll/virtual.c:NtProtectVirtualMemory().
It doesnt honour multiple flag combinations (of course some of them are invalid). As said in my previous comment, it tries to NtProtectVirtualMemory( PAGE_WRITECOPY | PAGE_READWRITE) due to .idata section attributes.
VIRTUAL_GetProt( PAGE_WRITECOPY | PAGE_READWRITE) is called which can't handle multiple flags and falls through default case (vprot = 0).
VIRTUAL_SetProt() is then called with (0 | VPROT_COMMITTED). This results in no access page ("c----") where every pointer access causes access violation.
To fix this, add the following pre-check in
--- snip dlls/ntdll/virtual.c ---
NTSTATUS WINAPI NtProtectVirtualMemory( HANDLE process, PVOID *addr_ptr, SIZE_T *size_ptr, ULONG new_prot, ULONG *old_prot ) { FILE_VIEW *view; sigset_t sigset; NTSTATUS status = STATUS_SUCCESS; char *base; UINT i; BYTE vprot, *p; ULONG prot; SIZE_T size = *size_ptr; LPVOID addr = *addr_ptr; RTL_OSVERSIONINFOEXW info;
TRACE("%p %p %08lx %08x\n", process, addr, size, new_prot );
/* Check for mutually exclusive protection values (e.g. WRITECOPY | READWRITE) NOTE: VIRTUAL_GetProt doesnt honour multiple flags, so we do it here. Make NtProtectVirtualMemory fail to emulate windows NT behaviour. TODO: check for other invalid combinations */ if( (new_prot & (PAGE_READWRITE | PAGE_WRITECOPY)) == (PAGE_READWRITE | PAGE_WRITECOPY)) { info.dwOSVersionInfoSize = sizeof(info); if( (RtlGetVersion( &info) == STATUS_SUCCESS) && (info.dwPlatformId == VER_PLATFORM_WIN32_NT)) { TRACE( "invalid page protection combination, emulating NT\n"); return STATUS_INVALID_PARAMETER; } }
if (process != NtCurrentProcess()) ....
--- snip dlls/ntdll/virtual.c ---
After patch:
--- snip trace --- .. trace:virtual:NtProtectVirtualMemory 0xffffffff 0x1c7812c 0000000c 0000000c trace:virtual:NtProtectVirtualMemory invalid page protection combination, emulating NT trace:virtual:NtProtectVirtualMemory 0xffffffff 0x1e12000 00000004 00000004 trace:virtual:VIRTUAL_SetProt 0x1e12000-0x1e12fff c-rw- trace:virtual:VIRTUAL_SetProt forcing exec permission on 0x1e12000-0x1e12fff trace:virtual:VIRTUAL_DumpView View: 0x1e10000 - 0x1e14fff 0x140 trace:virtual:VIRTUAL_DumpView 0x1e10000 - 0x1e10fff c-r-- trace:virtual:VIRTUAL_DumpView 0x1e11000 - 0x1e11fff c-r-x trace:virtual:VIRTUAL_DumpView 0x1e12000 - 0x1e12fff c-rw- trace:virtual:VIRTUAL_DumpView 0x1e13000 - 0x1e13fff c-rW- trace:virtual:VIRTUAL_DumpView 0x1e14000 - 0x1e14fff c-r-- .. --- snip trace ---
App starts now fine with winecfg = NT+
Though this check might miss some cases, there is no information that *all* combination are mutually exclusive. It might be fun to add all VirtualProtect( flag_combinations) test cases for various windows versions :) This is left as excercise. It could be possible that allowing only one flag at a time breaks too much stuff, so i coded this specific case here. Shouldnt be a performance killer at all.
Regards
-
Wine Bugs