[Bug 47097] New: The Superlatives: Shattered Worlds Demo (from Steam) crashes inside RegisterDeviceNotificationW
https://bugs.winehq.org/show_bug.cgi?id=47097
Bug ID: 47097 Summary: The Superlatives: Shattered Worlds Demo (from Steam) crashes inside RegisterDeviceNotificationW Product: Wine Version: 4.7 Hardware: x86 URL: https://store.steampowered.com/app/1050210/The_Superla tives_Shattered_Worlds/ OS: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: user32 Assignee: wine-bugs@winehq.org Reporter: xerox.xerox2000x@gmail.com Distribution: Debian
Created attachment 64295 --> https://bugs.winehq.org/attachment.cgi?id=64295 crash log
As the title says, demo is free to download. Yet another one, adding DECLSPEC_HOTPATCH (see below) works around the bug. I`ll send a patch.
diff --git a/dlls/user32/misc.c b/dlls/user32/misc.c index d28cd9fd05..bd4795a346 100644 --- a/dlls/user32/misc.c +++ b/dlls/user32/misc.c @@ -363,7 +363,7 @@ DWORD WINAPI RegisterTasklist (DWORD x) * * See RegisterDeviceNotificationW. */ -HDEVNOTIFY WINAPI RegisterDeviceNotificationA(HANDLE hnd, LPVOID notifyfilter, DWORD flags) +HDEVNOTIFY WINAPI DECLSPEC_HOTPATCH RegisterDeviceNotificationA(HANDLE hnd, LPVOID notifyfilter, DWORD flags) { FIXME("(hwnd=%p, filter=%p,flags=0x%08x) returns a fake device notification handle!\n", hnd,notifyfilter,flags ); @@ -393,7 +393,7 @@ HDEVNOTIFY WINAPI RegisterDeviceNotificationA(HANDLE hnd, LPVOID notifyfilter, D *| DEVICE_NOTIFY_WINDOW_HANDLE - hRecipient is a window handle *| DEVICE_NOTIFY_SERVICE_HANDLE - hRecipient is a service status handle */ -HDEVNOTIFY WINAPI RegisterDeviceNotificationW(HANDLE hRecipient, LPVOID pNotificationFilter, DWORD dwFlags) +HDEVNOTIFY WINAPI DECLSPEC_HOTPATCH RegisterDeviceNotificationW(HANDLE hRecipient, LPVOID pNotificationFilter, DWORD dwFlags) { FIXME("(hwnd=%p, filter=%p,flags=0x%08x) returns a fake device notification handle!\n", hRecipient,pNotificationFilter,dwFlags );
https://bugs.winehq.org/show_bug.cgi?id=47097
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ahyattdev@icloud.com
--- Comment #1 from Louis Lenders xerox.xerox2000x@gmail.com --- *** Bug 46795 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=47097
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|The Superlatives: Shattered |Multiple Steam games crash |Worlds Demo (from Steam) |on startup (Steam Game |crashes inside |Overlay Renderer hook |RegisterDeviceNotificationW |engine needs | |DECLSPEC_HOTPATCH for | |user32.RegisterDeviceNotifi | |cationA/W)(Counter-Strike, | |Black Mesa, The | |Superlatives: Shattered | |Worlds) CC| |focht@gmx.net
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello Louis,
refining the summary to be more generic for dupe collection purpose. Just to avoid that end users complain: "but it only mentions a single game X, not game Y".
Regards
https://bugs.winehq.org/show_bug.cgi?id=47097
alasky@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alasky@codeweavers.com
https://bugs.winehq.org/show_bug.cgi?id=47097
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com
--- Comment #3 from Zebediah Figura z.figura12@gmail.com --- Is this still necessary after https://source.winehq.org/git/wine.git/commitdiff/8f732c66ab37b54c30d63c74f7822ba1d4f04996 and https://source.winehq.org/git/wine.git/commitdiff/8039941c52758113955d376bd7b6b6e1e5b5f76c?
https://bugs.winehq.org/show_bug.cgi?id=47097
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Component|user32 |build-env Status|NEW |RESOLVED Summary|Multiple Steam games crash |Multiple Steam games crash |on startup (Steam Game |on startup (Steam Game |Overlay Renderer hook |Overlay Renderer hook |engine needs |engine engine can't cope |DECLSPEC_HOTPATCH for |with GOT/ PIC register load |user32.RegisterDeviceNotifi |code)(Counter-Strike, Black |cationA/W)(Counter-Strike, |Mesa, The Superlatives: |Black Mesa, The |Shattered Worlds) |Superlatives: Shattered | |Worlds) | Fixed by SHA1| |8f732c66ab37b54c30d63c74f78 | |22ba1d4f04996
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
technically all the DECLSPEC_HOTPATCH bug reports/patches related to crashes with Steam Game Overlay Renderer are not needed anymore. Like other hook engines, it can cope with various opcode sequences in prologue code as well, except GOT/PIC register load sequence which is gone now.
* https://source.winehq.org/git/wine.git/commitdiff/8f732c66ab37b54c30d63c74f7... ("makefiles: Build with -fno-PIC on i386.")
* https://source.winehq.org/git/wine.git/commitdiff/8039941c52758113955d376bd7... ("makefiles: Also pass -fPIC flag when linking.")
Thanks Zebediah and Alexandre.
Explanation:
wine-4.7 release ('-fPIC' default for i386):
--- snip --- $ objdump -d /home/focht/projects/wine/mainline-install-4.7-x86_64/lib/wine/user32.dll.so | awk -F"\n" -v RS="\n\n" '$1 ~ /RegisterDeviceNotificationW/'
00088060 <RegisterDeviceNotificationW>: 88060: e8 dc 29 fa ff call 2aa41 <__x86.get_pc_thunk.ax> 88065: 05 9b bf 08 00 add $0x8bf9b,%eax 8806a: 8d 4c 24 04 lea 0x4(%esp),%ecx 8806e: 83 e4 f0 and $0xfffffff0,%esp 88071: ff 71 fc pushl -0x4(%ecx) 88074: 55 push %ebp 88075: 89 e5 mov %esp,%ebp 88077: 53 push %ebx 88078: 51 push %ecx 88079: 8b 11 mov (%ecx),%edx 8807b: 8b 59 04 mov 0x4(%ecx),%ebx 8807e: 8b 49 08 mov 0x8(%ecx),%ecx 88081: f6 80 78 b7 0e 00 01 testb $0x1,0xeb778(%eax) 88088: 75 16 jne 880a0 <RegisterDeviceNotificationW+0x40> 8808a: 8d 65 f8 lea -0x8(%ebp),%esp 8808d: b8 fe af fe ca mov $0xcafeaffe,%eax 88092: 59 pop %ecx 88093: 5b pop %ebx 88094: 5d pop %ebp 88095: 8d 61 fc lea -0x4(%ecx),%esp 88098: c2 0c 00 ret $0xc 8809b: 90 nop 8809c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi 880a0: 83 ec 04 sub $0x4,%esp 880a3: 51 push %ecx 880a4: 53 push %ebx 880a5: 52 push %edx 880a6: 8d 90 9c e5 fb ff lea -0x41a64(%eax),%edx 880ac: 52 push %edx 880ad: 8d 90 c8 e8 fb ff lea -0x41738(%eax),%edx 880b3: 8d 80 78 b7 0e 00 lea 0xeb778(%eax),%eax 880b9: 52 push %edx 880ba: 50 push %eax 880bb: 6a 00 push $0x0 880bd: e8 ee f4 ff ff call 875b0 <wine_dbg_log.constprop.3> 880c2: 83 c4 20 add $0x20,%esp 880c5: eb c3 jmp 8808a <RegisterDeviceNotificationW+0x2a> --- snip ---
Current Git -> wine-4.7-66-g8039941c52 ('-fno-PIC' default for i386):
--- snip --- $ objdump -d /home/focht/projects/wine/mainline-install-x86_64/lib/wine/user32.dll.so | awk -F"\n" -v RS="\n\n" '$1 ~ /RegisterDeviceNotificationW/'
00096130 <RegisterDeviceNotificationW>: 96130: 8d 4c 24 04 lea 0x4(%esp),%ecx 96134: 83 e4 f0 and $0xfffffff0,%esp 96137: ff 71 fc pushl -0x4(%ecx) 9613a: 55 push %ebp 9613b: 89 e5 mov %esp,%ebp 9613d: 51 push %ecx 9613e: 83 ec 04 sub $0x4,%esp 96141: 8b 01 mov (%ecx),%eax 96143: 8b 51 04 mov 0x4(%ecx),%edx 96146: 8b 49 08 mov 0x8(%ecx),%ecx 96149: f6 05 68 87 20 00 01 testb $0x1,0x208768 96150: 75 16 jne 96168 <RegisterDeviceNotificationW+0x38> 96152: 8b 4d fc mov -0x4(%ebp),%ecx 96155: b8 fe af fe ca mov $0xcafeaffe,%eax 9615a: c9 leave 9615b: 8d 61 fc lea -0x4(%ecx),%esp 9615e: c2 0c 00 ret $0xc 96161: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi 96168: 83 ec 04 sub $0x4,%esp 9616b: 51 push %ecx 9616c: 52 push %edx 9616d: 50 push %eax 9616e: 68 5c c2 0d 00 push $0xdc25c 96173: 68 a8 c5 0d 00 push $0xdc5a8 96178: 68 68 87 20 00 push $0x208768 9617d: 6a 00 push $0x0 9617f: e8 3c f6 ff ff call 957c0 <wine_dbg_log.constprop.3> --- snip ---
-> GOT/PIC register load gone.
How does it look like at runtime:
HANDLE user32.RegisterDeviceNotificationA(hRecipient,pFilter,Flags)
--- snip --- 7E69C0C0 E9 07469600 JMP 7F0006CC ; to Trampoline1 7E69C0C5 E4 F0 IN AL,0F0 7E69C0C7 FF71 FC PUSH DWORD PTR DS:[ECX-4] ; continuation 7E69C0CA 55 PUSH EBP 7E69C0CB 89E5 MOV EBP,ESP 7E69C0CD 51 PUSH ECX 7E69C0CE 83EC 04 SUB ESP,4 7E69C0D1 8B01 MOV EAX,DWORD PTR DS:[ECX] 7E69C0D3 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4] 7E69C0D6 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8] 7E69C0D9 F605 68E7807E 01 TEST BYTE PTR DS:[7E80E768],01 ... --- snip ---
Trampoline1:
--- snip --- ... 7F0006CC E9 DF396585 JMP 046540B0 ; Gameoverlayrenderer hook ... --- snip ---
Gameoverlayrenderer hook:
--- snip --- 046540B0 55 PUSH EBP 046540B1 8BEC MOV EBP,ESP 046540B3 53 PUSH EBX 046540B4 8B5D 10 MOV EBX,DWORD PTR SS:[EBP+10] 046540B7 56 PUSH ESI 046540B8 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0C] 046540BB 57 PUSH EDI 046540BC 53 PUSH EBX 046540BD 56 PUSH ESI 046540BE FF75 08 PUSH DWORD PTR SS:[EBP+8] ; call org Wine impl via Trampoline2 046540C1 FF15 EC1B7004 CALL DWORD PTR DS:[4701BEC] ; 0x7F0006C0 046540C7 8BF8 MOV EDI,EAX 046540C9 85FF TEST EDI,EDI 046540CB 74 73 JE SHORT 04654140 --- snip ---
Trampoline2 with original prologue and continuation into original Wine impl
--- snip --- 7F0006C0 8D4C24 04 LEA ECX,[ESP+4] 7F0006C4 83E4 F0 AND ESP,FFFFFFF0 7F0006C7 E9 FBB969FF JMP 7E69C0C7 ; continue to Wine impl. --- snip ---
I propose instead of duplicating all issues into a single catch-all-collector ticket ("Many games / multiple hook engines/DRM schemes: DRM1, DRM2, hook engine1...") we collect tickets per hook-engine, even the underlying problem is the same (GOT/PIC loads). Make it easier for end-users who care only about their favourite content distribution platform (Steam, EA/Origin, ...) and release notes.
Regards
https://bugs.winehq.org/show_bug.cgi?id=47097
--- Comment #5 from Anastasius Focht focht@gmx.net --- *** Bug 47098 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=47097
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Multiple Steam games crash |Multiple Steam games crash |on startup (Steam Game |on startup (Steam Game |Overlay Renderer hook |Overlay Renderer hook |engine engine can't cope |engine can't cope with GOT/ |with GOT/ PIC register load |PIC register load |code)(Counter-Strike, Black |code)(Counter-Strike, Black |Mesa, The Superlatives: |Mesa, The Superlatives: |Shattered Worlds) |Shattered Worlds, Lara | |Croft GoL)
https://bugs.winehq.org/show_bug.cgi?id=47097
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |andy86@fastwebnet.it
--- Comment #6 from Anastasius Focht focht@gmx.net --- *** Bug 47008 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=47097
--- Comment #7 from andy andy86@fastwebnet.it --- *** Bug 47008 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=47097
João Ferreira devilj@outlook.pt changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |devilj@outlook.pt
--- Comment #8 from João Ferreira devilj@outlook.pt --- *** Bug 47114 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=47097
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Summary|Multiple Steam games crash |Wine built with GCC 8.x+ |on startup (Steam Game |and -O2 causes Steam games |Overlay Renderer hook |using In-Game Overlay |engine can't cope with GOT/ |'gameoverlayrenderer.dll' |PIC register load |to crash (hook engine can't |code)(Counter-Strike, Black |cope with GOT/PIC code |Mesa, The Superlatives: |emitted at Win32 API |Shattered Worlds, Lara |entries) |Croft GoL) |
--- Comment #9 from Anastasius Focht focht@gmx.net --- Hello folks,
there are still new/ongoing reports/complaints/discussions related to Steam Game Overlay Renderer crashes. Many affected games are not even listed/reported here.
I'm refining the summary again, hoping to reduce the number of new dupes. Additionally, the description is more suitable for news sites that make their own summaries out of Wine 4.8 release bug lists.
Regards
https://bugs.winehq.org/show_bug.cgi?id=47097
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #10 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.8.
https://bugs.winehq.org/show_bug.cgi?id=47097
--- Comment #11 from ahyattdev ahyattdev@icloud.com --- I just installed Wine 4.8 and unfortunately Source games still crash at this same spot for me on macOS. Is it possible that the -fPIC change didn't happen for macOS targets?
https://bugs.winehq.org/show_bug.cgi?id=47097
--- Comment #12 from Zebediah Figura z.figura12@gmail.com --- (In reply to ahyattdev from comment #11)
I just installed Wine 4.8 and unfortunately Source games still crash at this same spot for me on macOS. Is it possible that the -fPIC change didn't happen for macOS targets?
Yes, it doesn't apply to Mac (or Android), for two reasons:
* I don't have a Mac (or Android) to test with, and the change doesn't trivially apply to Mac OS (see discussion in bug 37540); * 32-bit support on Mac is deprecated and going to be removed soon enough anyway. If (if!) Wine does end up still supporting it in any way, it's going to end up looking different enough that it's probably not worth spending effort on this now.
-
wine-bugs@winehq.org