[Bug 44907] New: BattlEye 'BEDaisy' kernel service crashes on unimplemented function ' fltmgr.sys.FltGetRoutineAddress'
https://bugs.winehq.org/show_bug.cgi?id=44907
Bug ID: 44907 Summary: BattlEye 'BEDaisy' kernel service crashes on unimplemented function 'fltmgr.sys.FltGetRoutineAddress' Product: Wine Version: 3.5 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: fltmgr Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
already mentioned in bug 44500
It seems the author of the BattlEye driver is actively working on it, adding new API dependencies/imports every week ;-)
Prerequisite:
* bug 44837 -> missing 'ntoskrnl.exe.Ps{Acquire,Release}ProcessExitSynchronization' * bug 44906 -> missing 'ntoskrnl.exe.ExfUnblockPushLock'
There is now an additional one:
--- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl wine net start BEDaisy >>log.txt 2>&1 ... 0035:Call ntoskrnl.exe.MmGetSystemRoutineAddress(0065ecac) ret=008560ad ... 0035:Call KERNEL32.GetProcAddress(7ec00000,0011d528 "IoDriverObjectType") ret=7ec18587 0035:Ret KERNEL32.GetProcAddress() retval=7ec0700c ret=7ec18587 ... 0035:trace:ntoskrnl:MmGetSystemRoutineAddress L"IoDriverObjectType" -> 0x7ec0700c ... 0035:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=7ec0700c ret=008560ad ... 0035:Call KERNEL32.RaiseException(80000100,00000001,00000002,0065eb78) ret=f7dd1b0f 0035:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b446c33 ip=7b446c33 tid=0035 0035:trace:seh:raise_exception info[0]=f7dd1b28 0035:trace:seh:raise_exception info[1]=f7dd228b wine: Call from 0x7b446c33 to unimplemented function fltmgr.sys.FltGetRoutineAddress, aborting --- snip ---
$ sha1sum Tibia_Setup.exe 50951008ccc402cc32407bfc56a88da873e3e9bd Tibia_Setup.exe
$ du -sh Tibia_Setup.exe 5.2M Tibia_Setup.exe
$ wine --version wine-3.5-106-g182c12c403
Regards
https://bugs.winehq.org/show_bug.cgi?id=44907
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Staged patchset| |https://github.com/wine-sta | |ging/wine-staging/blob/mast | |er/patches/fltmgr.sys-filte | |rs/0005-fltmgr.sys-Implemen | |t-FltGetRoutineAddress.patc | |h URL| |http://static.tibia.com/dow | |nload/Tibia_Setup.exe Status|NEW |STAGED Keywords| |download, obfuscation
https://bugs.winehq.org/show_bug.cgi?id=44907
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
with the referenced patch applied, the import dependencies from 'fltmgr.sys' seem to be satisfied for now. It will likely crash on these later due to being generated stubs, after fixing other bugs.
--- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl wine net start BEDaisy >>log.txt 2>&1 ... 0035:Call driver init 0x78d000 (obj=0x11cbf8,str=L"\Registry\Machine\System\CurrentControlSet\Services\BEDaisy") ... 0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc58 "FltRegisterFilter") ret=007cedfe 0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a 0035:Ret KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a 0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc58 "FltRegisterFilter") ret=f7d9bb2d 0035:Ret KERNEL32.GetProcAddress() retval=f7d9b858 ret=f7d9bb2d 0035:Ret fltmgr.sys.FltGetRoutineAddress() retval=f7d9b858 ret=007cedfe 0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc44 "FltUnregisterFilter") ret=0083c2cd 0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a 0035:Ret KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a 0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc44 "FltUnregisterFilter") ret=f7d9bb2d 0035:Ret KERNEL32.GetProcAddress() retval=f7d9b888 ret=f7d9bb2d 0035:Ret fltmgr.sys.FltGetRoutineAddress() retval=f7d9b888 ret=0083c2cd 0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc6c "FltStartFiltering") ret=007aef7e 0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a 0035:Ret KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a 0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc6c "FltStartFiltering") ret=f7d9bb2d 0035:Ret KERNEL32.GetProcAddress() retval=f7d9b870 ret=f7d9bb2d 0035:Ret fltmgr.sys.FltGetRoutineAddress() retval=f7d9b870 ret=007aef7e 0035:Call fltmgr.sys.FltGetRoutineAddress(0065fbf8 "FltGetFileNameInformation") ret=0085120e 0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a 0035:Ret KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a 0035:Call KERNEL32.GetProcAddress(f7d90000,0065fbf8 "FltGetFileNameInformation") ret=f7d9bb2d 0035:Ret KERNEL32.GetProcAddress() retval=f7d9a908 ret=f7d9bb2d 0035:Ret fltmgr.sys.FltGetRoutineAddress() retval=f7d9a908 ret=0085120e 0035:Call fltmgr.sys.FltGetRoutineAddress(0065fbd8 "FltReleaseFileNameInformation") ret=007de5b4 0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a 0035:Ret KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a 0035:Call KERNEL32.GetProcAddress(f7d90000,0065fbd8 "FltReleaseFileNameInformation") ret=f7d9bb2d 0035:Ret KERNEL32.GetProcAddress() retval=f7d9b384 ret=f7d9bb2d 0035:Ret fltmgr.sys.FltGetRoutineAddress() retval=f7d9b384 ret=007de5b4 0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc80 "FltReadFile") ret=008216b4 0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a 0035:Ret KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a 0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc80 "FltReadFile") ret=f7d9bb2d 0035:Ret KERNEL32.GetProcAddress() retval=f7d9b27c ret=f7d9bb2d 0035:Ret fltmgr.sys.FltGetRoutineAddress() retval=f7d9b27c ret=008216b4 0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc14 "FltQueryInformationFile") ret=00832168 0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a 0035:Ret KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a 0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc14 "FltQueryInformationFile") ret=f7d9bb2d 0035:Ret KERNEL32.GetProcAddress() retval=f7d9b174 ret=f7d9bb2d 0035:Ret fltmgr.sys.FltGetRoutineAddress() retval=f7d9b174 ret=00832168 0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc2c "FltGetRequestorProcess") ret=007b4344 0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a 0035:Ret KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a 0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc2c "FltGetRequestorProcess") ret=f7d9bb2d 0035:Ret KERNEL32.GetProcAddress() retval=f7d9aa94 ret=f7d9bb2d 0035:Ret fltmgr.sys.FltGetRoutineAddress() retval=f7d9aa94 ret=007b4344 ... 0035:Call fltmgr.sys.FltRegisterFilter(0011cbf8,0065ebd4,0078b4d0) ret=007aa9dd 0035:fixme:fltmgr:FltRegisterFilter (0x11cbf8,0x65ebd4,0x78b4d0): stub 0035:Ret fltmgr.sys.FltRegisterFilter() retval=00000000 ret=007aa9dd 0035:Call fltmgr.sys.FltStartFiltering(deadbeaf) ret=0086d70f 0035:fixme:fltmgr:FltStartFiltering (0xdeadbeaf): stub 0035:Ret fltmgr.sys.FltStartFiltering() retval=00000000 ret=0086d70f ... 0035:Call fltmgr.sys.FltUnregisterFilter(deadbeaf) ret=007fd488 0035:fixme:fltmgr:FltUnregisterFilter (0xdeadbeaf): stub 0035:Ret fltmgr.sys.FltUnregisterFilter() retval=00000039 ret=007fd488 --- snip ---
Regards
https://bugs.winehq.org/show_bug.cgi?id=44907
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |a7b33a6a428c9920d8130819373 | |b1554bbd206c4 Status|STAGED |RESOLVED Resolution|--- |FIXED
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/a7b33a6a428c9920d813081937...
Thanks Alistair
$ wine --version wine-3.5-193-ga7b33a6a42
Regards
https://bugs.winehq.org/show_bug.cgi?id=44907
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.6.
https://bugs.winehq.org/show_bug.cgi?id=44907
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://static.tibia.com/dow |https://web.archive.org/web |nload/Tibia_Setup.exe |/20210117182120/https://sta | |tic.tibia.com/download/Tibi | |a_Setup.exe
-
wine-bugs@winehq.org -
WineHQ Bugzilla