[Bug 27668] New: SecuROM 4.X: SpellForce won't recognize original CD during install/play
http://bugs.winehq.org/show_bug.cgi?id=27668
Summary: SecuROM 4.X: SpellForce won't recognize original CD during install/play Product: Wine Version: 1.3.22 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: frans.kool@gmail.com
Created an attachment (id=35387) --> (http://bugs.winehq.org/attachment.cgi?id=35387) The basic log while running wine on a copied installation of Spellforce
While trying to install Spellforce - the Order of the Dawn v1.01 a window pops up notifying "Incompatible system configuration", followed by "Please insert the original Spellforce CD1 into your CD/DVD-drive.". After this, install immediately aborts and thus leaves the game uninstallable. Copying it from a windows installation and running it generates the same error message. Wine produces this fixme which I think is the cause: fixme:ntdll:server_ioctl_file Unsupported ioctl 2d1400 (device=2d access=0 func=500 method=0)
I ran Protection ID v0.6.4.0 July and it detects SecuROM 4.88.00
This is why I did not add my comment to bug #21448, since that one is clearly about SecuROM 5.x.
I added the log as attachement, please let me know if I can run additional DEBUG logs for more information.
http://bugs.winehq.org/show_bug.cgi?id=27668
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation
http://bugs.winehq.org/show_bug.cgi?id=27668
Wylda wylda@volny.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #35387|application/octet-stream |text/plain mime type| | Attachment #35387|Spellforce.log |Spellforce_log.txt filename| |
http://bugs.winehq.org/show_bug.cgi?id=27668
--- Comment #1 from Frans Kool frans.kool@gmail.com 2011-08-01 15:36:33 CDT --- I don't know if somebody is looking at this, but if I can provide any additional information just let me know.
If I need to put this bug on hold until bug 21448 has made more progress, I understand. Just want to stay available for any requests.
If there is anyone out there who has this same game/version and can confirm this bug, please feel free to do so. Thanks in advance!
http://bugs.winehq.org/show_bug.cgi?id=27668
--- Comment #2 from Austin English austinenglish@gmail.com 2013-11-13 16:50:33 CST --- This is your friendly reminder that there has been no bug activity for 2 years. Is this still an issue in current (1.7.6 or newer) wine? If so, please attach the terminal output in 1.7.6 (see http://wiki.winehq.org/FAQ#get_log).
http://bugs.winehq.org/show_bug.cgi?id=27668
--- Comment #3 from Frans Kool frans.kool@gmail.com 2013-11-16 10:42:30 CST --- Hi Austin,
Thanks for the reminder. In the mean time I had moved and lost the original CDs to the game. Because of you I searched for them, retried using Wine 1.7.4 (with and without dbg symbols). The issue is the same, the installer starts but stops with the message above, which is caused by the copy protection. I have attached the requested debug-log, hopefully this will help whoever has knowledge of the copy-protection scheme. I am willing to provide more traces, run additional tests when needed as I will monitor this thread.
http://bugs.winehq.org/show_bug.cgi?id=27668
--- Comment #4 from Frans Kool frans.kool@gmail.com 2013-11-16 10:43:46 CST --- Created attachment 46548 --> http://bugs.winehq.org/attachment.cgi?id=46548 debug log of installation attempt Spellforce
http://bugs.winehq.org/show_bug.cgi?id=27668
Frans Kool frans.kool@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|1.3.22 |1.7.4
http://bugs.winehq.org/show_bug.cgi?id=27668
hanska2@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hanska2@luukku.com
--- Comment #5 from hanska2@luukku.com --- There has been 20 versions of wine since last time you tried. Maybe you should now?
The debug needs additional channels.
https://bugs.winehq.org/show_bug.cgi?id=27668
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Abandoned?
https://bugs.winehq.org/show_bug.cgi?id=27668
--- Comment #6 from Ken Sharp imwellcushtymelike@gmail.com --- Please retry in Wine 3.9 or later.
https://bugs.winehq.org/show_bug.cgi?id=27668
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=27668
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|SecuROM 4.X: SpellForce |SecuROM 4.x/5.x: SpellForce |won't recognize original CD |won't recognize original CD |during install/play |during install/play | |('IoGetDeviceObjectPointer' | |needs to return real | |device/driver object for | |'\Device\CdRom0') CC| |focht@gmx.net Component|ntdll |ntoskrnl Keywords|Abandoned? | Status|UNCONFIRMED |NEW Ever confirmed|0 |1
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming, still present.
Bought the original media myself for a few bucks.
Content of CD:
--- snip --- $ iso-info -f /dev/cdrom iso-info version 2.0.0 x86_64-redhat-linux-gnu Copyright (c) 2003-2005, 2007-2008, 2011-2015, 2017 R. Bernstein This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. __________________________________ ISO 9660 image: /dev/cdrom Application : JOWOOD Volume : SF_CD1 Joliet Level: 3 __________________________________ ISO-9660 Information 1327104 /Autorun.exe 3638 /Autorun.ico 47 /Autorun.inf 15855 /ReadMe.rtf 2048 /Shfolder 731136000 /SpellForce-Setup.exe 1327104 /Shfolder/1.bin 1327104 /Shfolder/2.bin 726 /Shfolder/ReadMe.Txt 117288 /Shfolder/ShFolder.Exe --- snip ---
ProtectionID scan of installer and temps:
--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> D:\SpellForce-Setup.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 731136000 (02B944000h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT) [TimeStamp] 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT) | PE Header | - | Offset: 0x000000D8 | VA: 0x004000D8 | - [TimeStamp] 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT) | Export | - | Offset: 0x00002D14 | VA: 0x00404714 | - -> File has 731121152 (02B940600h) bytes of appended data starting at offset 03A00h [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000000000001001100000100000100 (0x0004C104) [Entrypoint Section Entropy] : 6.28 (section #0) ".text " | Size : 0x2126 (8486) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 4 (0x4) | ImageSize 0x7000 (28672) byte(s) [Export] 100% of function(s) (2 of 2) are in file | 0 are forwarded | 2 code | 0 data | 0 uninit data | 0 unknown | [VersionInfo] Company Name : JoWooD [VersionInfo] File Description : SpellForce - The Order of Dawn [VersionInfo] File Version : 1.0 [VersionInfo] Legal Copyrights : 2003 [ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll | ADVAPI32.dll [-= Installer =-] Wise Installation Wizard Module ! - Scan Took : 0.809 Second(s) [000000329h (809) tick(s)] [566 of 580 scan(s) done]
...
-=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\users\focht\Temp\CmdLineExt03.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 43520 (0AA00h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT) [TimeStamp] 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT) | PE Header | - | Offset: 0x00000138 | VA: 0x10000138 | - [TimeStamp] 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT) | Export | - | Offset: 0x00001BF0 | VA: 0x100187F0 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123) [Entrypoint Section Entropy] : 6.45 (section #3) ".petite " | Size : 0x1893 (6291) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 5 (0x5) | ImageSize 0x1A000 (106496) byte(s) [Export] 100% of function(s) (4 of 4) are in file | 0 are forwarded | 4 code | 0 data | 0 uninit data | 0 unknown | [ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | ADVAPI32.dll | SHELL32.dll | ole32.dll | OLEAUT32.dll [!] Petite v2.2 compressed ! - Scan Took : 0.283 Second(s) [00000011Bh (283) tick(s)] [246 of 580 scan(s) done]
Scanning -> C:\users\focht\Temp\pfsvgae.sys File Type : 32-Bit Driver (good checksum) (Subsystem : Native / 1), Size : 18944 (04A00h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x3FA25AD8 -> Fri 31st Oct 2003 12:51:36 (GMT) [TimeStamp] 0x3FA25AD8 -> Fri 31st Oct 2003 12:51:36 (GMT) | PE Header | - | Offset: 0x000000C8 | VA: 0x000100C8 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000000000001001100000000000000 (0x0004C000) [Entrypoint Section Entropy] : 6.32 (section #0) ".text " | Size : 0x358E (13710) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 5 (0x5) | ImageSize 0x9000 (36864) byte(s) [ModuleReport] [IAT] Modules -> ntoskrnl.exe | HAL.dll [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.218 Second(s) [0000000DAh (218) tick(s)] [135 of 580 scan(s) done]
Scanning -> C:\users\focht\Temp\SIntf32.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 20020 (04E34h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT) [TimeStamp] 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT) | PE Header | - | Offset: 0x00000120 | VA: 0x30000120 | - [TimeStamp] 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT) | Export | - | Offset: 0x00001B20 | VA: 0x3000B720 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123) [Entrypoint Section Entropy] : 6.42 (section #1) ".petite " | Size : 0x18D5 (6357) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 3 (0x3) | ImageSize 0xD000 (53248) byte(s) [Export] 57% of function(s) (19 of 33) are in file | 0 are forwarded | 20 code | 0 data | 0 uninit data | 0 unknown | [ModuleReport] [IAT] Modules -> KERNEL32.dll | user32.dll [!] SecuROM 5 or lower sintf32.dll module [!] Petite v2.2 compressed ! - Scan Took : 0.226 Second(s) [0000000E2h (226) tick(s)] [246 of 580 scan(s) done]
Scanning -> C:\users\focht\Temp\SIntfNT.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 24740 (060A4h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT) [TimeStamp] 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT) | PE Header | - | Offset: 0x00000108 | VA: 0x20000108 | - [TimeStamp] 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT) | Export | - | Offset: 0x00001B20 | VA: 0x2000D720 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123) [Entrypoint Section Entropy] : 6.44 (section #1) ".petite " | Size : 0x1863 (6243) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 3 (0x3) | ImageSize 0xF000 (61440) byte(s) [Export] 100% of function(s) (17 of 17) are in file | 0 are forwarded | 17 code | 0 data | 0 uninit data | 0 unknown | [ModuleReport] [IAT] Modules -> KERNEL32.dll | user32.dll [!] SecuROM 5 or lower cms32_nt.dll module [!] Petite v2.2 compressed ! - Scan Took : 0.236 Second(s) [0000000ECh (236) tick(s)] [246 of 580 scan(s) done] --- snip ---
Relevant part of trace log:
--- snip --- $ pwd /run/media/focht/SF_CD1
$ WINEDEBUG=+seh,+relay,+ntoskrnl wine ./SpellForce-Setup.exe >> ~/log.txt 2>&1 ... 0032:Call KERNEL32.CreateFileA(0033ce8c "C:\users\focht\Temp\pfsvgae.sys",40000000,00000000,00000000,00000002,00000000,00000000) ret=0047be84 0032:Ret KERNEL32.CreateFileA() retval=00000080 ret=0047be84 0032:Call KERNEL32.WriteFile(00000080,0053e0cc,00004a00,0033ca54,00000000) ret=0047beaf 0032:Ret KERNEL32.WriteFile() retval=00000001 ret=0047beaf 0032:Call KERNEL32.CloseHandle(00000080) ret=0047beb9 0032:Ret KERNEL32.CloseHandle() retval=00000001 ret=0047beb9 ... 0032:Call advapi32.CreateServiceA(001d3ef8,0033d08c "pfsvgae",0033d08c "pfsvgae",000f01ff,00000001,00000003,00000001,0033ce8c "C:\users\focht\Temp\pfsvgae.sys",00000000,00000000,00000000,00000000,00000000) ret=0047d73e ... 0032:Ret advapi32.CreateServiceA() retval=001c4f28 ret=0047d73e 0032:Call advapi32.StartServiceA(001c4f28,00000000,00000000) ret=0047d79e ... 0034:Call KERNEL32.CreateProcessW(00000000,0011c918 L"C:\windows\system32\winedevice.exe",00000000,00000000,00000000,00000400,00450000,00000000,00ccf7ec,00ccf830) ret=7efe4bda ... 0037:Call KERNEL32.__wine_kernel_init() ret=7bc6cfaa 0034:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7efe4bda ... 003c:Call KERNEL32.LoadLibraryW(0011ce10 L"C:\users\focht\Temp\pfsvgae.sys") ret=7effaa36 ... 003c:Ret KERNEL32.LoadLibraryW() retval=00780000 ret=7effaa36 ... 003c:Call driver init 0x781650 (obj=0x11cc58,str=L"\Registry\Machine\System\CurrentControlSet\Services\pfsvgae") 003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f894,0065f89c L"\Registry\Machine\System\CurrentControlSet\Services\pfsvgae") ret=007816a9 003c:Call ntdll.RtlInitUnicodeString(0065f894,0065f89c L"\Registry\Machine\System\CurrentControlSet\Services\pfsvgae") ret=7bc80343 003c:Ret ntdll.RtlInitUnicodeString() retval=0065f894 ret=7bc80343 003c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065f894 ret=007816a9 003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f534,0078608c L"\SystemRoot\System32\Drivers\") ret=00781d09 003c:Call ntdll.RtlInitUnicodeString(0065f534,0078608c L"\SystemRoot\System32\Drivers\") ret=7bc80343 003c:Ret ntdll.RtlInitUnicodeString() retval=0065f534 ret=7bc80343 003c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065f534 ret=00781d09 003c:Call ntoskrnl.exe.ZwOpenKey(0065f4d8,00000000,0065f4f8) ret=00781b90 003c:Call ntdll.NtOpenKey(0065f4d8,00000000,0065f4f8) ret=7bc80343 003c:Ret ntdll.NtOpenKey() retval=00000000 ret=7bc80343 003c:Ret ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=00781b90 003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f4dc,0065f4e4 L"ImagePath") ret=00781bb9 003c:Call ntdll.RtlInitUnicodeString(0065f4dc,0065f4e4 L"ImagePath") ret=7bc80343 003c:Ret ntdll.RtlInitUnicodeString() retval=0065f4dc ret=7bc80343 003c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065f4dc ret=00781bb9 003c:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000000,00000218,206b6444) ret=00781bca 003c:Call ntdll.RtlAllocateHeap(00110000,00000000,00000218) ret=7e988a9a 003c:Ret ntdll.RtlAllocateHeap() retval=00120c00 ret=7e988a9a 003c:trace:ntoskrnl:ExAllocatePoolWithTag 536 pool 0 -> 0x120c00 003c:Ret ntoskrnl.exe.ExAllocatePoolWithTag() retval=00120c00 ret=00781bca 003c:Call ntoskrnl.exe.ZwQueryValueKey(00000044,0065f4dc,00000001,00120c00,00000218,0065f51c) ret=00781bf9 003c:Call ntdll.NtQueryValueKey(00000044,0065f4dc,00000001,00120c00,00000218,0065f51c) ret=7bc80343 003c:Ret ntdll.NtQueryValueKey() retval=c0000022 ret=7bc80343 003c:Ret ntoskrnl.exe.ZwQueryValueKey() retval=c0000022 ret=00781bf9 003c:Call ntoskrnl.exe.ZwClose(00000044) ret=00781cb3 003c:Call ntdll.NtClose(00000044) ret=7bc80343 003c:Ret ntdll.NtClose() retval=00000000 ret=7bc80343 003c:Ret ntoskrnl.exe.ZwClose() retval=00000000 ret=00781cb3 003c:Call ntoskrnl.exe.RtlAppendUnicodeToString(0065f534,0065f578 L"pfsvgae.sys") ret=00781d5a 003c:Call ntdll.RtlAppendUnicodeToString(0065f534,0065f578 L"pfsvgae.sys") ret=7bc80343 003c:Ret ntdll.RtlAppendUnicodeToString() retval=00000000 ret=7bc80343 003c:Ret ntoskrnl.exe.RtlAppendUnicodeToString() retval=00000000 ret=00781d5a 003c:Call ntoskrnl.exe.RtlInitUnicodeString(007862a8,007862b0 L"\SystemRoot\System32\Drivers\pfsvgae.sys") ret=00781a30 003c:Call ntdll.RtlInitUnicodeString(007862a8,007862b0 L"\SystemRoot\System32\Drivers\pfsvgae.sys") ret=7bc80343 003c:Ret ntdll.RtlInitUnicodeString() retval=007862a8 ret=7bc80343 003c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=007862a8 ret=00781a30 003c:Call ntoskrnl.exe.ZwCreateFile(0065f850,80000000,0065f85c,0065f854,00000000,00000080,00000000,00000001,00000004,00000000,00000000) ret=00781e0b 003c:Call ntdll.NtCreateFile(0065f850,80000000,0065f85c,0065f854,00000000,00000080,00000000,00000001,00000004,00000000,00000000) ret=7bc80343 003c:Ret ntdll.NtCreateFile() retval=c000003a ret=7bc80343 003c:Ret ntoskrnl.exe.ZwCreateFile() retval=c000003a ret=00781e0b 003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f7f0,0065f7f8 L"\Device\pfsvgae") ret=00781809 003c:Call ntdll.RtlInitUnicodeString(0065f7f0,0065f7f8 L"\Device\pfsvgae") ret=7bc80343 003c:Ret ntdll.RtlInitUnicodeString() retval=0065f7f0 ret=7bc80343 003c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065f7f0 ret=00781809 003c:Call ntoskrnl.exe.IoCreateDevice(0011cc58,00000040,0065f7f0,00000022,00000000,00000001,0065f7ec) ret=00781829 003c:trace:ntoskrnl:IoCreateDevice (0x11cc58, 64, L"\Device\pfsvgae", 34, 0, 1, 0x65f7ec) 003c:Call ntdll.RtlAllocateHeap(00110000,00000008,000000f8) ret=7e9876cf 003c:Ret ntdll.RtlAllocateHeap() retval=0011ce10 ret=7e9876cf 003c:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=00781829 003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f84c,0065f854 L"\Device\CdRom0") ret=00781439 003c:Call ntdll.RtlInitUnicodeString(0065f84c,0065f854 L"\Device\CdRom0") ret=7bc80343 003c:Ret ntdll.RtlInitUnicodeString() retval=0065f84c ret=7bc80343 003c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065f84c ret=00781439 003c:Call ntoskrnl.exe.IoGetDeviceObjectPointer(0065f84c,00000000,0065f844,0065f848) ret=0078144f 003c:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\Device\CdRom0" 0 0x65f844 0x65f848 003c:Ret ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=0078144f 003c:trace:ntoskrnl:ObDereferenceObject ((nil)): stub 003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f840,0065f854 L"\Device\CdRom0") ret=007814a0 003c:Call ntdll.RtlInitUnicodeString(0065f840,0065f854 L"\Device\CdRom0") ret=7bc80343 003c:Ret ntdll.RtlInitUnicodeString() retval=0065f840 ret=7bc80343 003c:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065f840 ret=007814a0 003c:Call ntoskrnl.exe.IoGetDeviceObjectPointer(0065f840,00000000,0065f83c,0065f838) ret=007814b7 003c:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\Device\CdRom0" 0 0x65f83c 0x65f838 003c:Ret ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=007814b7 003c:Call ntoskrnl.exe.KeInitializeEvent(0065f808,00000000,00000000) ret=00781933 003c:fixme:ntoskrnl:KeInitializeEvent stub: 0x65f808 0 0 003c:Ret ntoskrnl.exe.KeInitializeEvent() retval=00000039 ret=00781933 003c:Call ntoskrnl.exe.IoBuildSynchronousFsdRequest(0000001b,7e9b6600,00000000,00000000,00000000,0065f808,0065f800) ret=00781950 003c:trace:ntoskrnl:IoBuildSynchronousFsdRequest (27 0x7e9b6600 (nil) 0 (nil) 0x65f808 0x65f800) 003c:trace:ntoskrnl:IoAllocateIrp -128, 0 003c:Call ntdll.RtlAllocateHeap(00110000,00000000,00000190) ret=7e988a9a 003c:Ret ntdll.RtlAllocateHeap() retval=00120e20 ret=7e988a9a 003c:trace:ntoskrnl:ExAllocatePoolWithTag 400 pool 0 -> 0x120e20 003c:trace:ntoskrnl:IoInitializeIrp 0x120e20, 400, -128 003c:Ret ntoskrnl.exe.IoBuildSynchronousFsdRequest() retval=00120e20 ret=00781950 003c:trace:ntoskrnl:__regs_IofCallDriver 0x7e9b6600 0x120e20 003c:Call driver dispatch (nil) (device=0x7e9b6600,irp=0x120e20) 003c:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000 tid=003c 003c:trace:seh:raise_exception info[0]=00000000 003c:trace:seh:raise_exception info[1]=00000000 003c:trace:seh:raise_exception eax=00000000 ebx=0065f7c0 ecx=00000000 edx=00662f44 esi=7e9b6600 edi=0078601a 003c:trace:seh:raise_exception ebp=0065f7a8 esp=0065f76c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010216 003c:trace:seh:call_vectored_handlers calling handler at 0x7e984625 code=c0000005 flags=0 003c:trace:seh:call_vectored_handlers handler at 0x7e984625 returned 0 003c:trace:seh:call_stack_handlers calling handler at 0x7bcb2a96 code=c0000005 flags=0 003c:Call KERNEL32.UnhandledExceptionFilter(0065f264) ret=7bcb2ad1 wine: Unhandled page fault on read access to 0x00000000 at address (nil) (thread 003c), starting debugger... ... 0032:Call user32.MessageBoxA(00000000,00561240 "Incompatible system configuration.",00497bd8 "SpellForce - The Order of Dawn",00010010) ret=004823ac --- snip ---
Disassembly:
--- snip --- 00781920 83EC 18 SUB ESP,18 00781923 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8] 00781927 56 PUSH ESI 00781928 6A 00 PUSH 0 0078192A 6A 00 PUSH 0 0078192C 50 PUSH EAX 0078192D FF15 48507800 CALL DWORD PTR DS:[<&ntoskrnl.KeInitializeEvent>] 00781933 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4] 00781937 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C] 0078193B 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+20] 0078193F 51 PUSH ECX 00781940 52 PUSH EDX 00781941 6A 00 PUSH 0 00781943 6A 00 PUSH 0 00781945 6A 00 PUSH 0 00781947 56 PUSH ESI 00781948 6A 1B PUSH 1B 0078194A FF15 44507800 CALL DWORD PTR DS:[<&ntoskrnl.IoBuildSynchronousFsdRequest>] ; 00781950 85C0 TEST EAX,EAX 00781952 75 0C JNZ SHORT pfsvgae.00781960 00781954 B8 9A0000C0 MOV EAX,C000009A 00781959 5E POP ESI 0078195A 83C4 18 ADD ESP,18 0078195D C2 0800 RETN 8 00781960 8B48 60 MOV ECX,DWORD PTR DS:[EAX+60] 00781963 C641 DD 07 MOV BYTE PTR DS:[ECX-23],7 00781967 83E9 24 SUB ECX,24 0078196A 8BD0 MOV EDX,EAX 0078196C C741 04 04000000 MOV DWORD PTR DS:[ECX+4],4 00781973 8BCE MOV ECX,ESI 00781975 C740 18 BB0000C0 MOV DWORD PTR DS:[EAX+18],C00000BB 0078197C FF15 40507800 CALL DWORD PTR DS:[<&ntoskrnl.IofCallDriver>] 00781982 8BF0 MOV ESI,EAX 00781984 81FE 03010000 CMP ESI,103 0078198A 75 17 JNZ SHORT pfsvgae.007819A3 ... --- snip ---
Currently 'IoGetDeviceObjectPointer()' returns a stub device and driver. The driver fields (dispatch table) are empty, hence the crash.
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl...
--- snip --- 1211 NTSTATUS WINAPI IoGetDeviceObjectPointer( UNICODE_STRING *name, ACCESS_MASK access, PFILE_OBJECT *file, PDEVICE_OBJECT *device ) 1212 { 1213 static DEVICE_OBJECT stub_device; 1214 static DRIVER_OBJECT stub_driver; 1215 1216 FIXME( "stub: %s %x %p %p\n", debugstr_us(name), access, file, device ); 1217 1218 stub_device.StackSize = 0x80; /* minimum value to appease SecuROM 5.x */ 1219 stub_device.DriverObject = &stub_driver; 1220 1221 *file = NULL; 1222 *device = &stub_device; 1223 1224 return STATUS_SUCCESS; 1225 } --- snip ---
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl...
--- snip --- 1317 NTSTATUS WINAPI IoCallDriver( DEVICE_OBJECT *device, IRP *irp ) 1318 { 1319 PDRIVER_DISPATCH dispatch; 1320 IO_STACK_LOCATION *irpsp; 1321 NTSTATUS status; 1322 1323 --irp->CurrentLocation; 1324 irpsp = --irp->Tail.Overlay.s.u2.CurrentStackLocation; 1325 dispatch = device->DriverObject->MajorFunction[irpsp->MajorFunction]; 1326 1327 TRACE_(relay)( "\1Call driver dispatch %p (device=%p,irp=%p)\n", dispatch, device, irp ); 1328 1329 status = dispatch( device, irp ); 1330 1331 TRACE_(relay)( "\1Ret driver dispatch %p (device=%p,irp=%p) retval=%08x\n", 1332 dispatch, device, irp, status ); 1333 1334 return status; 1335 } --- snip ---
On could argue there should be a NULL ptr check before calling the dispatch function. In a real driver setup this wouldn't be necessary though.
Anway, a real device/driver instance has to be returned for '\Device\CdRom0' because the driver issues ioctls via 'IoBuildSynchronousFsdRequest()' + 'IoCallDriver()' and expects them to succeed (return data).
$ wine --version wine-3.9-149-ge3648c7a61
Regards
https://bugs.winehq.org/show_bug.cgi?id=27668
pattietreutel katyaberezyaka@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |katyaberezyaka@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=27668
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de
https://bugs.winehq.org/show_bug.cgi?id=27668
joaopa jeremielapuree@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr
--- Comment #8 from joaopa jeremielapuree@yahoo.fr --- Does the bug still occur with wine-9.0?
-
wine-bugs@winehq.org -
WineHQ Bugzilla