http://bugs.winehq.org/show_bug.cgi?id=33162
Bug #: 33162 Summary: Unimplemented function user32.dll.UserHandleGrantAccess Product: Wine Version: 1.5.25 Platform: x86 URL: http://ardownload.adobe.com/pub/adobe/reader/win/11.x/ 11.0.00/pl_PL/AdbeRdr11000_pl_PL.exe OS/Version: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: austinenglish@gmail.com CC: lukasz.wojnilowicz@gmail.com Depends on: 32960 Classification: Unclassified
Created attachment 43875 --> http://bugs.winehq.org/attachment.cgi?id=43875 terminal output
To reproduce: 1) remove ~/.wine 2) install Acrobat Reader 11 PL 3) start Acrobat Reader 11 PL
fixme:win:UserHandleGrantAccess (0x20072,0xdead,1): stub fixme:advapi:CreateProcessAsUserW 0xc4 L"C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" L""C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=8.1.1201636558 --type=renderer" (nil) (nil) 0 0x0100040c 0x565560 (null) 0x32f53c 0x32f588 - semi- stub fixme:ntdll:NtAssignProcessToJobObject stub: 0xdead 0xd0 err:seh:setup_exception_record nested exception on signal stack in thread 003f eip 7bc8a607 esp 7ffdad90 stack 0x242000-0x340000
I'll attach logs
http://bugs.winehq.org/show_bug.cgi?id=33162
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Unimplemented function |Acrobat Reader 11 (Polish) |user32.dll.UserHandleGrantA |crashes on start) |ccess |
http://bugs.winehq.org/show_bug.cgi?id=33162
--- Comment #1 from Austin English austinenglish@gmail.com 2013-03-09 17:55:35 CST --- Created attachment 43876 --> http://bugs.winehq.org/attachment.cgi?id=43876 relay,seh,tid trace
http://bugs.winehq.org/show_bug.cgi?id=33162
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation CC| |focht@gmx.net Component|-unknown |ntdll Summary|Acrobat Reader 11 (Polish) |Acrobat Reader 11 crashes |crashes on start) |on start (native API | |application virtualization, | |NtProtectVirtualMemory | |removes execute page | |protection on its own code)
--- Comment #2 from Anastasius Focht focht@gmx.net 2013-03-10 11:28:39 CDT --- Hello folks,
finally an interesting bug ... among many boring ones :-)
It seems Acrobat Reader 11 employs an application virtualization scheme at native API level -> 'sandboxing'. The parent process launches a child process 'sandbox' which gets heavily patched at startup. Many native API entries get detoured.
Child process start:
--- snip --- 0009:fixme:advapi:CreateProcessAsUserW 0xc4 L"C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" L""C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=8.1.111197294 --type=renderer" (nil) (nil) 0 0x0100040c 0x565b60 (null) 0x32f4fc 0x32f548 - semi- stub 0009:trace:process:create_process_impl app L"C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" cmdline L""C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=8.1.111197294 --type=renderer" ... 0009: new_process() = 0 { info=00cc, pid=0028, phandle=00d0, tid=0029, thandle=00d4 } ... 0009: *wakeup* signaled=0 0029: *sent signal* signal=10 0029: init_process_done() = 0 --- snip ---
Successful patch sequence of ntdll "NtCreateMutant" in child process:
--- snip --- 0009: read_process_memory( handle=00d0, addr=7bc812b2 ) 0029: *signal* signal=19 0009: read_process_memory() = 0 { data={55,89,e5,57,56,53,83,e4,f0,81,ec,b0,00,00,00,e8} } 0009: read_process_memory( handle=00d0, addr=7bc812b2 ) 0029: *signal* signal=19 0009: read_process_memory() = 0 { data={55,89,e5,57,56,53,83,e4,f0,81,ec,b0,00,00,00,e8} } 0009: write_process_memory( handle=00d0, addr=0068f210, data={55,89,e5,57,56,53,83,e4,f0,81,ec,b0,00,00,00,e8,00,00,00,00,00,00,00,00,83,ec,08,52,8b,54,24,0c,89,54,24,08,c7,44,24,0c,10,f2,68,00,c7,44,24,04,a0,4a,40,00,5a,c3} ) 0029: *signal* signal=19 0009: write_process_memory() = 0 0009:trace:virtual:NtProtectVirtualMemory 0xd0 0x7bc812b2 0000000c 00000008 0009: queue_apc( handle=00d0, call={APC_VIRTUAL_PROTECT,addr=7bc812b2,size=0000000c,prot=8} ) 0029: *wakeup* signaled=192 0009: queue_apc() = 0 { handle=00c8, self=0 } 0029: select( flags=4, cookie=7ffdb29c, signal=0000, prev_apc=0000, timeout=1ce1d98c58f8b8a (-0.0116980), result={}, handles={} ) 0029: select() = USER_APC { timeout=1ce1d98c58f8b8a (-0.0116980), call={APC_VIRTUAL_PROTECT,addr=7bc812b2,size=0000000c,prot=8}, apc_handle=0024 } 0029:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x7bc812b2 0000000c 00000008 0009: select( flags=4, cookie=0032f2ac, signal=0000, prev_apc=0000, timeout=infinite, result={}, handles={00c8} ) 0029:trace:virtual:VIRTUAL_SetProt 0x7bc81000-0x7bc81fff c-rW- 0009: select() = PENDING { timeout=infinite, call={APC_NONE}, apc_handle=0000 } 0029:trace:virtual:VIRTUAL_DumpView View: 0x7bc10000 - 0x7bce3fff (system) 0029:trace:virtual:VIRTUAL_DumpView 0x7bc10000 - 0x7bc10fff c-r-- 0029:trace:virtual:VIRTUAL_DumpView 0x7bc11000 - 0x7bc80fff c-r-x 0029:trace:virtual:VIRTUAL_DumpView 0x7bc81000 - 0x7bc81fff c-rW- 0029:trace:virtual:VIRTUAL_DumpView 0x7bc82000 - 0x7bcc7fff c-r-x 0029:trace:virtual:VIRTUAL_DumpView 0x7bcc8000 - 0x7bce3fff c-rw- 0029: select( flags=4, cookie=7ffdb29c, signal=0000, prev_apc=0024, timeout=1ce1d98c58f8b8a (-0.0117520), result={APC_VIRTUAL_PROTECT,status=0,addr=7bc81000,size=00001000,prot=20}, handles={} ) 0009: *wakeup* signaled=0 0029: select() = PENDING { timeout=1ce1d98c58f8b8a (-0.0117520), call={APC_NONE}, apc_handle=0000 } 0009: get_apc_result( handle=00c8 ) 0009: get_apc_result() = 0 { result={APC_VIRTUAL_PROTECT,status=0,addr=7bc81000,size=00001000,prot=20} } 0009: write_process_memory( handle=00d0, addr=7bc812b2, data={b8,89,e5,57,56,ba,28,f2,68,00,ff,e2} ) 0029: *signal* signal=19 0009: write_process_memory() = 0 0009:trace:virtual:NtProtectVirtualMemory 0xd0 0x7bc812b2 0000000c 00000020 0009: queue_apc( handle=00d0, call={APC_VIRTUAL_PROTECT,addr=7bc812b2,size=0000000c,prot=20} ) 0029: *wakeup* signaled=192 0009: queue_apc() = 0 { handle=00c8, self=0 } 0029: select( flags=4, cookie=7ffdb29c, signal=0000, prev_apc=0000, timeout=1ce1d98c58f8b8a (-0.0118720), result={}, handles={} ) 0029: select() = USER_APC { timeout=1ce1d98c58f8b8a (-0.0118720), call={APC_VIRTUAL_PROTECT,addr=7bc812b2,size=0000000c,prot=20}, apc_handle=0024 } 0029:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x7bc812b2 0000000c 00000020 0009: select( flags=4, cookie=0032f2ac, signal=0000, prev_apc=0000, timeout=infinite, result={}, handles={00c8} ) 0029:trace:virtual:VIRTUAL_SetProt 0x7bc81000-0x7bc81fff c-r-x 0009: select() = PENDING { timeout=infinite, call={APC_NONE}, apc_handle=0000 } 0029:trace:virtual:VIRTUAL_DumpView View: 0x7bc10000 - 0x7bce3fff (system) 0029:trace:virtual:VIRTUAL_DumpView 0x7bc10000 - 0x7bc10fff c-r-- 0029:trace:virtual:VIRTUAL_DumpView 0x7bc11000 - 0x7bcc7fff c-r-x 0029:trace:virtual:VIRTUAL_DumpView 0x7bcc8000 - 0x7bce3fff c-rw- 0029: select( flags=4, cookie=7ffdb29c, signal=0000, prev_apc=0024, timeout=1ce1d98c58f8b8a (-0.0119190), result={APC_VIRTUAL_PROTECT,status=0,addr=7bc81000,size=00001000,prot=8}, handles={} ) 0009: *wakeup* signaled=0 0029: select() = PENDING { timeout=1ce1d98c58f8b8a (-0.0119190), call={APC_NONE}, apc_handle=0000 } 0009: get_apc_result( handle=00c8 ) 0009: get_apc_result() = 0 { result={APC_VIRTUAL_PROTECT,status=0,addr=7bc81000,size=00001000,prot=8} } --- snip ---
The child API entry is read and analyzed for patchable opcode sequences (parent process looks for specific opcodes). A short opcode sequence is inserted into API entry prolog code by changing page protection with VirtualProtectEx() to PAGE_WRITECOPY, calling WriteProcessMemory() and changing protection back to PAGE_EXECUTE_READ.
Original:
--- snip --- 7BC43C84 push ebp 7BC43C85 mov ebp,esp 7BC43C87 push edi 7BC43C88 push esi 7BC43C89 push ebx ... --- snip ---
Becomes:
--- snip --- 7BC43C84 mov eax,5657E589 7BC43C89 mov edx,3D8128 7BC43C8E jmp edx 7BC43C90 add [eax],eax ... --- snip ---
The original chunk (prolog) is written to another place in child process (along with app own code chunk).
Now the failing patch sequence -> "NtCreateSection"
Like the previous case, the original entry opcodes are read and saved in another place in child process:
--- snip --- 0009: read_process_memory( handle=00d0, addr=7bc94f6e ) 0029: *signal* signal=19 0009: read_process_memory() = 0 { data={55,89,e5,53,83,e4,f0,81,ec,b0,00,00,00,e8,f7,92} } 0009: read_process_memory( handle=00d0, addr=7bc94f6e ) 0029: *signal* signal=19 0009: read_process_memory() = 0 { data={55,89,e5,53,83,e4,f0,81,ec,b0,00,00,00,e8,f7,92} } 0009: write_process_memory( handle=00d0, addr=0068f250, data={55,89,e5,53,83,e4,f0,81,ec,b0,00,00,00,e8,f7,92,00,00,00,00,00,00,00,00,83,ec,08,52,8b,54,24,0c,89,54,24,08,c7,44,24,0c,50,f2,68,00,c7,44,24,04,d0,43,40,00,5a,c3} ) 0029: *signal* signal=19 0009: write_process_memory() = 0 --- snip ---
The target page protection bits are set for patch sequence (process write), by calling VirtualProtectEx() with PAGE_WRITECOPY.
--- snip --- 0009:trace:virtual:NtProtectVirtualMemory 0xd0 0x7bc94f6e 0000000c 00000008 0009: queue_apc( handle=00d0, call={APC_VIRTUAL_PROTECT,addr=7bc94f6e,size=0000000c,prot=8} ) 0029: *wakeup* signaled=192 0009: queue_apc() = 0 { handle=00c8, self=0 } 0029: select( flags=4, cookie=7ffdb29c, signal=0000, prev_apc=0000, timeout=1ce1d98c58f8b8a (-0.0121440), result={}, handles={} ) 0029: select() = USER_APC { timeout=1ce1d98c58f8b8a (-0.0121440), call={APC_VIRTUAL_PROTECT,addr=7bc94f6e,size=0000000c,prot=8}, apc_handle=0024 } 0029:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x7bc94f6e 0000000c 00000008 0009: select( flags=4, cookie=0032f2ac, signal=0000, prev_apc=0000, timeout=infinite, result={}, handles={00c8} ) 0029:trace:virtual:VIRTUAL_SetProt 0x7bc94000-0x7bc94fff c-rW- 0009: select() = PENDING { timeout=infinite, call={APC_NONE}, apc_handle=0000 } 0029:trace:virtual:VIRTUAL_DumpView View: 0x7bc10000 - 0x7bce3fff (system) 0029:trace:virtual:VIRTUAL_DumpView 0x7bc10000 - 0x7bc10fff c-r-- 0029:trace:virtual:VIRTUAL_DumpView 0x7bc11000 - 0x7bc93fff c-r-x 0029:trace:virtual:VIRTUAL_DumpView 0x7bc94000 - 0x7bc94fff c-rW- 0029:trace:virtual:VIRTUAL_DumpView 0x7bc95000 - 0x7bcc7fff c-r-x 0029:trace:virtual:VIRTUAL_DumpView 0x7bcc8000 - 0x7bce3fff c-rw- 0029:err:seh:setup_exception_record nested exception on signal stack in thread 0029 eip 7bc942f2 esp 7ffdaec0 stack 0x242000-0x340000 0029: *killed* exit_code=0 0028: *process killed* 000c: *process killed* *boom* --- snip ---
To carry out VirtualProtectEx(), Wine queues an APC to the child process. NtProtectVirtualMemory() is called on arbitrary thread in the child process.
The problem: the code of executing NtProtectVirtualMemory() API call lives in the same page that needs it's page protection changed to allow the app to patch NtCreateSection() API entry. If you look closely at the virtual view dump after protection change:
--- snip --- 0029:trace:virtual:VIRTUAL_DumpView 0x7bc94000 - 0x7bc94fff c-rW- --- snip ---
The code of VIRTUAL_SetProt() lies in a different page hence you still see the debug channel dump (+virtual) before the crash. When the call returns to NtProtectVirtualMemory(), a segv is raised because the page is no longer "execute".
Regards
http://bugs.winehq.org/show_bug.cgi?id=33162
mybugs.mail@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mybugs.mail@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=33162
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hans@meelstraat.net Blocks| |34109
--- Comment #3 from Austin English austinenglish@gmail.com 2013-09-27 18:45:01 CDT --- So while looking at bug 34109, I noticed that this used to run in wine-1.4. I ran a regression test, which points to:
austin@aw25 /tmp/winert $ git bisect good bbb29e9d4c1b55f24c60a6449903a6ffb149ccc1 is the first bad commit commit bbb29e9d4c1b55f24c60a6449903a6ffb149ccc1 Author: Hans Leidekker hans@codeweavers.com Date: Wed Jan 16 10:56:47 2013 +0100
advapi32: Improve the stub for CreateRestrictedToken.
:040000 040000 637d6f76358f31bdd56b0492014497cd24091627 1983f0dc64842b06099abdd02fc18f8aa8c3ccb8 M dlls
Reverting that in git lets the app start.
http://bugs.winehq.org/show_bug.cgi?id=33162
--- Comment #4 from Anastasius Focht focht@gmx.net 2013-09-28 05:25:35 CDT --- Hello Austin,
your problem/regression finding has nothing to do with this bug, it's a separate issue.
The underlying problem I analysed here is still present and it just works by chance for the Wine version you are using.
Code changes to Wine's ntdll and/or compiler/linker settings/versions can make this problem reappear any time.
Dumping the relevant range of ntdll export addresses for Wine 1.7.3 gives:
--- snip --- ... NtAllocateVirtualMemory 7BC98F66 NtFreeVirtualMemory 7BC9970C NtProtectVirtualMemory 7BC99B5B NtQueryVirtualMemory 7BC9A054 NtLockVirtualMemory 7BC9A88F NtUnlockVirtualMemory 7BC9A9D2 NtCreateSection 7BC9AB15 NtOpenSection 7BC9AE1A ... --- snip ---
The API in question 'NtCreateSection' (0x7BC99xxx) from my previous analysis (comment #2) now lives in a different page than 'NtProtectVirtualMemory' (0x7BC9Axxx) hence the crash is "magically" gone.
Regards
http://bugs.winehq.org/show_bug.cgi?id=33162
--- Comment #5 from Anastasius Focht focht@gmx.net 2013-09-28 05:31:08 CDT --- Hello folks,
just a minor correction, I mixed up the addresses while editing.
NtProtectVirtualMemory -> 0x7BC99xxx NtCreateSection -> 0x7BC9Axxx
Regards
http://bugs.winehq.org/show_bug.cgi?id=33162
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |imwellcushtymelike@gmail.co | |m
--- Comment #6 from Ken Sharp imwellcushtymelike@gmail.com --- Still present in wine-1.7.11-206-g82b3813 FWIW.
https://bugs.winehq.org/show_bug.cgi?id=33162
Michael Müller michael@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |STAGED CC| |michael@fds-team.de, | |sebastian@fds-team.de Staged patchset| |https://github.com/wine-com | |pholio/wine-staging/tree/ma | |ster/patches/ntdll-Fix_Alig | |nment
https://bugs.winehq.org/show_bug.cgi?id=33162
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
https://bugs.winehq.org/show_bug.cgi?id=33162
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Hardware|x86 |x86-64 Staged patchset|https://github.com/wine-com |https://github.com/wine-sta |pholio/wine-staging/tree/ma |ging/wine-staging/tree/mast |ster/patches/ntdll-Fix_Alig |er/patches/ntdll-Fix_Alignm |nment |ent
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, obviously still present.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Adobe/Reader 11.0/Reader
$ wine ./AcroRd32.exe ... 0009:fixme:advapi:CreateProcessAsUserW 0xb8 L"C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" L""C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=8.1.287785271 --type=renderer" (nil) (nil) 0 0x0100040c 0x602120 (null) 0x33f58c 0x33f5d8 - semi-stub 0032:err:seh:raise_exception Unhandled exception code c0000005 flags 0 addr 0x7bcae482 --- snip ---
I wonder if Adobe still does this kind of brain damage in their crap^H^H^H^Hsoftware ;-)
Anyway, I would be ok with the bug being closed as 'WONTFIX' as my analysis is search-engine indexed forever. It provides valuable insights into proprietary software protection schemes and their pitfalls.
$ sha1sum AdbeRdr11000_pl_PL.exe a55560d1ed71b4994a4fe57fc32f5c0d5604afc4 AdbeRdr11000_pl_PL.exe
$ du -sh AdbeRdr11000_pl_PL.exe 38M AdbeRdr11000_pl_PL.exe
$ wine --version wine-3.3
Regards
https://bugs.winehq.org/show_bug.cgi?id=33162
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |leslie_alistair@hotmail.com
--- Comment #8 from Alistair Leslie-Hughes leslie_alistair@hotmail.com --- (In reply to Anastasius Focht from comment #7)
$ wine ./AcroRd32.exe ... 0009:fixme:advapi:CreateProcessAsUserW 0xb8 L"C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" L""C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=8.1.287785271 --type=renderer" (nil) (nil) 0 0x0100040c 0x602120 (null) 0x33f58c 0x33f5d8
- semi-stub
0032:err:seh:raise_exception Unhandled exception code c0000005 flags 0 addr 0x7bcae482 --- snip ---
I couldn't produce the issue.
Since the patch was to put the functions on separate pages. Could AJ "winegcc: Set page alignment to 4096 in all cases." patch of actual fixed this issue?
https://bugs.winehq.org/show_bug.cgi?id=33162
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com
--- Comment #9 from Zebediah Figura z.figura12@gmail.com --- (In reply to Alistair Leslie-Hughes from comment #8)
I couldn't produce the issue.
Since the patch was to put the functions on separate pages. Could AJ "winegcc: Set page alignment to 4096 in all cases." patch of actual fixed this issue?
I'd be surprised; that option shouldn't affect alignment within a section.
Rather, I think this bug will vary depending on how the functions end up being compiled—they might be put in separate pages effectively by chance.
https://bugs.winehq.org/show_bug.cgi?id=33162
--- Comment #10 from Anastasius Focht focht@gmx.net --- Hello folks,
--- quote --- I think this bug will vary depending on how the functions end up being compiled—they might be put in separate pages effectively by chance. --- quote ---
Bingo! That's correct.
Regards
https://bugs.winehq.org/show_bug.cgi?id=33162
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=33162
joaopa jeremielapuree@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr
--- Comment #11 from joaopa jeremielapuree@yahoo.fr --- Bug still occurs with wine-5.3.
https://bugs.winehq.org/show_bug.cgi?id=33162
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://ardownload.adobe.com |https://web.archive.org/web |/pub/adobe/reader/win/11.x/ |/20150628191320/http://ardo |11.0.00/pl_PL/AdbeRdr11000_ |wnload.adobe.com/pub/adobe/ |pl_PL.exe |reader/win/11.x/11.0.00/pl_ | |PL/AdbeRdr11000_pl_PL.exe
--- Comment #12 from Anastasius Focht focht@gmx.net --- Hello folks,
--- quote --- Bug still occurs with wine-5.3. --- quote ---
while testing Wine releases is always welcome, it's not sufficient in this case. Any related source code change in mainline Wine needs to be checked as well.
To show how random the results are for reasons outlined in earlier comments, the stats of my Wine 4.x and 5.x release builds:
--- snip --- $ find ~/projects/wine/mainline-install-{4*,5*}-x86_64/lib/wine/ \ -iname ntdll.dll.so -exec nm -A -S {} ; \ | egrep "(NtProtectVirtualMemory|NtCreateSection)" \ | sed 's/.*mainline-install-(.*)-x86_64/lib/wine.*:(.*).*/\1 - \2/ig' \ | sort -V \ | sed '0~2 s/$/\n/g'
4.0 - 7bca2cb0 000003a4 T NtProtectVirtualMemory 4.0 - 7bca3780 00000172 T NtCreateSection
4.1 - 7bca2d60 000003a4 T NtProtectVirtualMemory 4.1 - 7bca3830 00000172 T NtCreateSection
4.2 - 7bca3590 000003a4 T NtProtectVirtualMemory 4.2 - 7bca4060 00000172 T NtCreateSection
4.3 - 7bca7e90 00000172 T NtCreateSection 4.3 - 7bca73a0 000003a4 T NtProtectVirtualMemory
4.4 - 7bca76f0 000003a4 T NtProtectVirtualMemory 4.4 - 7bca81e0 00000172 T NtCreateSection
4.5 - 7bca81f0 00000172 T NtCreateSection 4.5 - 7bca7700 000003a4 T NtProtectVirtualMemory
4.6 - 7bcb5b20 000003a4 T NtProtectVirtualMemory 4.6 - 7bcb65d0 00000172 T NtCreateSection
4.7 - 7bcb7c70 00000172 T NtCreateSection 4.7 - 7bcb71c0 000003a4 T NtProtectVirtualMemory
4.8 - 7bcc0b90 0000035e T NtProtectVirtualMemory 4.8 - 7bcc1590 00000156 T NtCreateSection
4.9 - 7bcc1ca0 00000156 T NtCreateSection 4.9 - 7bcc12a0 0000035e T NtProtectVirtualMemory
4.10 - 7bcc1eb0 00000156 T NtCreateSection 4.10 - 7bcc14b0 0000035e T NtProtectVirtualMemory
4.11 - 7bcc3b30 00000156 T NtCreateSection 4.11 - 7bcc3130 0000035e T NtProtectVirtualMemory
4.12.1 - 7bcc6d50 0000035e T NtProtectVirtualMemory 4.12.1 - 7bcc7750 00000156 T NtCreateSection
4.13 - 7bcc7bb0 00000156 T NtCreateSection 4.13 - 7bcc71b0 0000035e T NtProtectVirtualMemory
4.14 - 7bcc6e40 00000156 T NtCreateSection 4.14 - 7bcc6440 0000035e T NtProtectVirtualMemory
4.15 - 7bcc6730 0000035e T NtProtectVirtualMemory 4.15 - 7bcc7130 00000156 T NtCreateSection
4.16 - 7bcc7790 0000035e T NtProtectVirtualMemory 4.16 - 7bcc8190 00000156 T NtCreateSection
4.17 - 7bcc78c0 0000035e T NtProtectVirtualMemory 4.17 - 7bcc82c0 00000156 T NtCreateSection
4.18 - 7bcc9b30 00000156 T NtCreateSection 4.18 - 7bcc9130 0000035e T NtProtectVirtualMemory
4.19 - 7bccc730 0000035e T NtProtectVirtualMemory 4.19 - 7bccd130 00000156 T NtCreateSection
4.20 - 7bcce520 0000035e T NtProtectVirtualMemory 4.20 - 7bccef20 00000156 T NtCreateSection
4.21 - 7bcd1ee0 00000156 T NtCreateSection 4.21 - 7bcd14e0 0000035e T NtProtectVirtualMemory
5.0 - 7bcd1d20 00000156 T NtCreateSection 5.0 - 7bcd1320 0000035e T NtProtectVirtualMemory
5.1 - 7bcd1c40 00000156 T NtCreateSection 5.1 - 7bcd1240 0000035e T NtProtectVirtualMemory
5.2 - 7bcd0b90 0000035e T NtProtectVirtualMemory 5.2 - 7bcd1930 00000156 T NtCreateSection
5.3 - 7bcd25b0 00000156 T NtCreateSection 5.3 - 7bcd1810 0000035e T NtProtectVirtualMemory --- snip ---
(nm: '-A' = prepend filename, '-S' = output symbol/function size as well)
Taking Wine 5.x releases from above output as example:
* 5.0 = does not work (code in same page) * 5.1 = does not work (code in same page) * 5.2 = "works" (root cause not fixed) * 5.3 = "works" (root cause not fixed)
Regards
https://bugs.winehq.org/show_bug.cgi?id=33162
Jacek Caban jacek@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jacek@codeweavers.com
--- Comment #13 from Jacek Caban jacek@codeweavers.com --- Bug 48407 seems related to this one.
https://bugs.winehq.org/show_bug.cgi?id=33162
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|STAGED |RESOLVED Fixed by SHA1| |e3e477e6a14fbcb153258b47d19 | |05915dc4c1f22 Resolution|--- |FIXED
--- Comment #14 from Zebediah Figura z.figura12@gmail.com --- The application gets farther, showing a license agreement, with wine 5.20. (It seems to crash when hovering over the "Otwórz..." option, possibly due to oleacc?)
This was presumably fixed by https://source.winehq.org/git/wine.git/commitdiff/e3e477e6a14fbcb153258b47d1905915dc4c1f22.
https://bugs.winehq.org/show_bug.cgi?id=33162
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #15 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.21.
-
wine-bugs@winehq.org -
WineHQ Bugzilla