https://bugs.winehq.org/show_bug.cgi?id=49089
Bug ID: 49089 Summary: nProtect Anti-Virus/Spyware 4.0 'tkpl2k64.sys' crashes on unimplemented function 'fltmgr.sys.FltBuildDefaultSecurityDescriptor' Product: Wine Version: 5.7 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
encountered while revisiting bug 47170
Download:
https://web.archive.org/web/20160510225518/http://avsd.nprotect.net/avs40/se...
--- snip --- $ WINEDEBUG=+seh,+loaddll,+process wine ./nProtectSetup_AVS40.exe ... 0244:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\FLTMGR.SYS" at 0xe50000: PE builtin 0244:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\tkpl2k64.sys" at 0xe10000: native 0244:trace:seh:raise_exception code=c0000005 flags=0 addr=0xe38108 ip=e38108 tid=0244 0244:trace:seh:raise_exception info[0]=0000000000000000 0244:trace:seh:raise_exception info[1]=fffff78000000320 0244:trace:seh:raise_exception rax=fffff78000000320 rbx=0000000000e380dc rcx=00000000007d5050 rdx=00000000007d51b8 0244:trace:seh:raise_exception rsi=0000000000cef94c rdi=00000000007d3ea8 rbp=00000000000fbff8 rsp=0000000000cef8f8 0244:trace:seh:raise_exception r8=0000000000e26100 r9=00002b992ddfa232 r10=000000000023584c r11=00000000000fc0c0 0244:trace:seh:raise_exception r12=00000000007d5050 r13=00007fffffea4000 r14=00000000007d51b8 r15=0000000000000000 0244:trace:seh:call_vectored_handlers calling handler at 0x22cde0 code=c0000005 flags=0 0244:trace:seh:call_vectored_handlers handler at 0x22cde0 returned ffffffff 0244:trace:seh:raise_exception code=c0000096 flags=0 addr=0xe12eb0 ip=e12eb0 tid=0244 0244:trace:seh:raise_exception rax=fffffffffe537b79 rbx=0000000000e380dc rcx=00000000007d5050 rdx=00000000007d51b8 0244:trace:seh:raise_exception rsi=0000000000cef94c rdi=00000000007d3ea8 rbp=00000000000fbff8 rsp=0000000000cef838 0244:trace:seh:raise_exception r8=0000ffffffffffff r9=00002b992ddfa232 r10=000000000023584c r11=00000000000fc0c0 0244:trace:seh:raise_exception r12=00000000007d5050 r13=00007fffffea4000 r14=00000000007d51b8 r15=0000000000000000 0244:trace:seh:call_vectored_handlers calling handler at 0x22cde0 code=c0000096 flags=0 0244:trace:seh:call_vectored_handlers handler at 0x22cde0 returned ffffffff 0244:trace:seh:raise_exception code=c0000096 flags=0 addr=0xe12eb0 ip=e12eb0 tid=0244 0244:trace:seh:raise_exception rax=0000000000950330 rbx=0000000000e380dc rcx=0000000000000000 rdx=0000000000e222a0 0244:trace:seh:raise_exception rsi=0000000000cef94c rdi=00000000007d3ea8 rbp=00000000000fbff8 rsp=0000000000cef7d8 0244:trace:seh:raise_exception r8=00000000009503a2 r9=0000000000000016 r10=0000000000000000 r11=00000000009503d0 0244:trace:seh:raise_exception r12=00000000007d5050 r13=00007fffffea4000 r14=00000000007d51b8 r15=0000000000000000 0244:trace:seh:call_vectored_handlers calling handler at 0x22cde0 code=c0000096 flags=0 0244:trace:seh:call_vectored_handlers handler at 0x22cde0 returned ffffffff 0244:fixme:ntdll:NtQuerySystemInformation info_class SystemModuleInformation stub! 0244:fixme:ntoskrnl:PsSetCreateProcessNotifyRoutine stub: 0000000000E19C30 0 0244:fixme:fltmgr:FltRegisterFilter (00000000007D5050,0000000000E24D30,0000000000E26228): stub 0244:fixme:fltmgr:FltStartFiltering (00000000DEADBEAF): stub 0244:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b00f665 ip=7b00f665 tid=0244 0244:trace:seh:raise_exception info[0]=0000000000e59000 0244:trace:seh:raise_exception info[1]=0000000000e59119 wine: Call from 0x7b00f665 to unimplemented function fltmgr.sys.FltBuildDefaultSecurityDescriptor, aborting --- snip ---
Microsoft docs:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/fltkernel/nf-f...
--- snip --- $ winedump -j import ~/.wine/drive_c/windows/system32/tkpl2k64.sys Contents of /home/focht/.wine/drive_c/windows/system32/tkpl2k64.sys: 98056 bytes
Import Table size: 0000003c offset 00014738 ntoskrnl.exe Hint/Name Table: 000281E8 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 00014070 Thunk Ordn Name 00014070 332 IoCreateDevice 00014078 1490 towlower 00014080 870 ProbeForRead 00014088 1452 _wcsnicmp 00014090 633 KeSetEvent 00014098 1322 ZwCreateFile 000140a0 1504 wcsrchr 000140a8 722 MmMapLockedPagesSpecifyCache 000140b0 143 ExSystemTimeToLocalTime 000140b8 964 PsTerminateSystemThread 000140c0 661 KeWaitForSingleObject 000140c8 1006 RtlCopyUnicodeString 000140d0 1360 ZwOpenProcess 000140d8 710 MmIsAddressValid 000140e0 850 ObfDereferenceObject 000140e8 1502 wcsncmp 000140f0 1428 ZwWriteFile 000140f8 49 DbgPrint 00014100 1450 _wcsicmp 00014108 558 KeInitializeEvent 00014110 613 KeReleaseSpinLock 00014118 524 KeAcquireSpinLockRaiseToDpc 00014120 531 KeBugCheckEx 00014128 885 PsGetCurrentProcessId 00014130 890 PsGetCurrentThreadId 00014138 341 IoCreateSymbolicLink 00014140 965 PsThreadType 00014148 842 ObReferenceObjectByHandle 00014150 1317 ZwClose 00014158 84 ExEventObjectType 00014160 878 PsCreateSystemThread 00014168 952 PsSetCreateProcessNotifyRoutine 00014170 402 IoIs32bitProcess 00014178 351 IoDeleteDevice 00014180 1086 RtlInitUnicodeString 00014188 1192 RtlTimeToTimeFields 00014190 353 IoDeleteSymbolicLink 00014198 1208 RtlUnicodeToMultiByteN 000141a0 974 RtlAnsiCharToUnicodeChar 000141a8 751 MmUnmapLockedPages 000141b0 1441 _stricmp 000141b8 1443 _strnicmp 000141c0 70 ExAllocatePoolWithTag 000141c8 88 ExFreePoolWithTag 000141d0 976 RtlAnsiStringToUnicodeString 000141d8 95 ExInitializeNPagedLookasideList 000141e0 937 PsLookupProcessByProcessId 000141e8 1390 ZwQuerySymbolicLinkObject 000141f0 160 ExpInterlockedPushEntrySList 000141f8 706 MmGetSystemRoutineAddress 00014200 1082 RtlInitAnsiString 00014208 1202 RtlUnicodeStringToAnsiString 00014210 1391 ZwQuerySystemInformation 00014218 159 ExpInterlockedPopEntrySList 00014220 690 MmBuildMdlForNonPagedPool 00014228 1364 ZwOpenSymbolicLinkObject 00014230 370 IoFreeMdl 00014238 655 KeUnstackDetachProcess 00014240 1061 RtlFreeUnicodeString 00014248 840 ObQueryNameString 00014250 1483 strncpy 00014258 1392 ZwQueryValueKey 00014260 377 IoGetCurrentProcess 00014268 502 IofCompleteRequest 00014270 114 ExQueryDepthSList 00014278 1057 RtlFreeAnsiString 00014280 928 PsGetVersion 00014288 647 KeStackAttachProcess 00014290 74 ExDeleteNPagedLookasideList 00014298 307 IoAllocateMdl 000142a0 1359 ZwOpenKey 000142a8 1430 __C_specific_handler
offset 0001474c FLTMGR.SYS Hint/Name Table: 00028178 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 00014000 Thunk Ordn Name 00014000 55 FltEnumerateVolumes 00014008 109 FltObjectDereference 00014010 152 FltStartFiltering 00014018 130 FltRegisterFilter 00014020 12 FltBuildDefaultSecurityDescriptor 00014028 29 FltCloseCommunicationPort 00014030 160 FltUnregisterFilter 00014038 121 FltQueryInformationFile 00014040 62 FltFreeSecurityDescriptor 00014048 33 FltCreateCommunicationPort 00014050 28 FltCloseClientPort 00014058 13 FltCancelFileOpen 00014060 95 FltGetVolumeName
Done dumping /home/focht/.wine/drive_c/windows/system32/tkpl2k64.sys --- snip ---
$ sha1sum nProtectSetup_AVS40.exe 913b33ab5c9477539d4d65b9f89e67be1a6b6c13 nProtectSetup_AVS40.exe
$ du -sh nProtectSetup_AVS40.exe 36M nProtectSetup_AVS40.exe
$ wine --version wine-5.7-177-gad1fad8a94
Regards
https://bugs.winehq.org/show_bug.cgi?id=49089
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |https://web.archive.org/web | |/20160510225518/http://avsd | |.nprotect.net/avs40/setup/n | |ProtectSetup_AVS40.exe
https://bugs.winehq.org/show_bug.cgi?id=49089
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|ntoskrnl |fltmgr
https://bugs.winehq.org/show_bug.cgi?id=49089
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Staged patchset| |https://github.com/wine-sta | |ging/wine-staging/tree/mast | |er/patches/fltmgr.sys-FltBu | |ildDefaultSecurityDescripto | |r Status|NEW |STAGED CC| |leslie_alistair@hotmail.com
https://bugs.winehq.org/show_bug.cgi?id=49089
Vijay Kamuju infyquest@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |ac49899e32fa0487f285a1b9d53 | |2c0b7e871e310 Status|STAGED |RESOLVED CC| |infyquest@gmail.com Resolution|--- |FIXED
--- Comment #1 from Vijay Kamuju infyquest@gmail.com --- The fix is now merged into main branch. https://source.winehq.org/git/wine.git/commit/ac49899e32fa0487f285a1b9d532c0...
https://bugs.winehq.org/show_bug.cgi?id=49089
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 9.6.
https://bugs.winehq.org/show_bug.cgi?id=49089
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |9.0.x