http://bugs.winehq.org/show_bug.cgi?id=21061
Summary: Superantispyware crashes when preferences button clicked. Product: Wine Version: 1.1.34 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: bugzilla@technicalbloke.com
Created an attachment (id=25258) --> (http://bugs.winehq.org/attachment.cgi?id=25258) The error messages that appear in the shell
This software stops working and triggers it's own error reporting mechanism whenever I click the 'preferences' button in it's main dialog.
Software is available to download here... http://www.superantispyware.com/onlinescan.html
I have also uploaded a copy to my server to aid with debugging if that one isn't available or changes or whatever...
http://www.technicalbloke.com/sas_ols.exe
http://bugs.winehq.org/show_bug.cgi?id=21061
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=21061
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #1 from Anastasius Focht focht@gmx.net 2009-12-20 07:19:05 --- Hello,
the first crash in "saskutil.sys" helper kernel driver is something Wine can't fix in near future. The driver assumes there is a valid service descriptor table (SDT) that points to a valid system service dispatch table (SSDT). The mapped ntdll is used to get SSDT service number index of hooked Zw functions by searching entry of the function in ntdll export table. One could setup a "fake" SSDT that is seen by driver only (by design) - just to keep it happy but more serious action might not work out.
If the crash annoys you, remove the service key in registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SASKUTIL
Service start type = disable/manual won't work as the app wants to start it.
---
The second (application) crash is due to Wine OLE compound storage insufficiency (processing of "SASREPAIRS.STG"). AFAIK this part of ole32 is currently heavily worked on so your chances might not be bad at all to get a fix in a decent timeframe. Work around by using native ole32.dll and set override "native-then-builtin".
There exist some tools for OLE compound files that might help to track Wine insufficiencies/bugs down. Example: http://www.coco.co.uk/developers/CFX.html (CFX - The Compound File Explorer). You might find it useful for exploring/manipulating the contents of OLE compound files and for verifying if Wine's implementation actually works ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=21061
--- Comment #2 from Vitaliy Margolen vitaliy@kievinfo.com 2009-12-20 12:44:16 --- *** Bug 21062 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=21061
--- Comment #3 from bugzilla@technicalbloke.com 2009-12-20 14:38:19 --- Great, thanks for responding so quickly. I will try your suggestions and report back soon :)
Roger.
http://bugs.winehq.org/show_bug.cgi?id=21061
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |http://www.technicalbloke.c | |om/sas_ols.exe Severity|normal |enhancement
--- Comment #4 from Andrew Nguyen arethusa26@gmail.com 2010-05-21 20:16:57 --- I think I'll designate this bug for the saskutil.sys driver crash. I'll discuss the ole32 storage problem in a new bug report.
http://bugs.winehq.org/show_bug.cgi?id=21061
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Superantispyware crashes |SUPERAntiSpyware |when preferences button |saskutil.sys kernel driver |clicked. |crashes on load
http://bugs.winehq.org/show_bug.cgi?id=21061
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.technicalbloke.c |http://www.superantispyware |om/sas_ols.exe |.com/download.html
--- Comment #5 from Austin English austinenglish@gmail.com 2012-08-28 18:28:50 CDT --- Still in wine-1.5.11-188-g77632f0
http://bugs.winehq.org/show_bug.cgi?id=21061
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |31572
http://bugs.winehq.org/show_bug.cgi?id=21061
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Status|UNCONFIRMED |NEW Component|-unknown |ntoskrnl Summary|SUPERAntiSpyware |SUPERAntiSpyware |saskutil.sys kernel driver |'saskutil.sys' kernel |crashes on load |driver crashes on load | |(expects valid SDT/SST | |pointing to valid SSDT) Ever confirmed|0 |1 Severity|enhancement |normal
--- Comment #6 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, refining info.
--- snip --- 003474F0 PUSH EBP 003474F1 MOV EBP,ESP 003474F3 MOV EAX,DWORD PTR DS:[<&ntoskrnl.ZwOpenKey>] 003474F8 MOV ECX,DWORD PTR DS:[EAX+1] 003474FB MOV EDX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 00347501 MOV EAX,DWORD PTR DS:[EDX] 00347503 MOV ECX,DWORD PTR DS:[EAX+ECX*4] 00347506 MOV DWORD PTR DS:[34F57C],ECX 0034750C MOV EDX,DWORD PTR DS:[<&ntoskrnl.ZwCreateKey>] 00347512 MOV EAX,DWORD PTR DS:[EDX+1] 00347515 MOV ECX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 0034751B MOV EDX,DWORD PTR DS:[ECX] 0034751D MOV EAX,DWORD PTR DS:[EDX+EAX*4] 00347520 MOV DWORD PTR DS:[34F580],EAX 00347525 MOV ECX,DWORD PTR DS:[<&ntoskrnl.ZwDeleteKey>] 0034752B MOV EDX,DWORD PTR DS:[ECX+1] 0034752E MOV EAX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 00347533 MOV ECX,DWORD PTR DS:[EAX] 00347535 MOV EDX,DWORD PTR DS:[ECX+EDX*4] 00347538 MOV DWORD PTR DS:[34F59C],EDX 0034753E MOV EAX,DWORD PTR DS:[<&ntoskrnl.ZwQueryKey>] 00347543 MOV ECX,DWORD PTR DS:[EAX+1] 00347546 MOV EDX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 0034754C MOV EAX,DWORD PTR DS:[EDX] 0034754E MOV ECX,DWORD PTR DS:[EAX+ECX*4] 00347551 MOV DWORD PTR DS:[34F588],ECX 00347557 MOV EDX,DWORD PTR DS:[<&ntoskrnl.ZwEnumerateKey>] 0034755D MOV EAX,DWORD PTR DS:[EDX+1] 00347560 MOV ECX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 00347566 MOV EDX,DWORD PTR DS:[ECX] 00347568 MOV EAX,DWORD PTR DS:[EDX+EAX*4] 0034756B MOV DWORD PTR DS:[34F58C],EAX 00347570 MOV ECX,DWORD PTR DS:[<&ntoskrnl.ZwEnumerateValueKey>] 00347576 MOV EDX,DWORD PTR DS:[ECX+1] 00347579 MOV EAX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 0034757E MOV ECX,DWORD PTR DS:[EAX] 00347580 MOV EDX,DWORD PTR DS:[ECX+EDX*4] 00347583 MOV DWORD PTR DS:[34F590],EDX 00347589 MOV EAX,DWORD PTR DS:[<&ntoskrnl.ZwQueryValueKey>] 0034758E MOV ECX,DWORD PTR DS:[EAX+1] 00347591 MOV EDX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 00347597 MOV EAX,DWORD PTR DS:[EDX] 00347599 MOV ECX,DWORD PTR DS:[EAX+ECX*4] 0034759C MOV DWORD PTR DS:[34F594],ECX 003475A2 MOV EDX,DWORD PTR DS:[<&ntoskrnl.ZwSetValueKey>] 003475A8 MOV EAX,DWORD PTR DS:[EDX+1] 003475AB MOV ECX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 003475B1 MOV EDX,DWORD PTR DS:[ECX] 003475B3 MOV EAX,DWORD PTR DS:[EDX+EAX*4] 003475B6 MOV DWORD PTR DS:[34F598],EAX 003475BB MOV ECX,DWORD PTR DS:[<&ntoskrnl.ZwDeleteValueKey>] 003475C1 MOV EDX,DWORD PTR DS:[ECX+1] 003475C4 MOV EAX,DWORD PTR DS:[<&ntoskrnl.KeServiceDescriptorTable>] 003475C9 MOV ECX,DWORD PTR DS:[EAX] 003475CB MOV EDX,DWORD PTR DS:[ECX+EDX*4] 003475CE MOV DWORD PTR DS:[34F584],EDX 003475D4 XOR EAX,EAX 003475D6 POP EBP 003475D7 RETN --- snip ---
IMHO outside of Wine's scope, requires redesign/concept of shared "kernel" address space (to allow global SSDT hooking).
$ sha1sum SUPERAntiSpyware.exe 4c252fa69448d282d4a1ffc37b4bcfba1c401e3a SUPERAntiSpyware.exe
$ du -sh SUPERAntiSpyware.exe 18M SUPERAntiSpyware.exe
$ wine --version wine-1.7.23-33-gc654b7b
Regards
https://bugs.winehq.org/show_bug.cgi?id=21061
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.superantispyware |https://web.archive.org/web |.com/download.html |/20121010054136if_/http://c | |dn.superantispyware.com/SUP | |ERAntiSpyware.exe
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
https://web.archive.org/web/*/http://cdn.superantispyware.com/SUPERAntiSpywa...
Saved 92 times between February 9, 2012 and April 29, 2020.
---
SUPERAntiSpyware v6.0.1130 sha1sum: 92dc6237cfe80b6ceb1d9e791a3d474c86010d84
https://web.archive.org/web/20140814170116if_/http://cdn.superantispyware.co...
---
SUPERAntiSpyware v5.6.0.1010 sha1sum: 8a8228a8da313da901a385c513abec0e1c1e243e
https://web.archive.org/web/20121010054136if_/http://cdn.superantispyware.co...
---
NOTE:
I've tested with 32-bit drivers to match with the original bug report. Currently this setup is broken on Wine 5.7-git (since https://source.winehq.org/git/wine.git/commitdiff/dedd5ccc88547529ffb1101045...).
I've created bug 49093 ("Relocation of 32-bit PE builtin 'ntoskrnl.exe' causes kernel driver load failures (imports fixup recursion in load_driver_module)") to track this.
$ wine --version wine-5.7-170-gd1f858e03d
Regards
https://bugs.winehq.org/show_bug.cgi?id=21061
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
A recent commit related to service tables: https://source.winehq.org/git/wine.git/commitdiff/e79fa1866c5d5d71111bf0074b... ("winebuild: Add support for multiple syscall descriptor tables."). It's for the ntdll unix side (ntdll.so).
ntoskrnl' 'KeServiceDescriptorTable' is not wired up yet.
https://source.winehq.org/git/wine.git/blob/35180d368a94156cb77b09560b24d3af...
--- snip --- 0094:err:plugplay:load_function_driver AddDevice failed for driver L"SASDIFSV", status 0xc0000002. wine: Unhandled page fault on read access to E4441094 at address 00E97503 (thread 00a8), starting debugger... --- snip ---
--- snip --- 00E974F0 | push ebp | 00E974F1 | mov ebp,esp | 00E974F3 | mov eax,dword ptr ds:[&_NtOpenKey@12] | 00E974F8 | mov ecx,dword ptr ds:[eax+1] | 00E974FB | mov edx,dword ptr ds:[<&_KeServiceDescriptorTable>] | 00E97501 | mov eax,dword ptr ds:[edx] | 00E97503 | mov ecx,dword ptr ds:[eax+ecx*4] | *boom* 00E97506 | mov dword ptr ds:[E9F57C],ecx | 00E9750C | mov edx,dword ptr ds:[&_NtCreateKey@28] | 00E97512 | mov eax,dword ptr ds:[edx+1] | 00E97515 | mov ecx,dword ptr ds:[<&_KeServiceDescriptorTable>] | 00E9751B | mov edx,dword ptr ds:[ecx] | 00E9751D | mov eax,dword ptr ds:[edx+eax*4] | ... --- snip ---
$ wine --version wine-6.9-169-g35180d368a9
Regards
https://bugs.winehq.org/show_bug.cgi?id=21061
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks|31572 |
-
wine-bugs@winehq.org -
WineHQ Bugzilla