[Bug 49116] New: Windows 10 1903 SDK (10.0.18362.0) installer crashes (method invocation on wrong CCW interface?)
https://bugs.winehq.org/show_bug.cgi?id=49116
Bug ID: 49116 Summary: Windows 10 1903 SDK (10.0.18362.0) installer crashes (method invocation on wrong CCW interface?) Product: Wine Version: 5.7 Hardware: x86 URL: https://web.archive.org/web/20200215010843/https://dow nload.microsoft.com/download/4/2/2/42245968-6A79-4DA7- A5FB-08C0AD0AE661/windowssdk/winsdksetup.exe OS: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: mscoree Assignee: wine-bugs@winehq.org Reporter: z.figura12@gmail.com Distribution: ---
It calls _AppDomain::CreateInstance() from unmanaged code to retrieve a COM pointer to one of its own objects (specifically, BootstrapperApplicationFactory, hosted in BootstrapperCore.dll), and then tries to invoke a method on the object. The problem is that the method it invokes has vtbl offset 0x38, but Mono gives us back what *seems* to be an IDispatch vtbl, so it ends up invoking junk. This consistently results in an execute fault for me.
Relevant disassembly, from mbahost.dll:
1286: 8b 45 08 >mov eax, [ebp+08h] 1289: 8d 55 fc lea edx, [ebp-04h] 128c: 52 push edx 128d: 57 push edi 128e: 53 push ebx 128f: 8b 08 mov ecx, [eax] 1291: 50 push eax 1292: ff 91 94 00 00 00 call dword [ecx+00000094h] // CreateInstance(), apparently 1298: 8b f0 mov esi, eax 129a: 85 f6 test esi, esi 129c: 79 08 jns 12a6 // jump if SUCCEEDED 129e: 56 push esi 129f: 68 1f 02 00 00 push dword 0000021Fh 12a4: eb 48 jmp 12ee 12a6: 8b 45 fc >mov eax, [ebp-04h] 12a9: 8d 55 ec lea edx, [ebp-14h] 12ac: 52 push edx 12ad: 50 push eax 12ae: 8b 08 mov ecx, [eax] 12b0: ff 51 38 call dword [ecx+38h] // crashes
Presumably Mono is wrong in returning IDispatch here, but I'm not sure why, and it's not clear what should be returned in its stead. The class in question actually has a ClassInterfaceType of AutoDispatch, but maybe that doesn't actually mean we should return IDispatch? But the CIL interface that class explicitly implements, IBootstrapperApplicationFactory, only has one method, so I'm not sure how an offset of 0x38 makes sense there either.
When I get the time I'll build and run a testcase...
https://bugs.winehq.org/show_bug.cgi?id=49116
--- Comment #1 from Zebediah Figura z.figura12@gmail.com --- (In reply to Zebediah Figura from comment #0)
The class in question actually has a ClassInterfaceType of AutoDispatch
Sorry, turns out I'm wrong here, it's actually None.
That doesn't help a lot...
https://bugs.winehq.org/show_bug.cgi?id=49116
--- Comment #2 from Zebediah Figura z.figura12@gmail.com --- A bit of research later, I understand this better.
BootstrapperApplicationFactory is irrelevant, because what CreateInstance() returns is System.ObjectHandle. The 0x38 offset is Unwrap(). The missing methods are those of System.Object itself.
The CCW comes from System.Runtime.InteropServices.Marshal:GetCCW, which is an icall to mono/metadata/cominterop.c. That code seems to want to do the right thing, but it doesn't for some reason. It'll take some more debugging to figure out why.
https://bugs.winehq.org/show_bug.cgi?id=49116
--- Comment #3 from Zebediah Figura z.figura12@gmail.com --- cominterop_get_ccw_checked() just blithely adds all the methods defined in that object. That's right for interfaces, but wrong for objects; it should:
* include its parent object as well; * exclude non-public methods; * exclude static methods; * exclude constructors and destructors.
(Actually I don't think that's even completely right for interfaces. Visibility and constructors/destructors aren't relevant there, but inheritance and static methods are...)
https://bugs.winehq.org/show_bug.cgi?id=49116
--- Comment #4 from Zebediah Figura z.figura12@gmail.com --- (In reply to Zebediah Figura from comment #3)
(Actually I don't think that's even completely right for interfaces. Visibility and constructors/destructors aren't relevant there, but inheritance and static methods are...)
Eh, I was wrong about this part. Inheritance surprisingly doesn't matter, and static methods on interfaces are a C# version 8 feature.
https://bugs.winehq.org/show_bug.cgi?id=49116
--- Comment #5 from Zebediah Figura z.figura12@gmail.com --- I've submitted patches to mono:
https://github.com/mono/mono/pull/19768
https://bugs.winehq.org/show_bug.cgi?id=49116
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |yoshi_story_pj64@hotmail.co | |m
--- Comment #6 from Zebediah Figura z.figura12@gmail.com --- *** Bug 49207 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=49116
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Windows 10 1903 SDK |Multiple Microsoft |(10.0.18362.0) installer |installers using |crashes (method invocation |"mbahost.dll" crash due to |on wrong CCW interface?) |method invocation on CCW | |class interface (Windows 10 | |1903 SDK (10.0.18362.0), | |SQL Server Management | |Studio)
https://bugs.winehq.org/show_bug.cgi?id=49116
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |odhinn@odhinnsrunes.com
--- Comment #7 from Zebediah Figura z.figura12@gmail.com --- *** Bug 49452 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=49116
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Multiple Microsoft |Multiple installers using |installers using |"mbahost.dll" crash due to |"mbahost.dll" crash due to |method invocation on CCW |method invocation on CCW |class interface (Windows 10 |class interface (Windows 10 |1903 SDK (10.0.18362.0), |1903 SDK (10.0.18362.0), |SQL Server Management |SQL Server Management |Studio, Raid Shadow |Studio) |Legends)
https://bugs.winehq.org/show_bug.cgi?id=49116
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |NOTOURBUG Status|NEW |RESOLVED
--- Comment #8 from Zebediah Figura z.figura12@gmail.com --- This was merged into Mono as https://github.com/mono/mono/commit/a79bf1902d335552891353e8c7b22af33019b299.
https://bugs.winehq.org/show_bug.cgi?id=49116
Esme Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|NOTOURBUG |---
--- Comment #9 from Esme Povirk madewokherd@gmail.com --- Thanks for fixing this.
Generally, Wine Mono bugs are left open until the fix makes its way into a Wine release, which in this case would be a 5.1.1 or 5.2.0.
https://bugs.winehq.org/show_bug.cgi?id=49116
--- Comment #10 from Zebediah Figura z.figura12@gmail.com --- (In reply to Esme Povirk from comment #9)
Thanks for fixing this.
Generally, Wine Mono bugs are left open until the fix makes its way into a Wine release, which in this case would be a 5.1.1 or 5.2.0.
Okay, makes sense. I was assuming the usual resolved/closed distinction, but I guess it makes more sense to leave it open given that we explicitly update Mono versions.
https://bugs.winehq.org/show_bug.cgi?id=49116
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fzatlouk@redhat.com
--- Comment #11 from Zebediah Figura z.figura12@gmail.com --- *** Bug 49702 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=49116
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |j.r.hudson@virginmedia.com
--- Comment #12 from Zebediah Figura z.figura12@gmail.com --- *** Bug 47841 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=49116
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alexandruotgon@gmail.com
--- Comment #13 from Gijs Vermeulen gijsvrm@gmail.com --- *** Bug 49015 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=49116
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |cedric.dewijs@eclipso.eu
--- Comment #14 from Zebediah Figura z.figura12@gmail.com --- *** Bug 49891 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=49116
Mike Ellery mellery@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mellery@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=49116
--- Comment #15 from František Zatloukal fzatlouk@redhat.com --- This should be fixed by wine 5.19 / wine-mono 5.1.1 afaik.
https://bugs.winehq.org/show_bug.cgi?id=49116
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |6078375a298f4879ada0a91e844 | |51ca24f851800 Status|REOPENED |RESOLVED Keywords| |Installer CC| |focht@gmx.net
--- Comment #16 from Anastasius Focht focht@gmx.net --- Hello folks,
that specific crash was fixed in Wine-Mono 5.1.1, part of Wine 5.19 release.
https://source.winehq.org/git/wine.git/commitdiff/6078375a298f4879ada0a91e84... ("mscoree: Update Wine Mono to 5.1.1.")
upstream-upstream:
https://github.com/mono/mono/commit/a79bf1902d335552891353e8c7b22af33019b299 (" [cominterop] Support ClassInterfaceType and auto-dual class interfaces")
upstream:
https://github.com/madewokherd/wine-mono/commit/2f394441d8ec0d673865be44cf4c... (mono submodule update)
One liner to print submodule changes compared to previous super-project tag:
--- snip --- $ git remote -v origin git://github.com/madewokherd/wine-mono.git (fetch)
$ git log --graph --oneline -U0 --submodule wine-mono-5.1.0..wine-mono-5.1.1 | grep -E '^[*| /\]+([0-9a-f]{7} |Submodule |> |$)'
* 46e4f91 Release 5.1.1. * 0f1e42d wpf: Beginnings of text formtting API implementation. | Submodule wpf a13817e..67e25bb: | > PresentationCore: Implement GetBackspaceCaretCharacterHit. | > PresentationCore: Implement GetNext/PreviousCharacterHit. | > PresentationCore: Simplify GetTextBounds. | > PresentationCore: Simplify GetCharacterHitFromDistance. | > PresentationCore: Implement GetTextBounds. | > PresentationCore: Implement GetCharacterHitFromDistance. | > PresentationCore: Always use ideal scaling factor for FormattedTextSymbols. | > PresentationCore: Implement FullTextLine.GetIndexedGlyphRuns. | > PresentationCore: Fix misuse of cache in GetTextRunSpans. | > PresentationCore: Fix misuse of cache in linebreak calculation. | > PresentationCore: Fix misuse of cached TextRun objects. | > PresentationCore: Add trailing whitespace calculation. | > PresentationCore: Initial support for text wrapping. | > PresentationCore: Split line measurement into a separate method. | > PresentationNative: Add EnableWindowWrapper. | > PresentationCore: Stub text formatting for TextHidden. | > PresentationCore: Use FormattedTextSymbols to measure text. | > PresentationCore: Move TextFormatterContext to MS.Internal. | > PresentationCore: Remove TextFormatterContext deps from Managed. | > DirectWriteForwarder: Fix NRE in TextAnalyzer. | > PresentationCore: Partially implement FullTextLine.Draw. | > PresentationNative: Add MapWindowPoints wrapper. | > PresentationCore: Stub FullTextLine.Start. | > PresentationCore: Stub GetTextLineBreak. | > PresentationCore: Implement FullTextLine.HasOverflowed. | > PresentationCore: Implement FullTextLine.Width. | > PresentationCore: Implement FullTextLine.Baseline. | > PresentationCore: Implement FullTextLine.WidthIncludingTrailingWhitespace. | > PresentationCore: Implement FullTextLine.GetTextRunSpans. | > PresentationCore: Implement FullTextLine.NewlineLength. | > PresentationCore: Implement FullTextLine.Length. | > PresentationCore: Add support for managed FullTextLine.Height. | > PresentationCore: Fetch text runs in FullTextLine. | > PresentationCore: Initialize fields in FullTextLine constructor. | > PresentationCore: Copy FullTextState to Managed.TextFormatting. | > PresentationCore: Move LexicalChunk to common code. | > DirectWriteForwarder: Fix FontMetrics struct offsets. | > PresentationCore: Remove redundant VerifyTextFormattingArguments call. | > PresentationCore: Move IShapeableTextCollector to common code. | > PresentationCore: Move CultureMapper to common code. | > PresentationCore: Fix path for Common.TextFormatting. | > PresentationCore: Move ITextSymbols to common code. | > PresentationCore: Make TextShapeableSymbols common code. | > PresentationCore: Copy TextMetrics to Managed.TextFormatting. | > PresentationCore: Copy SimpleTextLine to Managed.TextFormatting. | > Copy more of the original TextFormatting implementation. | > PresentationCore: Verify FormatLine arguments. | > PresentationCore: Fix typo in NotImplementedException message. | > PresentationCore: Stub FormatLine. | > PresentationCore: Add a stub managed TextFormatter. | > xaml2cs: Always use InvariantCulture. * f8de315 winforms: Cherry-picked bug fixes. | Submodule winforms 4a81f2d..946b198: | > Correct regression introduced in #659 (#3934) | > NativeWindow: Ensure WndProc's lasts as long as they are used. | > fix: Hide icon when `ShowIcon = false` (#3055) * 2f39444 mono update: Various bug fix cherry-picks. Submodule mono 4cc767b..1ad0d8c: > [System] Use corefx NetworkChange on Windows. > Send runtime output to printf handler. > [mini] Send debug output to print handler. > [trace] Send trace output to print handler. > [cominterop] Support ClassInterfaceType and auto-dual class interfaces (#19768) > [mono] Implement AsAny marshalling for simple arrays (#19683) --- snip ---
Thanks Zebediah, Esme
NOTE: The installer still doesn't work (hangs) but that's a different problem.
--- snip --- $ WINE_MONO_TRACE=x wine ./winsdksetup.exe ... 0154:fixme:mscoree:metahostpolicy_GetRequestedRuntime ignoring config flags 0154:fixme:mscoree:parse_startup useLegacyV2RuntimeActivationPolicy=L"true" not implemented 0154:fixme:mscoree:parse_supported_runtime sku=L".NETFramework,Version=v4.5" not implemented ... [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load the file 'Microsoft.Bootstrapper.XmlSerializers'. ... [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load the file 'Microsoft.Bootstrapper.XmlSerializers'. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\PresentationCore\4.0.0.0__31bf3856ad364e35\en-US\PresentationCore.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\PresentationCore\4.0.0.0__31bf3856ad364e35\en\PresentationCore.resources.dll' or one of its dependencies. 016c:fixme:ntdll:EtwEventRegister ({e13b77a8-14b6-11de-8069-001b212b5009}, 04C40520, 00000000, 04A3F118) stub. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\Temp{8B27CB78-030C-4344-B0EA-221DE20E2EEE}.ba\en-US\Microsoft.Bootstrapper.Presentation.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\PresentationFramework.classic\4.0.0.0__31bf3856ad364e35\en-US\PresentationFramework.Classic.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\PresentationFramework.classic\4.0.0.0__31bf3856ad364e35\en\PresentationFramework.Classic.resources.dll' or one of its dependencies. 016c:fixme:ntdll:EtwEventRegister ({e13b77a8-14b6-11de-8069-001b212b5009}, 06F07060, 0740F018, 07414C08) stub. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\WindowsBase\4.0.0.0__31bf3856ad364e35\en-US\WindowsBase.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\WindowsBase\4.0.0.0__31bf3856ad364e35\en\WindowsBase.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\PresentationFramework\4.0.0.0__31bf3856ad364e35\en-US\PresentationFramework.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\PresentationFramework\4.0.0.0__31bf3856ad364e35\en\PresentationFramework.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.NotSupportedException: Cannot convert the value in attribute 'Property' to object of type 'System.Windows.DependencyProperty'. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\System.Xaml\4.0.0.0__b77a5c561934e089\en-US\System.Xaml.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\mono\mono-2.0\lib\mono\gac\System.Xaml\4.0.0.0__b77a5c561934e089\en\System.Xaml.resources.dll' or one of its dependencies. [0000016C:] EXCEPTION handling: System.Xaml.XamlObjectWriterException: Failed to create a 'DependencyProperty' from the text 'ContentStringFormat'. 016c:fixme:nls:GetFileMUIPath stub: 0x10, L"C:\windows\system32\tzres.dll", (null), 04A3D418, 01469C10, 04A3D41C, 04A3D410 016c:fixme:nls:GetFileMUIPath stub: 0x10, L"C:\windows\system32\tzres.dll", (null), 04A3D418, 01469C10, 04A3D41C, 04A3D410 [00000154:] EXCEPTION handling: System.PlatformNotSupportedException: Operation is not supported on this platform. [00000154:] EXCEPTION handling: System.PlatformNotSupportedException: Operation is not supported on this platform. [00000154:] EXCEPTION handling: System.Runtime.InteropServices.COMException: 016c:fixme:msg:ChangeWindowMessageFilter c052 00000001 016c:fixme:dwmapi:DwmAttachMilContent (0002006A) stub 0184:fixme:driver:GdiEntry13 stub 0184:fixme:dwrite:dwritefactory_CreateMonitorRenderingParams (0x1): monitor setting ignored ... [0000016C:] EXCEPTION handling: System.EntryPointNotFoundException: LoGetEscString assembly:<unknown assembly> type:<unknown type> member:(null) [0000016C:] EXCEPTION handling: System.TypeInitializationException: The type initializer for 'MS.Internal.TextFormatting.TextStore' threw an exception. [0000016C:] EXCEPTION handling: System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\Temp{8B27CB78-030C-4344-B0EA-221DE20E2EEE}.ba\en-US\Microsoft.Bootstrapper.Presentation.resources.dll' or one of its dependencies. 016c:fixme:dwrite:dwritetextanalyzer_AnalyzeNumberSubstitution (0x6313290 0 16 0x6313660): stub 016c:fixme:uiautomation:UiaGetReservedMixedAttributeValue (04A3CC88) stub! 016c:fixme:uiautomation:UiaGetReservedNotSupportedValue (04A3CC88) stub! [0000016C:] EXCEPTION handling: System.NotImplementedException: Managed.TextFormatting.FullTextLine.GetRunMetrics for MS.Internal.Text.TextSpanModifier [0000016C:] EXCEPTION handling: System.NotImplementedException: Managed.TextFormatting.FullTextLine.GetRunMetrics for MS.Internal.Text.TextSpanModifier [0000016C:] EXCEPTION handling: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ... [0000016C:] EXCEPTION handling: System.NotImplementedException: Managed.TextFormatting.FullTextLine.GetRunMetrics for MS.Internal.Text.TextSpanModifier [0000016C:] EXCEPTION handling: System.NotImplementedException: Managed.TextFormatting.FullTextLine.GetRunMetrics for MS.Internal.Text.TextSpanModifier --- snip ---
$ sha1sum winsdksetup.exe 7a977b61b0bb49a30d77a3b37ecb9c847d9e983d winsdksetup.exe
$ du -sh winsdksetup.exe 1.3M winsdksetup.exe
$ wine --version wine-5.19
Regards
https://bugs.winehq.org/show_bug.cgi?id=49116
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #17 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 6.0-rc1.
-
WineHQ Bugzilla