https://bugs.winehq.org/show_bug.cgi?id=48235
Bug ID: 48235 Summary: Multiple applications need 'ntdll.NtWow64QueryInformationProcess64' (IP Camera Viewer 4.x) Product: Wine Version: 4.21 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
crash was reported in https://bugs.winehq.org/show_bug.cgi?id=44456#c7
Trace log:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/Deskshare/IP Camera Viewer 4
$ WINEDEBUG=+seh,+relay wine ./IP\ Camera\ Viewer.exe >>log.txt 2>&1 ... 0041:Call KERNEL32.IsWow64Process(ffffffff,0032f64c) ret=004034fc 0041:Call ntdll.NtQueryInformationProcess(ffffffff,0000001a,0032f5fc,00000004,00000000) ret=71276334 0041:Ret ntdll.NtQueryInformationProcess() retval=00000000 ret=71276334 0041:Ret KERNEL32.IsWow64Process() retval=00000001 ret=004034fc 0041:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000 tid=0041 0041:trace:seh:raise_exception info[0]=00000000 0041:trace:seh:raise_exception info[1]=00000000 0041:trace:seh:raise_exception eax=0032f658 ebx=00000000 ecx=00000000 edx=00000001 esi=00000000 edi=00000003 0041:trace:seh:raise_exception ebp=0032f690 esp=0032f640 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0041:trace:seh:call_stack_handlers calling handler at 0x7b4740b0 code=c0000005 flags=0 ... wine: Unhandled page fault on read access to 00000000 at address 00000000 (thread 0041), starting debugger... ... --- snip ---
Disassembly of crash site:
--- snip --- 004034C6 | lea eax,dword ptr ss:[ebp-4] | 004034C9 | push eax | 004034CA | push 30 | 004034CC | lea eax,dword ptr ss:[ebp-38] | 004034CF | push eax | 004034D0 | push 0 | 004034D2 | push FFFFFFFF | 004034D4 | call dword ptr ds:[406024] | *boom* (NULL) 004034DA | mov ecx,dword ptr ss:[ebp-30] | 004034DD | xor edx,edx | 004034DF | test eax,eax | 004034E1 | cmovne ecx,edx | 004034E4 | mov eax,ecx | 004034E6 | leave | 004034E7 | ret | --- snip ---
Walking backwards by using 'Find reference to address' in debugger:
--- snip --- Address Disassembly
004023A7 mov dword ptr ds:[406024],eax 004034D4 call dword ptr ds:[406024] --- snip ---
Code around 004023A7 -> part of custom imports resolver:
--- snip --- 00402391 | push ip camera viewer.401138 | "NtWow64QueryInformationProcess64" 00402396 | push ebx | 00402397 | mov dword ptr ds:[406028],eax | 0040239C | call edi | 0040239E | push eax | 0040239F | call esi | 004023A1 | push ip camera viewer.40115C | "memcpy" 004023A6 | push ebx | 004023A7 | mov dword ptr ds:[406024],eax | 004023AC | call edi | ... --- snip ---
Finding the corresponding part of trace log:
--- snip --- ... 0041:Call KERNEL32.GetModuleHandleW(004010c0 L"ntdll") ret=0040239e 0041:Call ntdll.RtlInitUnicodeString(0032f5f8,004010c0 L"ntdll") ret=7125a3f6 0041:Ret ntdll.RtlInitUnicodeString() retval=0000000c ret=7125a3f6 0041:Call ntdll.LdrGetDllHandle(00000000,00000000,0032f5f8,0032f5f0) ret=7125a41c 0041:Ret ntdll.LdrGetDllHandle() retval=00000000 ret=7125a41c 0041:Ret KERNEL32.GetModuleHandleW() retval=7bc30000 ret=0040239e 0041:Call KERNEL32.GetProcAddress(7bc30000,00401138 "NtWow64QueryInformationProcess64") ret=004023a1 0041:Ret KERNEL32.GetProcAddress() retval=00000000 ret=004023a1 ... --- snip ---
Example code:
https://github.com/giampaolo/psutil/blob/master/psutil/arch/windows/process_...
VirusTotal info:
https://www.virustotal.com/gui/file/190493c2c25d07cefc0b131f7afc162ab04a7850...
https://www.virustotal.com/gui/file/190493c2c25d07cefc0b131f7afc162ab04a7850...
$ sha1sum IPCameraViewer.exe 373a8311265ee8980e4ceb7b1d55524430add2fc IPCameraViewer.exe
$ du -sh IPCameraViewer.exe 20M IPCameraViewer.exe
$ wine --version wine-4.21-138-g7ca1c4900e
Regards
https://bugs.winehq.org/show_bug.cgi?id=48235
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |https://web.archive.org/web | |/20191206092952/https://www | |.deskshare.com/download/ipc | |v/IPCameraViewer.exe
https://bugs.winehq.org/show_bug.cgi?id=48235
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, obviously still present.
https://source.winehq.org/git/wine.git/blob/7d3186e029fb4cf417fab59483a37d8a...
$ wine --version wine-6.0-rc6
Regards
https://bugs.winehq.org/show_bug.cgi?id=48235
Alex Henrie alexhenrie24@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alexhenrie24@gmail.com
--- Comment #2 from Alex Henrie alexhenrie24@gmail.com --- Patch sent: https://gitlab.winehq.org/wine/wine/-/merge_requests/6666
https://bugs.winehq.org/show_bug.cgi?id=48235
Alex Henrie alexhenrie24@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |36363b9068f4b2e909d74b1887e | |d9ef30e7dd216 Resolution|--- |FIXED Status|NEW |RESOLVED
--- Comment #3 from Alex Henrie alexhenrie24@gmail.com --- Fixed by https://gitlab.winehq.org/wine/wine/-/commit/36363b9068f4b2e909d74b1887ed9ef...
https://bugs.winehq.org/show_bug.cgi?id=48235
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 9.21.