https://bugs.winehq.org/show_bug.cgi?id=47027
Bug ID: 47027 Summary: EA Origin: Crashes on start Product: Wine Version: 4.6 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: sporif@posteo.net CC: julliard@winehq.org Regression SHA1: cf8193df5b4c5a09208e40d8f3183c00187c8bd0 Distribution: ArchLinux
Created attachment 64190 --> https://bugs.winehq.org/attachment.cgi?id=64190 Log from starting Origin with wine 4.5
Wine-staging is required to install Origin and it successfully installs on wine-staging 4.5 and 4.6. But while wine and wine-staging 4.5 can run Origin after it has been installed, wine and wine-staging 4.6 cannot. 4.6 crashes after a few seconds while previous versions show the login screen. The commit that seems to have caused this regression is cf8193d. Attached are logs of starting Origin with wine 4.5, 4.6, cf8193d and the previous commit 9911cfd.
https://bugs.winehq.org/show_bug.cgi?id=47027
--- Comment #1 from sporif@posteo.net --- Created attachment 64191 --> https://bugs.winehq.org/attachment.cgi?id=64191 Log from starting Origin with wine 4.6
https://bugs.winehq.org/show_bug.cgi?id=47027
--- Comment #2 from sporif@posteo.net --- Created attachment 64192 --> https://bugs.winehq.org/attachment.cgi?id=64192 Log from starting Origin with wine 9911cfd
https://bugs.winehq.org/show_bug.cgi?id=47027
--- Comment #3 from sporif@posteo.net --- Created attachment 64193 --> https://bugs.winehq.org/attachment.cgi?id=64193 Log from starting Origin with wine cf8193d
https://bugs.winehq.org/show_bug.cgi?id=47027
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression
https://bugs.winehq.org/show_bug.cgi?id=47027
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|regression | CC| |xerox.xerox2000x@gmail.com
--- Comment #4 from Louis Lenders xerox.xerox2000x@gmail.com --- for the info: I was just about posting a comment for bug https://bugs.winehq.org/show_bug.cgi?id=45703 that seems affected by this commit too. Might be same issue
https://bugs.winehq.org/show_bug.cgi?id=47027
--- Comment #5 from sporif@posteo.net --- (In reply to Louis Lenders from comment #4)
for the info: I was just about posting a comment for bug https://bugs.winehq.org/show_bug.cgi?id=45703 that seems affected by this commit too. Might be same issue
Definitely seems to be the same issue, I used your patch with wine-staging 4.6 and Origin started working.
https://bugs.winehq.org/show_bug.cgi?id=47027
Béla Gyebrószki gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gyebro69@gmail.com
--- Comment #6 from Béla Gyebrószki gyebro69@gmail.com --- Created attachment 64199 --> https://bugs.winehq.org/attachment.cgi?id=64199 backtrace from minidump (CFLAGS="-march=native -pipe -O0 -g ")
I'm attaching a backtrace after Origin crashed. Maybe it helps locate where the problem comes from. The problem was not present prior to commit cf8193df5b4c5a09208e40d8f3183c00187c8bd0. I tried different CFLAGS to build Wine and found when only CFLAGS="-pipe -O0 -g " was used then Origin started properly. If I pass 'march=native' to the above flags then Origin crashes.
To reproduce the problem: 1. you need wine-staging to install Origin successfully. 'winetricks corefonts' is also required. 2. download and install OriginSetup.exe. After getting through the installation steps, Origin crashes before the login window would show up.
OriginSetup.exe (221 MB) md5sum: db79a2b5226e3bf31f205f11798720b2
wine-4.6-30-gf9301c2b66
https://bugs.winehq.org/show_bug.cgi?id=47027
Béla Gyebrószki gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://download.dm.origin. | |com/origin/live/OriginSetup | |.exe Keywords| |download
https://bugs.winehq.org/show_bug.cgi?id=47027
pattietreutel katyaberezyaka@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |katyaberezyaka@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=47027
don.vhs@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |don.vhs@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=47027
--- Comment #7 from Louis Lenders xerox.xerox2000x@gmail.com --- Created attachment 64231 --> https://bugs.winehq.org/attachment.cgi?id=64231 hack
With dumb trial and error copying over from a 'good' compile to a 'bad' compile i found a simple hack that let`s me start Origin; see attachment. I guess it`s all related to what Focht already explained here: https://bugs.winehq.org/show_bug.cgi?id=45703#c28
Until this is fixed I`d suggest (if others at least can confirm that this hack fixes the crash) to include such a hack in Staging temporaryly so gamers can go on until this bug is fixed
https://bugs.winehq.org/show_bug.cgi?id=47027
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #64231|0 |1 is obsolete| |
--- Comment #8 from Louis Lenders xerox.xerox2000x@gmail.com --- Created attachment 64232 --> https://bugs.winehq.org/attachment.cgi?id=64232 "correct hack"
Accidentaly attached wrong version of hack. This is the minimal hack that i i intended to attach ;)
https://bugs.winehq.org/show_bug.cgi?id=47027
--- Comment #9 from sporif@posteo.net --- (In reply to Louis Lenders from comment #8)
Created attachment 64232 [details] "correct hack"
Accidentaly attached wrong version of hack. This is the minimal hack that i i intended to attach ;)
I can confirm this fixes the crash.
https://bugs.winehq.org/show_bug.cgi?id=47027
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|EA Origin: Crashes on start |EA Origin client crashes on | |startup (Origin IGO hook | |engine can't cope with | |GOT/PIC register load code | |at API entry, needs | |DECLSPEC_HOTPATCH for | |user32.SetForegroundWindow) CC| |focht@gmx.net Status|UNCONFIRMED |NEW Component|-unknown |user32 Ever confirmed|0 |1
--- Comment #10 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
Snapshot of download:
https://web.archive.org/web/20190429133257/http://download.dm.origin.com/ori...
Since you already found the culprit this is supplemental information.
Trace log of client (avoid updater). Don't trace using relay, it affects the hook engine.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/Origin
$ WINEDEBUG=+seh,+loaddll,+process wine ./Origin.exe /noUpdate /timing:1075 /Installed:10.5.38.25027 ... 0009:trace:loaddll:load_native_dll Loaded L"C:\Program Files (x86)\Origin\IGO32.dll" at 0x48f0000: native ... 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4999fe5 ip=04999fe5 tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=08819178 0009:trace:seh:raise_exception eax=00129158 ebx=00046710 ecx=00000000 edx=7e320138 esi=00129620 edi=086f0000 0009:trace:seh:raise_exception ebp=0034e0a8 esp=0034e05c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0009:trace:seh:call_stack_handlers calling handler at 0x499fd85 code=c0000005 flags=0 0009:trace:seh:_except_handler4_common exception c0000005 flags=0 at 0x4999fe5 handler=0x499fd85 0x34dd38 0x34dc8c cookie=62e26657 scope table=0x49d1000 cookies=-2/0,-76/0 0009:trace:seh:_except_handler4_common level 1 prev 0 filter 0x499a00f 0009:trace:seh:_except_handler4_common filter returned EXECUTE_HANDLER 0009:trace:seh:__DestructExceptionObject (0x34e004) 0009:trace:seh:_global_unwind2 (0x34e098) 0009:trace:seh:__regs_RtlUnwind code=c0000027 flags=2 --- snip ---
The in-game overlay logs some diagnostics in 'IGO_Log.Origin_<pid>.txt' located in 'c:\ProgramData\Origin\Logs':
--- snip --- Process Information PID: 8 EXE: C:\Program Files (x86)\Origin\Origin.exe STARTED: Mon, Apr 29 2019 03:50:10 PM WARN 03:50:10 PM (0) 9 IGOTelemetry.cpp: 77 Unable to retrieve telemetry prod id WARN 03:50:10 PM (0) 9 IGOTelemetry.cpp: 87 Unable to retrieve telemetry timestamp WARN 03:50:10 PM (9) 9 DllMain.cpp: 2243 isIGOSharedMemoryNew=1 WARN 03:50:10 PM (0) 9 DllMain.cpp: 2256 Creating IGO Mutex INFO 03:50:10 PM (0) 9 DllMain.cpp: 2335 Info Display: disabled INFO 03:50:10 PM (0) 9 DllMain.cpp: 2340 32-bit DLL Process attach - 9 WARN 03:50:10 PM (3) 9 DllMain.cpp: 2366 forceAPIHooking = true INFO 03:50:10 PM (0) 9 DllMain.cpp: 2393 parent process name: (size 0) INFO 03:50:11 PM (426) 9 mhook.cpp: 442 TrampolineAlloc: for 7E366710 (DoDragDrop) between 00000001 and FE2E6710 INFO 03:50:11 PM (1) 9 mhook.cpp: 192 mhooks: BlockAlloc: Allocated block at 7F000000 as 282 trampolines INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E68A210 (SetFocus) between 00000001 and FE60A210 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E68A0B0 (SetForegroundWindow) between 00000001 and FE60A0B0 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E9260 (BringWindowToTop) between 00000001 and FE669260 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E99D0 (SwitchToThisWindow) between 00000001 and FE6699D0 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E9880 (ShowWindowAsync) between 00000001 and FE669880 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E9920 (ShowWindow) between 00000001 and FE669920 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E6E88E0 (SetWindowPos) between 00000001 and FE6688E0 INFO 03:50:11 PM (0) 9 mhook.cpp: 442 TrampolineAlloc: for 7E68A120 (SetActiveWindow) between 00000001 and FE60A120 INFO 03:50:11 PM (1) 9 mhook.cpp: 442 TrampolineAlloc: for 7B4499F0 (CreateFileW) between 00000001 and FB3C99F0 --- snip ---
Original 'user32.SetForegroundWindow' in memory before the hooking:
--- snip --- 7E657A41 8B0424 MOV EAX,DWORD PTR SS:[ESP] 7E657A44 C3 RETN ... 7E68A0B0 E8 8CD9FCFF CALL 7E657A41 7E68A0B5 05 4B6F0B00 ADD EAX,0B6F4B 7E68A0BA 8D4C24 04 LEA ECX,[ESP+4] 7E68A0BE 83E4 F0 AND ESP,FFFFFFF0 7E68A0C1 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7E68A0C4 55 PUSH EBP 7E68A0C5 89E5 MOV EBP,ESP 7E68A0C7 53 PUSH EBX 7E68A0C8 8B19 MOV EBX,DWORD PTR DS:[ECX] 7E68A0CA 51 PUSH ECX 7E68A0CB F680 80B60E00 0 TEST BYTE PTR DS:[EAX+0EB680],08 7E68A0D2 75 1C JNE SHORT 7E68A0F0 7E68A0D4 83EC 0C SUB ESP,0C 7E68A0D7 53 PUSH EBX 7E68A0D8 E8 332C0500 CALL 7E6DCD10 7E68A0DD 31D2 XOR EDX,EDX 7E68A0DF E8 7CFEFFFF CALL 7E689F60 7E68A0E4 8D65 F8 LEA ESP,[EBP-8] 7E68A0E7 59 POP ECX 7E68A0E8 5B POP EBX 7E68A0E9 5D POP EBP 7E68A0EA 8D61 FC LEA ESP,[ECX-4] 7E68A0ED C2 0400 RETN 4 --- snip ---
After hooking:
--- snip --- 7E68A0B0 E9 1BEED091 JMP 10398ED0 7E68A0B5 05 4B6F0B00 ADD EAX,0B6F4B 7E68A0BA 8D4C24 04 LEA ECX,[ESP+4] --- snip ---
Hook trampoline target:
--- snip --- Executable modules, item 26 Base = 10000000 Size = 02839000 (42176512.) Entry = 10694B47 Name = OriginClient Type = File version = 10,5,38,25027 Static links = api-ms-win-crt-runtime-l1-1-0, dbghelp, KERNEL32, MSVCP140, ole32, OLEAUT32, Qt5Core, Qt5Gui, Qt5Multimedia, Qt5Network, Qt5PrintSupport, Qt5QuickWidgets, Qt5WebChannel, Qt5WebEngineCore, Qt5WebEngineWidgets, Qt5Widgets, Qt5Xml, SHELL32, SHLWAPI, USER32, Path = C:\Program Files (x86)\Origin\OriginClient.dll --- snip ---
This obviously can't work as already explained many times.
With DECLSPEC_HOTPATCH applied:
--- snip --- $ objdump -d /home/focht/projects/wine/mainline-install-x86_64/lib/wine/user32.dll.so | awk -F"\n" -v RS="\n\n" '$1 ~ /SetForegroundWindow/' 0005d0c0 <SetForegroundWindow>: 5d0c0: 8b ff mov %edi,%edi 5d0c2: 55 push %ebp 5d0c3: 8b ec mov %esp,%ebp 5d0c5: e8 77 d9 fc ff call 2aa41 <__x86.get_pc_thunk.ax> 5d0ca: 05 36 6f 0b 00 add $0xb6f36,%eax 5d0cf: 5d pop %ebp 5d0d0: 8d 4c 24 04 lea 0x4(%esp),%ecx 5d0d4: 83 e4 f0 and $0xfffffff0,%esp 5d0d7: ff 71 fc pushl -0x4(%ecx) 5d0da: 55 push %ebp 5d0db: 89 e5 mov %esp,%ebp 5d0dd: 53 push %ebx 5d0de: 8b 19 mov (%ecx),%ebx 5d0e0: 51 push %ecx 5d0e1: f6 80 80 b6 0e 00 08 testb $0x8,0xeb680(%eax) 5d0e8: 75 26 jne 5d110 <SetForegroundWindow+0x50> --- snip ---
which works as expected.
$ sha1sum OriginSetup.exe 9fc129ddb49d13904b8419d128c5c96077cf9b26 OriginSetup.exe
$ du -sh OriginSetup.exe 221M OriginSetup.exe
$ wine --version wine-4.7
Regards
https://bugs.winehq.org/show_bug.cgi?id=47027
--- Comment #11 from Louis Lenders xerox.xerox2000x@gmail.com --- Hi Focht, I already tried that earlier (add DECLSPEC_HOTPATCH to SetForeGroundWindow) but somehow that didn`t fix the crash for me. Maybe I did something wrong?
https://bugs.winehq.org/show_bug.cgi?id=47027
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|EA Origin client crashes on |EA Origin client crashes on |startup (Origin IGO hook |startup (Origin IGO using |engine can't cope with |madCodeHook 3.x engine |GOT/PIC register load code |can't cope with GOT/PIC |at API entry, needs |register load code within |DECLSPEC_HOTPATCH for |15-byte range at API entry) |user32.SetForegroundWindow) |
--- Comment #12 from Anastasius Focht focht@gmx.net --- Hello Louis,
yeah I see it now ... IGO uses madCodeHook 3.x (http://www.madshi.net/)
--- snip --- ; ASCII "C:\jenkins\workspace\Client\build_release_win\origin\products\client\10.5.38\IGO\madCodeHook3\Sources\C++\ModuleTools.cpp" --- snip ---
Reminds me of Chromium. It copies a whole range of opcodes (15 bytes) from API entry into dynamically allocated trampoline. In addition it tries to be clever and patches instructions that change code flow (calls) within first 15 bytes of function entry (if their complete opcode fits in range).
Pure unhooked 'user32.SetForegroundWindow' with DECLSPEC_HOTPATCH applied:
--- snip --- 7E68A0C0 8BFF MOV EDI,EDI 7E68A0C2 55 PUSH EBP 7E68A0C3 8BEC MOV EBP,ESP 7E68A0C5 E8 77D9FCFF CALL 7E657A41 7E68A0CA 05 366F0B00 ADD EAX,0B6F36 7E68A0CF 5D POP EBP 7E68A0D0 8D4C24 04 LEA ECX,[ESP+4] 7E68A0D4 83E4 F0 AND ESP,FFFFFFF0 7E68A0D7 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7E68A0DA 55 PUSH EBP 7E68A0DB 89E5 MOV EBP,ESP 7E68A0DD 53 PUSH EBX 7E68A0DE 8B19 MOV EBX,DWORD PTR DS:[ECX] 7E68A0E0 51 PUSH ECX 7E68A0E1 F680 80B60E00 0 TEST BYTE PTR DS:[EAX+0EB680],08 7E68A0E8 75 26 JNE SHORT 7E68A110 ... --- snip ---
After hook:
--- snip --- 7E68A0C0 E9 0BEED091 JMP 10398ED0 ; first hook 7E68A0C5 8BE5 MOV ESP,EBP 7E68A0C7 5D POP EBP 7E68A0C8 E9 03EED091 JMP 10398ED0 ; second hook, non-reachable though 7E68A0CD 0B00 OR EAX,DWORD PTR DS:[EAX] 7E68A0CF 5D POP EBP ; <--- trampoline continuation 7E68A0D0 8D4C24 04 LEA ECX,[ESP+4] 7E68A0D4 83E4 F0 AND ESP,FFFFFFF0 7E68A0D7 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7E68A0DA 55 PUSH EBP 7E68A0DB 89E5 MOV EBP,ESP 7E68A0DD 53 PUSH EBX 7E68A0DE 8B19 MOV EBX,DWORD PTR DS:[ECX] 7E68A0E0 51 PUSH ECX 7E68A0E1 F680 80B60E00 0 TEST BYTE PTR DS:[EAX+0EB680],08 7E68A0E8 75 26 JNE SHORT 7E68A110 ... --- snip ---
When the first hook is done (taking 5-bytes), the next instruction instruction within 15-byte range is the call to load PIC register. IGO/madCodeHook3 considers it a code flow change and patches it as well, along with original prologue chunk insertion. Questionable implementation if the code won't be reachable at all due to first own(!) hook.
--- snip --- 7E68A0C0 E9 0BEED091 JMP 10398ED0 7E68A0C5 E8 77D9FCFF CALL 7E657A41 ; <-- will be patched in second pass 7E68A0CA 05 366F0B00 ADD EAX,0B6F36 7E68A0CF 5D POP EBP --- snip ---
The final trampoline with copied opcodes:
--- snip --- 7F000210 8BFF MOV EDI,EDI 7F000212 55 PUSH EBP 7F000213 8BEC MOV EBP,ESP 7F000215 E8 277865FF CALL 7E657A41 ; PIC load, can't work 7F00021A 05 366F0B00 ADD EAX,0B6F36 7F00021F E9 AB9E68FF JMP 7E68A0CF --- snip ---
In other cases it works because there is no call instruction in first 15-byte range, example:
'DoDragDrop' hooked API entry which doesn't even have DECLSPEC_HOTPATCH:
--- snip --- ... 7E366710 E9 8B210392 JMP 103988A0 7E366715 E4 F0 IN AL,0F0 7E366717 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7E36671A 55 PUSH EBP 7E36671B 89E5 MOV EBP,ESP 7E36671D 57 PUSH EDI 7E36671E 56 PUSH ESI 7E36671F 53 PUSH EBX ; <--- trampoline continuation 7E366720 E8 1BDDFBFF CALL 7E324440 ; PIC load, will work 7E366725 81C3 DB280E00 ADD EBX,0E28DB ... --- snip ---
Trampoline, has copy of first 15 bytes:
--- snip --- 7F000040 8D4C24 04 LEA ECX,[ESP+4] ; original entry with no hotpatch 7F000044 83E4 F0 AND ESP,FFFFFFF0 7F000047 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7F00004A 55 PUSH EBP 7F00004B 89E5 MOV EBP,ESP 7F00004D 57 PUSH EDI 7F00004E 56 PUSH ESI 7F00004F E9 CB6636FF JMP 7E36671F --- snip ---
Another example that doesn't work:
'user32.BringWindowToTop' has no DECLSPEC_HOTPATCH:
--- snip --- 7E6E9280 8D4C24 04 LEA ECX,[ARG.1] ; original entry with no hotpatch 7E6E9284 83E4 F0 AND ESP,FFFFFFF0 7E6E9287 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7E6E928A 55 PUSH EBP 7E6E928B 89E5 MOV EBP,ESP 7E6E928D 53 PUSH EBX 7E6E928E E8 DD32F6FF CALL 7E64C570 7E6E9293 81C3 6D7D0500 ADD EBX,57D6D 7E6E9299 51 PUSH ECX ... --- snip ---
After hook:
--- snip --- 7E64C570 8B1C24 MOV EBX,DWORD PTR SS:[ESP] 7E64C573 C3 RETN
7E6E9280 E9 5BEECA91 JMP 103980E0 7E6E9285 E4 F0 IN AL,0F0 7E6E9287 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7E6E928A 55 PUSH EBP 7E6E928B 89E5 MOV EBP,ESP 7E6E928D 53 PUSH EBX 7E6E928E E8 DD32F6FF CALL 7E64C570 7E6E9293 81C3 6D7D0500 ADD EBX,57D6D ; <--- trampoline continuation 7E6E9299 51 PUSH ECX 7E6E929A 83EC 04 SUB ESP,4 7E6E929D 6A 03 PUSH 3 7E6E929F 6A 00 PUSH 0 7E6E92A1 6A 00 PUSH 0 7E6E92A3 6A 00 PUSH 0 7E6E92A5 6A 00 PUSH 0 7E6E92A7 6A 00 PUSH 0 7E6E92A9 FF31 PUSH DWORD PTR DS:[ECX] 7E6E92AB E8 50F6FFFF CALL SetWindowPos ... --- snip ---
Unfortunately the first byte of call instruction to load PIC reg is the 15th byte, hence it's still considered part of "prologue". The hook copies the whole call into trampoline.
--- snip --- 7F000210 8D4C24 04 LEA ECX,[ESP+4] ; original entry with no hotpatch 7F000214 83E4 F0 AND ESP,FFFFFFF0 7F000217 FF71 FC PUSH DWORD PTR DS:[ECX-4] 7F00021A 55 PUSH EBP 7F00021B 89E5 MOV EBP,ESP 7F00021D 53 PUSH EBX 7F00021E E8 4DC364FF CALL 7E64C570 ; PIC load, can't work 7F000223 E9 6B906EFF JMP 7E6E9293 --- snip ---
DECLSPEC_HOTPATCH would help in this case.
There is not much to be done about it .. shuffling code around (add/remove/dummy vars) has the risk of not working out as intended. The compiler can optimize/re-arrange code at will, depending on used optimization levels.
Honstely, I've already said it multiple times (bug 37540 and the like): the usage of PIC for 32-bit is just harmful, I don't see any benefit at all. It's just wasted time hacking around and clobbering Wine sources with DECLSPEC_HOTPATCH which won't help in some cases as demonstrated here.
Regards
https://bugs.winehq.org/show_bug.cgi?id=47027
lle llenort@aol.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |llenort@aol.com
--- Comment #13 from lle llenort@aol.com ---
Hi Anastasius,
a big Thumb up. This was a very professional investigation. Really impressive. You are amazing.
Again, thank you and the whole wine/staging team.
lle
https://bugs.winehq.org/show_bug.cgi?id=47027
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |8f732c66ab37b54c30d63c74f78 | |22ba1d4f04996 Component|user32 |build-env Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #14 from Anastasius Focht focht@gmx.net --- Hello folks,
this is now fixed by following commits:
* https://source.winehq.org/git/wine.git/commitdiff/8f732c66ab37b54c30d63c74f7... ("makefiles: Build with -fno-PIC on i386.")
* https://source.winehq.org/git/wine.git/commitdiff/8039941c52758113955d376bd7... ("makefiles: Also pass -fPIC flag when linking.")
Thanks Zebediah and Alexandre.
I as explained earlier, madCodeHook v3+ engine is quite sophisticated. There is no need for DECLSPEC_HOTPATCH - only the GOT/PIC register load code in entry had to go.
--- snip --- Process Information PID: 85 EXE: C:\Program Files (x86)\Origin\Origin.exe STARTED: Wed, May 01 2019 12:45:59 AM WARN 12:45:59 AM (0) 66 IGOTelemetry.cpp: 77 Unable to retrieve telemetry prod id WARN 12:45:59 AM (0) 66 IGOTelemetry.cpp: 87 Unable to retrieve telemetry timestamp WARN 12:45:59 AM (12) 66 DllMain.cpp: 2243 isIGOSharedMemoryNew=1 WARN 12:45:59 AM (0) 66 DllMain.cpp: 2256 Creating IGO Mutex INFO 12:45:59 AM (20) 66 DllMain.cpp: 2335 Info Display: disabled INFO 12:45:59 AM (0) 66 DllMain.cpp: 2340 32-bit DLL Process attach - 9 WARN 12:45:59 AM (13) 66 DllMain.cpp: 2366 forceAPIHooking = true INFO 12:45:59 AM (0) 66 DllMain.cpp: 2393 parent process name: originthinsetupinternal.exe (size 27) INFO 12:45:59 AM (407) 66 mhook.cpp: 442 TrampolineAlloc: for 7E3648E0 (DoDragDrop) between 00000001 and FE2E48E0 INFO 12:45:59 AM (1) 66 mhook.cpp: 192 mhooks: BlockAlloc: Allocated block at 7F000000 as 282 trampolines INFO 12:45:59 AM (0) 66 mhook.cpp: 442 TrampolineAlloc: for 7E6885A0 (SetFocus) between 00000001 and FE6085A0 INFO 12:45:59 AM (0) 66 mhook.cpp: 442 TrampolineAlloc: for 7E688440 (SetForegroundWindow) between 00000001 and FE608440 INFO 12:45:59 AM (0) 66 mhook.cpp: 442 TrampolineAlloc: for 7E6E8900 (BringWindowToTop) between 00000001 and FE668900 INFO 12:45:59 AM (0) 66 mhook.cpp: 442 TrampolineAlloc: for 7E6E90B0 (SwitchToThisWindow) between 00000001 and FE6690B0 INFO 12:45:59 AM (0) 66 mhook.cpp: 442 TrampolineAlloc: for 7E6E8F20 (ShowWindowAsync) between 00000001 and FE668F20 INFO 12:45:59 AM (0) 66 mhook.cpp: 442 TrampolineAlloc: for 7E6E8FC0 (ShowWindow) between 00000001 and FE668FC0 INFO 12:45:59 AM (0) 66 mhook.cpp: 442 TrampolineAlloc: for 7E6E7F80 (SetWindowPos) between 00000001 and FE667F80 INFO 12:45:59 AM (0) 66 mhook.cpp: 442 TrampolineAlloc: for 7E6884B0 (SetActiveWindow) between 00000001 and FE6084B0 INFO 12:45:59 AM (1) 66 mhook.cpp: 442 TrampolineAlloc: for 7B449B60 (CreateFileW) between 00000001 and FB3C9B60 --- snip ---
$ wine --version wine-4.7-66-g8039941c52
Regards
https://bugs.winehq.org/show_bug.cgi?id=47027
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|EA Origin client crashes on |Wine built with GCC 8.x+ |startup (Origin IGO using |and -O2 causes apps and |madCodeHook 3.x engine |games using madCodeHook |can't cope with GOT/PIC |3.x/4.x to crash (hook |register load code within |engine can't cope with GOT/ |15-byte range at API entry) |PIC code emitted within | |15-byte range at Win32 API | |entries)(EA Origin, | |HeidiSQL 10.x)
--- Comment #15 from Anastasius Focht focht@gmx.net --- Hello folks,
refining summary again to capture not only (EA) games but many other commercial and FOSS apps that make use of madCodeHook 3.x and 4.x engine.
Additionally, the description is more suitable for news sites that make their own summaries out of Wine 4.8 release bug lists.
Found another victim here:
https://forum.winehq.org/viewtopic.php?f=8&t=32337 ("Wine 4.6 + HeidiSQL 10.1")
HeidiSQL Github project/bug tracker:
https://github.com/HeidiSQL/HeidiSQL/issues/630
Download:
https://www.heidisql.com/builds/heidisql32.r5547.exe
Internet Archive snapshot for reproduce:
https://web.archive.org/web/20190503072629/https://www.heidisql.com/builds/h...
There are multiple offenders with GOT/PIC loads where madCodeHook chokes on. One example:
user32.DrawEdge
--- snip --- 7E6C1250 E9 D54AC482 JMP 01305D2A ; to trampoline 7E6C1255 05 ABAD0600 ADD EAX,6ADAB ; continuation 7E6C125A 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4] 7E6C125E 83E4 F0 AND ESP,FFFFFFF0 7E6C1261 FF71 FC PUSH DWORD PTR DS:[ECX-4] ... 7E6C12D0 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50] 7E6C12D3 83E3 0F AND EBX,0F 7E6C12D6 0FB68C18 6879FCF>MOVZX ECX,BYTE PTR DS:[EAX+EBX+FFFC7968] ; *boom* 7E6C12DE 0FB68418 7879FCF>MOVZX EAX,BYTE PTR DS:[EAX+EBX+FFFC7978] ... --- snip ---
Trampoline:
--- snip --- 01305D2A 90 NOP 01305D2B FF25 0A5D3001 JMP DWORD PTR DS:[1305D0A] ; heidisql.00A060E8 ... 01346F4D FF25 536F3401 JMP DWORD PTR DS:[1346F53] ; 01346F4D ... 01305D31 FF25 0E5D3001 JMP DWORD PTR DS:[1305D0E] ; 02750000 ... 02750000 E8 1C2AEF7B CALL user32.__x86.get_pc_thunk.ax 02750005 FF25 0B007502 JMP DWORD PTR DS:[275000B] ; cont user32.7E6C1255 ... --- snip ---
App hook:
--- snip --- ... 00A060E8 55 PUSH EBP 00A060E9 8BEC MOV EBP,ESP 00A060EB 51 PUSH ECX 00A060EC 53 PUSH EBX 00A060ED 56 PUSH ESI 00A060EE 57 PUSH EDI 00A060EF 8B5D 10 MOV EBX,DWORD PTR SS:[EBP+10] 00A060F2 8B75 0C MOV ESI,DWORD PTR SS:[EBP+C] 00A060F5 E8 7E30C6FF CALL heidisql.00669178 ... 00A06176 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00A06179 50 PUSH EAX 00A0617A E8 2D28A1FF CALL heidisql.004189AC ; OFFSET gdi32.RestoreDC 00A0617F C3 RETN ... 00A06192 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00A06195 50 PUSH EAX 00A06196 FF15 5814AE00 CALL DWORD PTR DS:[AE1458] ; 01346F4D org prologue 00A0619C 5F POP EDI 00A0619D 5E POP ESI 00A0619E 5B POP EBX 00A0619F 59 POP ECX 00A061A0 5D POP EBP 00A061A1 C2 1000 RETN 10 --- snip ---
$ sha1sum heidisql32.r5547.exe c4b0b0e803c38fa58b6bf7d99e40cf57c9e1ede4 heidisql32.r5547.exe
$ du -sh heidisql32.r5547.exe 7.9M heidisql32.r5547.exe
Regards
https://bugs.winehq.org/show_bug.cgi?id=47027
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Wine built with GCC 8.x+ |Wine built with GCC 8.x+ |and -O2 causes apps and |and -O2 causes apps and |games using madCodeHook |games using |3.x/4.x to crash (hook |madCodeHook/madExcept |engine can't cope with GOT/ |3.x/4.x to crash (hook |PIC code emitted within |engine can't cope with GOT/ |15-byte range at Win32 API |PIC code emitted within |entries)(EA Origin, |15-byte range at Win32 API |HeidiSQL 10.x) |entries)(EA Origin, | |HeidiSQL 10.x)
--- Comment #16 from Anastasius Focht focht@gmx.net --- Hello folks,
addendum: HeidiSQL uses madExcept 4.x (http://www.madshi.net/) as crash reporting tool.
madCodeHook and madExcept share the same techniques under the hood hence I put both together here.
Regards
https://bugs.winehq.org/show_bug.cgi?id=47027
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #17 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.8.
-
wine-bugs@winehq.org