[Bug 44656] New: Multiple applications need ntdll.NtSuspendProcess and ntdll.NtResumeProcess implementation (Oracle Data Visualization Desktop, cbwin)
https://bugs.winehq.org/show_bug.cgi?id=44656
Bug ID: 44656 Summary: Multiple applications need ntdll.NtSuspendProcess and ntdll.NtResumeProcess implementation (Oracle Data Visualization Desktop, cbwin) Product: Wine Version: 3.3 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
to track Wine-Staging patchset:
https://github.com/wine-staging/wine-staging/tree/master/patches/ntdll-NtSus...
Essentially a continuation of bug 40989 which added 'ntdll.NtSuspendProcess and 'ntdll.ResumeProcess' stubs. The original app/game is no longer available - at least not for free.
Searching for apps using this native API I found a hint here:
https://forum.winehq.org/viewtopic.php?f=9&t=28415
--- snip --- "Data\ Visualization\ Desktop\dvdesktop.exe" ... fixme:ntdll:NtSuspendProcess stub: 0x8c [0128/175611:ERROR:scoped_process_suspend.cc(29)] NtSuspendProcess, ntstatus=-1073741822 ... fixme:ntdll:NtQuerySystemInformation (0x00000040,0xb50030,0x00200000,0x84e6e8) stub [0128/175611:ERROR:process_info.cc(372)] NtQuerySystemInformation SystemExtendedHandleInformation: <failed to retrieve error message (0x13d)> (0xc0000003) fixme:ntdll:NtResumeProcess stub: 0x8c [0128/175611:ERROR:scoped_process_suspend.cc(38)] NtResumeProcess, ntstatus=-1073741822 --- snip ---
This is probably 'Oracle Data Visualization Desktop':
http://www.oracle.com/technetwork/middleware/oracle-data-visualization/downl...
http://download.oracle.com/otn/nt/middleware/12c/1224/Oracle_Data_Visualizat...
Another candidate: 'cbwin' (Launch Windows programs from "Bash on Ubuntu on Windows" (WSL)) which also makes use of this native API.
https://github.com/xilun/cbwin
https://github.com/xilun/cbwin/releases/download/v0.13/cbwin-bin-0.13.zip
There are likely more apps to find and play/test with. This was just a quick search-n-grab.
Will check them later in details how to reproduce/validate.
$ sha1sum cbwin-bin-0.13.zip 63842e94abe4fcb8b331ee7419e671c4731ddf21 cbwin-bin-0.13.zip
$ du -sh cbwin-bin-0.13.zip 108K cbwin-bin-0.13.zip
$ sha1sum Oracle_Data_Visualization_Desktop_Windows_V4.1.1_12_2_4_1_1.zip d76367cf62d1245a55173809cde5032597ec0e96b Oracle_Data_Visualization_Desktop_Windows_V4.1.1_12_2_4_1_1.zip
$ du -sh Oracle_Data_Visualization_Desktop_Windows_V4.1.1_12_2_4_1_1.zip 467M Oracle_Data_Visualization_Desktop_Windows_V4.1.1_12_2_4_1_1.zip
$ wine --version wine-3.3
Regards
https://bugs.winehq.org/show_bug.cgi?id=44656
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Status|NEW |STAGED Staged patchset| |https://github.com/wine-sta | |ging/wine-staging/tree/mast | |er/patches/ntdll-NtSuspendP | |rocess URL| |https://github.com/xilun/cb | |win/releases/download/v0.13 | |/cbwin-bin-0.13.zip
https://bugs.winehq.org/show_bug.cgi?id=44656
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Multiple applications need |Multiple applications need |ntdll.NtSuspendProcess and |ntdll.NtSuspendProcess and |ntdll.NtResumeProcess |ntdll.NtResumeProcess |implementation (Oracle Data |implementation |Visualization Desktop, |(Crashpad/Chromium/CEF, |cbwin) |Oracle Data Visualization | |Desktop, cbwin) Keywords| |source
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
found another important usage of this native API:
Crashpad used in Chromium/CEF projects which in turn is used by many popular app (Steam, ...)
https://bitbucket.org/chromiumembedded/cef/issues/1995/migrate-from-breakpad...
Example with 'steamwebhelper.exe' process crashing:
--- snip --- ... 00c9:trace:seh:raise_exception code=c0000005 flags=0 addr=0x18208dc ip=018208dc tid=00c9 00c9:trace:seh:raise_exception info[0]=00000000 00c9:trace:seh:raise_exception info[1]=0000002c 00c9:trace:seh:raise_exception eax=00000000 ebx=0000000c ecx=00000008 edx=00000000 esi=00000008 edi=00000008 00c9:trace:seh:raise_exception ebp=0033b7fc esp=0033b7f8 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210246 00c9:trace:seh:call_stack_handlers calling handler at 0x650a58 code=c0000005 flags=0 00c9:trace:seh:call_stack_handlers handler at 0x650a58 returned 1 00c9:trace:seh:call_stack_handlers calling handler at 0x650c98 code=c0000005 flags=0 ... 0091:fixme:ntdll:NtSuspendProcess stub: 0xf0 [0402/195414.122:ERROR:scoped_process_suspend.cc(31)] NtSuspendProcess: <failed to retrieve error message (0x13d)> (0xc0000002) ... --- snip ---
Code:
--- snip --- ... 036C42E9 PUSH ESI 036C42EA MOV ESI,libcef.04B71114 036C42EF PUSH ESI 036C42F0 CALL libcef.033EF85F 036C42F5 CMP DWORD PTR DS:[4B71114],-1 036C42FC POP ECX 036C42FD JNZ SHORT libcef.036C42DD 036C42FF PUSH 1 036C4301 PUSH libcef.0461197C ; ASCII "::NtResumeProcess" 036C4306 PUSH libcef.048759CC ; UNICODE "ntdll.dll" 036C430B CALL libcef.02B21EEF 036C4310 PUSH ESI 036C4311 MOV DWORD PTR DS:[4B71110],EAX 036C4316 CALL libcef.033EF820 036C431B ADD ESP,10 036C431E JMP SHORT libcef.036C42DD 036C4320 PUSH EBP 036C4321 MOV EBP,ESP 036C4323 MOV EAX,DWORD PTR FS:[2C] 036C4329 MOV ECX,DWORD PTR DS:[4B6E5A4] 036C432F MOV ECX,DWORD PTR DS:[EAX+ECX*4] 036C4332 MOV EAX,DWORD PTR DS:[4B7110C] 036C4337 CMP EAX,DWORD PTR DS:[ECX+18] 036C433D JLE SHORT libcef.036C4342 036C433F JMP SHORT libcef.036C434D 036C4341 POP ESI 036C4342 PUSH DWORD PTR SS:[EBP+8] 036C4345 CALL DWORD PTR DS:[4B71108] ; ntdll.NtSuspendProcess 036C434B POP EBP 036C434C RETN ... 036C434D PUSH ESI 036C434E MOV ESI,libcef.04B7110C 036C4353 PUSH ESI 036C4354 CALL libcef.033EF85F 036C4359 CMP DWORD PTR DS:[4B7110C],-1 036C4360 POP ECX 036C4361 JNZ SHORT libcef.036C4341 036C4363 PUSH 1 036C4365 PUSH libcef.04611968 ; ASCII "::NtSuspendProcess" 036C436A PUSH libcef.048759CC ; UNICODE "ntdll.dll" 036C436F CALL libcef.02B21EEF 036C4374 PUSH ESI 036C4375 MOV DWORD PTR DS:[4B71108],EAX 036C437A CALL libcef.033EF820 036C437F ADD ESP,10 036C4382 JMP SHORT libcef.036C4341 036C4384 PUSH EBP 036C4385 MOV EBP,ESP 036C4387 MOV EAX,DWORD PTR FS:[2C] 036C438D MOV ECX,DWORD PTR DS:[4B6E5A4] 036C4393 MOV ECX,DWORD PTR DS:[EAX+ECX*4] 036C4396 MOV EAX,DWORD PTR DS:[4B7111C] 036C439B CMP EAX,DWORD PTR DS:[ECX+18] 036C43A1 JLE SHORT libcef.036C43A6 036C43A3 JMP SHORT libcef.036C43B7 036C43A5 POP ESI 036C43A6 PUSH DWORD PTR SS:[EBP+10] 036C43A9 PUSH DWORD PTR SS:[EBP+C] 036C43AC PUSH DWORD PTR SS:[EBP+8] 036C43AF CALL DWORD PTR DS:[4B71118] 036C43B5 POP EBP 036C43B6 RETN 036C43B7 PUSH ESI 036C43B8 MOV ESI,libcef.04B7111C 036C43BD PUSH ESI 036C43BE CALL libcef.033EF85F 036C43C3 CMP DWORD PTR DS:[4B7111C],-1 036C43CA POP ECX 036C43CB JNZ SHORT libcef.036C43A5 036C43CD PUSH 1 036C43CF PUSH libcef.04611990 ; ASCII "::RtlGetUnloadEventTraceEx" 036C43D4 PUSH libcef.048759CC ; UNICODE "ntdll.dll" 036C43D9 CALL libcef.02B21EEF 036C43DE PUSH ESI 036C43DF MOV DWORD PTR DS:[4B71118],EAX ... --- snip ---
Disassembly highlights another problem/crash reason, I will create a separate bug report for.
Source:
https://github.com/electron/crashpad/blob/HEAD/util/win/scoped_process_suspe...
$ wine --version wine-3.5
Regards
https://bugs.winehq.org/show_bug.cgi?id=44656
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=44897
https://bugs.winehq.org/show_bug.cgi?id=44656
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=44656
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|STAGED |RESOLVED Fixed by SHA1| |19bf03ed4b48b398236c8a99839 | |4089c93b50891 Resolution|--- |FIXED
--- Comment #2 from Nikolay Sivov bunglehead@gmail.com --- Marking fixed, 19bf03ed4b48b398236c8a998394089c93b50891.
https://bugs.winehq.org/show_bug.cgi?id=44656
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.7.
https://bugs.winehq.org/show_bug.cgi?id=44656
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://github.com/xilun/cb |https://web.archive.org/web |win/releases/download/v0.13 |/20201129125655/https://git |/cbwin-bin-0.13.zip |hub.com/xilun/cbwin/release | |s/download/v0.13/cbwin-bin- | |0.13.zip
-
wine-bugs@winehq.org -
WineHQ Bugzilla