[Bug 30000] New: iw4mp loader crashes because some API entries are not hotpatchable (DECLSPEC_HOTPATCH)
http://bugs.winehq.org/show_bug.cgi?id=30000
Bug #: 30000 Summary: iw4mp loader crashes because some API entries are not hotpatchable (DECLSPEC_HOTPATCH) Product: Wine Version: 1.4-rc5 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: kernel32 AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified
Hello,
continuation of bug 29899 After applying patch http://www.winehq.org/pipermail/wine-patches/2012-February/111710.html the loader still crashes.
--- snip --- Unhandled Exception: System.Runtime.InteropServices.SEHException: External component has thrown an exception. at PatchMW2() at Sys_RunInit() wine: Unhandled privileged instruction at address 0x7b854cf8 (thread 0009), starting debugger... Unhandled exception: privileged instruction in 32-bit code (0x7b854cf8). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7b854cf8 ESP:0032fd3c EBP:0032fd3c EFLAGS:00010202( R- -- I - - - ) EAX:7b854cf8 EBX:7b8a96a8 ECX:00000000 EDX:ffffffff ESI:00142710 EDI:0032fde8 ... Backtrace: =>0 0x7b854cf8 GetModuleHandleA+0x5(module="kernel32.dll") [/home/focht/projects/wine/wine-git/dlls/kernel32/module.c:562] in kernel32 (0x0032fd3c) 1 0x200020e4 in iw4m1 (+0x20e3) (0x0032fd54) 2 0x2000231e in iw4m1 (+0x231d) (0x0032fdd0) 3 0x20005c89 in iw4m1 (+0x5c88) (0x0032fddc) --- snip ---
Code:
--- snip --- ... 200020DA A1 AC380220 MOV EAX,DWORD PTR DS:[200238AC] ; kernel32.GetModuleHandleA 200020DF E8 CCFEFFFF CALL 20001FB0 200020E4 8945 F4 MOV DWORD PTR SS:[EBP-0C],EAX ... 20001FB0 55 PUSH EBP 20001FB1 8BEC MOV EBP,ESP 20001FB3 83C0 05 ADD EAX,5 20001FB6 50 PUSH EAX 20001FB7 C3 RETN --- snip ---
The loader emulates the first instructions of API entry points most likely to counter soft breakpoints (int3). It assumes standard Windows hotpatch entry layout (5 bytes).
KERNEL32.GetModuleHandleA:
--- snip --- 7B854CF3 55 PUSH EBP 7B854CF4 89E5 MOV EBP,ESP 7B854CF6 53 PUSH EBX 7B854CF7 83EC 24 SUB ESP,24 7B854CFA E8 48A2FCFF CALL __i686.get_pc_thunk.bx ; [__i686.get_pc_thunk.bx 7B854CFF 81C3 A9490500 ADD EBX,549A9 7B854D05 8D45 F4 LEA EAX,[LOCAL.3] 7B854D08 894424 08 MOV DWORD PTR SS:[LOCAL.8],EAX 7B854D0C 8B45 08 MOV EAX,DWORD PTR SS:[ARG.1] 7B854D0F 894424 04 MOV DWORD PTR SS:[LOCAL.9],EAX 7B854D13 C70424 02000000 MOV DWORD PTR SS:[LOCAL.10],2 7B854D1A E8 8CFDFFFF CALL GetModuleHandleExA ... --- snip ---
You need to add DECLSPEC_HOTPATCH to fix the crashes.
Regards
http://bugs.winehq.org/show_bug.cgi?id=30000
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |dotnet, download, | |obfuscation URL| |http://www.mediafire.com/?r | |nsrbkx72nlde0h Depends on| |29899 Summary|iw4mp loader crashes |iw4mp (Call of Duty MW2 |because some API entries |mod) loader crashes because |are not hotpatchable |some API entries are not |(DECLSPEC_HOTPATCH) |hotpatchable | |(DECLSPEC_HOTPATCH)
--- Comment #1 from Anastasius Focht focht@gmx.net 2012-02-25 03:38:20 CST --- Hello,
filling fields.
Prerequisites: 'winetricks -q dotnet35'
Regards
http://bugs.winehq.org/show_bug.cgi?id=30000
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|iw4mp (Call of Duty MW2 |iw4mp (Call of Duty MW2 |mod) loader crashes because |mod) loader crashes because |some API entries are not |some kernel32.dll API |hotpatchable |entries are not |(DECLSPEC_HOTPATCH) |hotpatchable | |(DECLSPEC_HOTPATCH missing)
--- Comment #2 from Anastasius Focht focht@gmx.net 2012-02-25 03:59:58 CST --- Hello,
kernel32.dll GetModuleHandleA source: http://source.winehq.org/git/wine.git/blob/8e67930bd7a1db8438cca50e8bd9269d8...
Another one "Sleep":
--- snip --- Unhandled Exception: System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt. at Sys_RunInit() Unhandled exception: privileged instruction in 32-bit code (0x7b870108). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7b870108 ESP:0b49e944 EBP:0b49e944 EFLAGS:00010202( R- -- I - - - ) EAX:7b870108 EBX:7bcbf544 ECX:7c6a290d EDX:ffffffff ESI:00000000 EDI:003d0f00 ... Backtrace: =>0 0x7b870108 Sleep+0x5(timeout=0x4e20) [/home/focht/projects/wine/wine-git/dlls/kernel32/sync.c:96] in kernel32 (0x0b49e944) 1 0x200016b6 in iw4m1 (+0x16b5) (0x0b49ea18) 2 0x7bc7af40 call_thread_func_wrapper+0xb() in ntdll (0x0b49ea28) 3 0x7bc7af89 call_thread_func+0x3e(entry=0x20001630, arg=0x0(nil), frame=0xb49eb28) [/home/focht/projects/wine/wine-git/dlls/ntdll/signal_i386.c:2532] in ntdll (0x0b49eb08) ... --- snip ---
kernel32.dll Sleep source: http://source.winehq.org/git/wine.git/blob/d5642a47ed6a80537011d15e4a987c8b9...
Regards
http://bugs.winehq.org/show_bug.cgi?id=30000
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |30001
http://bugs.winehq.org/show_bug.cgi?id=30000
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv@dawncrow.de
http://bugs.winehq.org/show_bug.cgi?id=30000
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |6d66de583fe218d37c90a69e459 | |77f4764e2ab70 Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #3 from Austin English austinenglish@gmail.com 2012-03-08 14:34:22 CST --- http://source.winehq.org/git/wine.git/commitdiff/6d66de583fe218d37c90a69e459... http://source.winehq.org/git/wine.git/commitdiff/00efe754f5af37a9a2a16e55019...
http://bugs.winehq.org/show_bug.cgi?id=30000
--- Comment #4 from Alexandre Julliard julliard@winehq.org 2012-03-16 14:08:24 CDT --- Closing bugs fixed in 1.5.0.
http://bugs.winehq.org/show_bug.cgi?id=30000
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alexandre Julliard julliard@winehq.org 2012-03-16 17:11:00 CDT --- Really closing bugs fixed in 1.5.0.
http://bugs.winehq.org/show_bug.cgi?id=30000
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |1.4.x
--- Comment #6 from André H. nerv@dawncrow.de 2012-03-28 13:43:45 CDT --- nominating for wine-1.4.1 (two patches)
http://bugs.winehq.org/show_bug.cgi?id=30000
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|1.4.x |---
https://bugs.winehq.org/show_bug.cgi?id=30000 Bug 30000 depends on bug 29899, which changed state.
Bug 29899 Summary: mapviewoffileex fails under certain condition with PE images https://bugs.winehq.org/show_bug.cgi?id=29899
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED
-
wine-bugs@winehq.org