http://bugs.winehq.org/show_bug.cgi?id=19296
Summary: "Uru: Ages beyond myst" fails to install Product: Wine Version: unspecified Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: NJT@fishlegs.co.uk
Created an attachment (id=22344) --> (http://bugs.winehq.org/attachment.cgi?id=22344) Debug output from Uru setup.exe
Launch window looks fine, but choosing the install option results in unhandled page fault (see attachment).
This bug (or similar) may have previously been closed when I was unable to supply test information after my original Uru CD became a coaster. I have recently acquired a non-coaster version.
http://bugs.winehq.org/show_bug.cgi?id=19296
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Installer
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #1 from Vitaliy Margolen vitaliy@kievinfo.com 2009-07-12 16:54:11 --- Wine version?
http://bugs.winehq.org/show_bug.cgi?id=19296
Ken Sharp kennybobs@o2.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|unspecified |0.9.23.
--- Comment #2 from Ken Sharp kennybobs@o2.co.uk 2009-07-17 11:30:26 --- According to the AppDB, this had been a problem since 0.9.23
neil@linux-gfdx:~> wine /media/URU/Setup.exe
What is "/media/URU"?
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #3 from Neil Thomson NJT@fishlegs.co.uk 2009-07-17 15:45:51 --- /media/URU is the location where SuSE automatically mounts the Uru installation CD.
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #4 from Ken Sharp kennybobs@o2.co.uk 2009-07-17 17:09:11 --- Can you attach a +relay,+seh,+tid trace? http://wiki.winehq.org/FAQ#head-16da35b6327024d6ea576e3678488b16862d0f5e
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #5 from Neil Thomson NJT@fishlegs.co.uk 2009-07-18 11:23:12 --- Created an attachment (id=22436) --> (http://bugs.winehq.org/attachment.cgi?id=22436) winedebug trace (relay,seh,tid) for Uru setup.exe
Here is an attachment (Uru_out.txt.bz2) of the trace performed under wine 1.1.26 using the command:
WINEDEBUG=+relay,+seh,+tid wine /media/URU/Setup.exe &> ~/wine/Uru_out.txt
where /media/URU is the mount point of the installation CD.
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #6 from Rosanne DiMesio dimesio@earthlink.net 2010-06-08 10:35:02 --- Is this still an issue in current (1.2-rc2 or newer) Wine?
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #7 from Holly Bostick aka.motub@gmail.com 2011-12-08 07:48:05 CST --- Created attachment 37857 --> http://bugs.winehq.org/attachment.cgi?id=37857 Debug output (+relay +seh +tid) for Uru: Ages Beyond Myst Setup.exe
Yes, this remains a problem in Wine 1.3.34. Attached is the debug log.
Strangely, the install seems to fail differently when run under debug than when run without.
If Setup.exe is run without debug flags, the installer (InstallAnywhere) does extract before failing with an unhandled exception error popup:
Unhandled exception: c0000005 At address: 502629f4
Closing this error gives the standard Windows "Install.exe has encountered serious problems" error box. Once that is dispelled, the Launcher (from which I initiated the install) will not close when I click "Quit", instead the Unhandled Exception box reappears. The Launcher has to be killed from the console.
When Setup is run with the debug flags on, the installer does not even extract; instead I get a popup in "SHRINKER.ERR" (whatever that may be, but that's what the titlebar of the error dialog says) which says:
SHRINKER.ERR F:\Installer\Install.exe (3.5) 12/08/11 13:46:20 -Dispatcher initalisation error 13
However, after dispelling this messagebox, the Launcher can be exited normally by clicking "Quit" and saying "Yes" to the subsequent "Do you really want to quit?" sub-dialog.
But naturally in neither case does the install actually start.
Wine 1.3.34 Linux Mint Debian 32-bit kernel 3.1.0-1-686-pae nVidia 7900GS proprietary driver version 285.05.09
http://bugs.winehq.org/show_bug.cgi?id=19296
Holly Bostick aka.motub@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |aka.motub@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=19296
Frédéric Delanoy frederic.delanoy@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |frederic.delanoy@gmail.com Ever Confirmed|0 |1
--- Comment #8 from Frédéric Delanoy frederic.delanoy@gmail.com 2013-05-19 13:06:32 CDT --- Could not reproduce the issue using the demo version from http://download.cnet.com/Uru-Ages-Beyond-Myst-demo/3000-2097_4-10245688.html
Could you please try with the retail version and a recent wine (1.5.30 or later)?
http://bugs.winehq.org/show_bug.cgi?id=19296
Frédéric Delanoy frederic.delanoy@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Abandoned?
--- Comment #9 from Frédéric Delanoy frederic.delanoy@gmail.com 2013-09-09 02:41:04 CDT --- Can you please retry with latest wine (1.7.1 or later) and report?
Otherwise this bug will be abandoned soon.
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #10 from mr jingle Salz85@gmail.com 2013-10-19 18:48:34 CDT --- Created attachment 46361 --> http://bugs.winehq.org/attachment.cgi?id=46361 Installer.exe Register Dump Log.
http://bugs.winehq.org/show_bug.cgi?id=19296
mr jingle Salz85@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |Salz85@gmail.com
--- Comment #11 from mr jingle Salz85@gmail.com 2013-10-19 18:49:15 CDT --- Just tried under 1.7.4, still the same behaviour. See the attachment http://bugs.winehq.org/attachment.cgi?id=46361 .
http://bugs.winehq.org/show_bug.cgi?id=19296
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|Abandoned? |obfuscation CC| |focht@gmx.net Component|-unknown |ntdll Summary|"Uru: Ages beyond myst" |"Uru: Ages beyond myst" |fails to install |fails to install (check for | |ATL thunk triggers | |unexpected guard page fault | |in Shinker 3.5 protected | |installer executable)
--- Comment #12 from Anastasius Focht focht@gmx.net 2013-10-23 17:49:31 CDT --- Hello folks,
I had the right feeling about this one ... bought the game for a few bugs and it was delivered today :)
The installer is protected by Shinker 3.5 (+relay triggers error dialog -> version hint).
It's basically the same issue as bug 34479 "Advantage Cooking: crashes on start (check for ATL thunk triggers unexpected guard page fault)".
Shrinker also employs a scheme with guard pages on PE sections. Wine triggers a guard page fault with its ATL thunk check which the protection mishandles.
First, well known hooking of LdrAccessResource and call_exception_handler:
--- snip --- 0009:trace:module:LdrGetDllHandle L"USER32" -> 0x7eb50000 (load path L"E:\Installer;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem") 0009:trace:module:LdrGetDllHandle L"NTDLL" -> 0x7bc10000 (load path L"E:\Installer;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem") 0009: write_process_memory( handle=ffffffff, addr=7bc6fdb1, data={e8,d2,05,6c,84} ) 0009: *signal* signal=19 0009: write_process_memory() = 0 0009: write_process_memory( handle=ffffffff, addr=7bc857a4, data={e9,eb,a8,6a,84,64,8b,25} ) 0009: *signal* signal=19 0009: write_process_memory() = 0 --- snip ---
Setting up guard pages:
--- snip --- 0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x401000 00040000 00000001 0009:trace:virtual:VIRTUAL_SetProt 0x401000-0x440fff c---- 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous) 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x440fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x441000 - 0x442fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x443000 - 0x446fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x447000 - 0x447fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x448000 - 0x44afff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x44b000 - 0x44dfff c-r-- ... --- snip ---
Wine ATL thunk check triggers unexpected guard page fault, prematurely resetting protection:
--- snip --- ... 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc83556 ip=7bc83556 tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=00419b5d 0009:trace:seh:raise_exception eax=00419b5d ebx=7bccf000 ecx=f2e3aa60 edx=0032f968 esi=0032fa9c edi=00000000 0009:trace:seh:raise_exception ebp=0032fa38 esp=0032f940 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0009:trace:seh:call_vectored_handlers calling handler at 0x7ece90b7 code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7ece90b7 returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x7bc9d8db code=c0000005 flags=0 0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x419000 00008000 00000004 0009:trace:virtual:VIRTUAL_SetProt 0x419000-0x420fff c-rW- 0009:trace:virtual:VIRTUAL_SetProt forcing exec permission on 0x419000-0x420fff 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous) 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x418fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x419000 - 0x420fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x421000 - 0x422fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x423000 - 0x423fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x424000 - 0x424fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x425000 - 0x440fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x441000 - 0x442fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x443000 - 0x446fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x447000 - 0x447fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x448000 - 0x44afff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x44b000 - 0x44dfff c-r-- ... 0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x419000 00008000 00000020 0009:trace:virtual:VIRTUAL_SetProt 0x419000-0x420fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous) 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x418fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x419000 - 0x420fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x421000 - 0x422fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x423000 - 0x423fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x424000 - 0x424fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x425000 - 0x440fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x441000 - 0x442fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x443000 - 0x446fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x447000 - 0x447fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x448000 - 0x44afff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x44b000 - 0x44dfff c-r-- 0009:trace:seh:call_stack_handlers handler at 0x7bc9d8db returned 0 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x419b5d ip=00419b5d tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=00419b5d 0009:trace:seh:raise_exception eax=00419b5d ebx=7b8ba000 ecx=0002c000 edx=0013c798 esi=00000001 edi=00000000 0009:trace:seh:raise_exception ebp=0032fe04 esp=0032fdc8 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0009:trace:seh:call_vectored_handlers calling handler at 0x7ece90b7 code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7ece90b7 returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x449b4c code=c0000005 flags=0 0009:trace:seh:call_stack_handlers handler at 0x449b4c returned 1 0009:trace:seh:call_stack_handlers calling handler at 0x7bc9d86b code=c0000005 flags=0 ... 0009:trace:seh:start_debugger Starting debugger "winedbg --auto 8 72" --- snip ---
Unfortunately the ATL thunk check is needed later for GUI/window creation.
$ wine --version wine-1.7.4-399-g83775f0
Regards
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #13 from Anastasius Focht focht@gmx.net --- *** Bug 27138 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=19296
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://www.gamefront.com/fi | |les/14799945 Summary|"Uru: Ages beyond myst" |Multiple apps wrapped with |fails to install (check for |Shrinker 3.5 fail with |ATL thunk triggers |unexpected guard page fault |unexpected guard page fault |caused by Wine's ATL thunk |in Shinker 3.5 protected |check (Uru: Ages beyond |installer executable) |Myst, Football Manager 2010 | |Demo)
--- Comment #14 from Anastasius Focht focht@gmx.net --- Hello folks,
adding download from bug 27138 'Football Manager 2010 Demo' here.
It might useful to keep this bug for collecting Shrinker 3.5 protected apps/games and bug 34479 for collecting Armadillo protected apps/games although the underlying issue is the same.
Those protection schemes are quite different. In the end they might still react differently on a proposed solution.
Regards
http://bugs.winehq.org/show_bug.cgi?id=19296
GyB gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gyebro69@gmail.com
--- Comment #15 from GyB gyebro69@gmail.com --- There's a patch in bug #23604 that fixes the crash in Football Manager 2010 Demo when aborting the installation. http://www.winehq.org/pipermail/wine-patches/2010-June/089669.html
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #16 from Anastasius Focht focht@gmx.net --- Hello GyB,
--- quote --- There's a patch in bug #23604 that fixes the crash in Football Manager 2010 Demo when aborting the installation.
http://www.winehq.org/pipermail/wine-patches/2010-June/089669.html --- quote ---
yes, it's the same issue.
We're already collecting Shrinker 3.x wrapped apps/games here so let's merge that bug as dupe here.
The aforementioned patch didn't make it in, Alexandre commented on it:
http://osdir.com/ml/wine-devel/2010-06/msg00315.html
--- quote --- It would be better to document it as a test then (not necessarily the TEB flag, we probably don't need to go that far, but at least the basic case that was causing Shrinker to fail). --- quote ---
This was 3.5 years ago. Sadly, I found no further attempt after that date.
Regards
http://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #17 from Anastasius Focht focht@gmx.net --- *** Bug 23604 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=19296
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |branzeanu.aurel@gmail.com
--- Comment #18 from Anastasius Focht focht@gmx.net --- *** Bug 32135 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=19296
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #19 from Sebastian Lackner sebastian@fds-team.de --- The patch from bug 34479 could probably also help here. Can someone confirm this?
https://github.com/wine-compholio/wine-staging/tree/master/patches/ntdll-ATL...
https://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #20 from Anastasius Focht focht@gmx.net --- Hello folks,
the recent ATL thunk patch series made the thing more compliant :) There is still a missing piece though, that is not executing ATL thunk check on a guard page.
Another thing I noticed...
Wine's process execution flags are reversed for 'enabled' and 'disabled' options.
From my comment here: https://bugs.winehq.org/show_bug.cgi?id=24125#c7
https://src.chromium.org/svn/trunk/src/sandbox/win/src/process_mitigations_t...
Chromium source snippet, part of test suite:
--- snip --- const int MEM_EXECUTE_OPTION_ENABLE = 1; const int MEM_EXECUTE_OPTION_DISABLE = 2; const int MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4; const int MEM_EXECUTE_OPTION_PERMANENT = 8; dep_flags &= 0xff; --- snip ---
vs.
Source: http://source.winehq.org/git/wine.git/blob/9a806d0f1c10289241500519beda73f1a...
--- snip --- 729 #define MEM_EXECUTE_OPTION_DISABLE 0x01 730 #define MEM_EXECUTE_OPTION_ENABLE 0x02 731 #define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x04 732 #define MEM_EXECUTE_OPTION_PERMANENT 0x08 --- snip ---
Applications that use the native API way to achieve '[Get|Set]ProcessDEPPolicy' on pre-Vista Windows OS where this entry point is not available will have the reverse effect.
Thanks for the work so far, Sebastian.
Regards
https://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #21 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Anastasius Focht from comment #20)
Hello folks,
the recent ATL thunk patch series made the thing more compliant :) There is still a missing piece though, that is not executing ATL thunk check on a guard page.
Thats not right, the tests definitely show that the ATL thunk check is also performed on guard pages (because the guard page flag is removed before thunk check happens). Nevertheless, there are still a couple of patches missing, so there is a chance that the remaining issues might be solved afterwards.
Another thing I noticed...
Wine's process execution flags are reversed for 'enabled' and 'disabled' options.
From my comment here: https://bugs.winehq.org/show_bug.cgi?id=24125#c7
https://src.chromium.org/svn/trunk/src/sandbox/win/src/ process_mitigations_test.cc
Chromium source snippet, part of test suite:
--- snip --- const int MEM_EXECUTE_OPTION_ENABLE = 1; const int MEM_EXECUTE_OPTION_DISABLE = 2; const int MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4; const int MEM_EXECUTE_OPTION_PERMANENT = 8; dep_flags &= 0xff; --- snip ---
vs.
Source: http://source.winehq.org/git/wine.git/blob/ 9a806d0f1c10289241500519beda73f1ac556586:/include/winternl.h#l729
--- snip --- 729 #define MEM_EXECUTE_OPTION_DISABLE 0x01 730 #define MEM_EXECUTE_OPTION_ENABLE 0x02 731 #define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x04 732 #define MEM_EXECUTE_OPTION_PERMANENT 0x08 --- snip ---
I noticed that, but Wine is right in this case. I've looked up several pages, and the meaning of MEM_EXECUTE_OPTION_ENABLE is that executing pages is always enabled, which means DEP is disabled. Chrome uses the flags with inversed order, but it shouldn't matter - it is swapped everywhere. This especially means that their way to set the DEP policy is wrong, and only works because of the swapped constants.
Applications that use the native API way to achieve '[Get|Set]ProcessDEPPolicy' on pre-Vista Windows OS where this entry point is not available will have the reverse effect.
Those functions are the next on my plan, already started working on them. ;)
Thanks for the work so far, Sebastian.
Regards
https://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #22 from Anastasius Focht focht@gmx.net --- Hello Sebastian,
--- quote --- I noticed that, but Wine is right in this case. I've looked up several pages, and the meaning of MEM_EXECUTE_OPTION_ENABLE is that executing pages is always enabled, which means DEP is disabled. Chrome uses the flags with inversed order, but it shouldn't matter - it is swapped everywhere. This especially means that their way to set the DEP policy is wrong, and only works because of the swapped constants. --- quote ---
Apparently I missed out the paper/presentation of some guys calling themselves "skape" and "Skywing" who were one the first to bypass DEP on Windows (2005) :)
Regards
https://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #23 from Sebastian Lackner sebastian@fds-team.de --- Another set of patches related to ATL thunk emulation got upstream, and I think this (and also bug 34479) should be fixed with:
http://source.winehq.org/git/wine.git/commit/34b2d920b47122007b65d435e064d01...
https://bugs.winehq.org/show_bug.cgi?id=19296
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |34b2d920b47122007b65d435e06 | |4d018fb37b21f Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #24 from Anastasius Focht focht@gmx.net --- Hello folks,
indeed, this works now.
Thanks Sebastian
--- snip --- $ WINEDEBUG=+tid,+seh,+loaddll,+virtual,+module wine ./remove.exe >>log.txt 2>&1 ... 0009:trace:module:load_native_dll Trying native dll L"Z:\home\focht\Downloads\remove.exe" 0009:trace:virtual:NtMapViewOfSection handle=0x1c process=0xffffffff addr=(nil) off=000000000 size=0 access=20 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x436fff (anonymous) 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x436fff c-rWx 0009:trace:module:map_image mapped PE file at 0x400000-0x437000 0009:trace:module:map_image mapping section .shrink0 at 0x401000 off 0 size 0 virt 2b000 flags c0000082 0009:trace:module:map_image mapping section .shrink1 at 0x42c000 off 6000 size 200 virt 1000 flags 40000042 0009:trace:module:map_image clearing 0x42c200 - 0x42d000 0009:trace:module:map_image mapping section .rdata at 0x42d000 off 1a800 size 200 virt 1a8 flags 40000040 0009:trace:module:map_image clearing 0x42d200 - 0x42e000 0009:trace:module:map_image mapping section .data at 0x42e000 off 600 size 1600 virt 26ec flags c0000040 0009:trace:module:map_image clearing 0x42f600 - 0x430000 0009:trace:module:map_image mapping section .idata at 0x431000 off 1c00 size a00 virt 896 flags c0000040 0009:trace:module:map_image clearing 0x431a00 - 0x432000 0009:trace:module:map_image mapping section .load at 0x432000 off 2600 size 3200 virt 31ee flags 68040020 0009:trace:module:map_image clearing 0x435200 - 0x436000 0009:trace:module:map_image mapping section .reloc at 0x436000 off 5800 size 800 virt 6f6 flags 42000040 0009:trace:module:map_image clearing 0x436800 - 0x437000 0009:trace:virtual:VIRTUAL_SetProt 0x400000-0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x436fff (anonymous) 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x42bfff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x42c000 - 0x42ffff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x430000 - 0x430fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x431000 - 0x436fff c-rW- 0009:trace:virtual:VIRTUAL_SetProt 0x401000-0x42bfff c-rW- ... 0009:warn:module:alloc_module disabling no-exec because of L"remove.exe" 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x110000-0x11ffff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x220000-0x220fff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x230000-0x232fff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x400000-0x400fff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x401000-0x42bfff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x42c000-0x42dfff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x42e000-0x431fff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x436000-0x436fff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x7b810000-0x7b810fff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x7b8be000-0x7ba63fff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x7bc10000-0x7bc10fff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x7bcd1000-0x7bcedfff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x7ffd8000-0x7ffdbfff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x7ffdf000-0x7ffdffff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0x7ffe0000-0x7ffeffff 0009:trace:virtual:VIRTUAL_SetForceExec enabling exec prot for 0xffbf0000-0xfffeffff 0009:trace:loaddll:load_native_dll Loaded L"Z:\home\focht\Downloads\remove.exe" at 0x400000: native ... 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4320e3 ip=004320e3 tid=0009 0009:trace:seh:raise_exception info[0]=00000001 0009:trace:seh:raise_exception info[1]=0043207e 0009:trace:seh:raise_exception eax=0043207e ebx=7b8be000 ecx=7b8be000 edx=0013f464 esi=00400000 edi=00000000 0009:trace:seh:raise_exception ebp=0033fdb0 esp=0033fd88 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010216 0009:trace:seh:call_vectored_handlers calling handler at 0x7ed5f07b code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7ed5f07b returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x434b4c code=c0000005 flags=0 0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x43207e 00000001 00000040 0009:trace:virtual:VIRTUAL_SetProt 0x432000-0x432fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x436fff 0x20 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x42bfff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x42c000 - 0x42dfff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x42e000 - 0x431fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x432000 - 0x432fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x433000 - 0x435fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x436000 - 0x436fff c-r-- 0009:trace:seh:call_stack_handlers handler at 0x434b4c returned 0 0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x401000 0002b000 00000001 0009:trace:virtual:VIRTUAL_SetProt 0x401000-0x42bfff c---- 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x436fff 0x20 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x42bfff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x42c000 - 0x42dfff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x42e000 - 0x431fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x432000 - 0x432fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x433000 - 0x435fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x436000 - 0x436fff c-r-- ... 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x402ec6 ip=00402ec6 tid=0009 0009:trace:seh:raise_exception info[0]=00000001 0009:trace:seh:raise_exception info[1]=00429aac 0009:trace:seh:raise_exception eax=00000001 ebx=7b8be000 ecx=00000002 edx=0033fcd6 esi=0033fcb4 edi=00000094 0009:trace:seh:raise_exception ebp=0033fdc4 esp=0033fcb4 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010293 0009:trace:seh:call_vectored_handlers calling handler at 0x7ed5f07b code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7ed5f07b returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x407aa8 code=c0000005 flags=0 0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x428000 00003494 00000004 0009:trace:virtual:VIRTUAL_SetProt 0x428000-0x42bfff c-rW- 0009:trace:virtual:mprotect_exec forcing exec permission on 0x428000-0x42bfff 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x436fff 0x20 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x408fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x409000 - 0x421fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x422000 - 0x426fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x427000 - 0x427fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x428000 - 0x42bfff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x42c000 - 0x42dfff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x42e000 - 0x431fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x432000 - 0x432fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x433000 - 0x435fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x436000 - 0x436fff c-r-- 0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x428000 00003494 00000004 0009:trace:virtual:VIRTUAL_SetProt 0x428000-0x42bfff c-rW- 0009:trace:virtual:mprotect_exec forcing exec permission on 0x428000-0x42bfff 0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x436fff 0x20 0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x408fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x409000 - 0x421fff c---- 0009:trace:virtual:VIRTUAL_DumpView 0x422000 - 0x426fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x427000 - 0x427fff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x428000 - 0x42bfff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x42c000 - 0x42dfff c-r-- 0009:trace:virtual:VIRTUAL_DumpView 0x42e000 - 0x431fff c-rW- 0009:trace:virtual:VIRTUAL_DumpView 0x432000 - 0x432fff c-rWx 0009:trace:virtual:VIRTUAL_DumpView 0x433000 - 0x435fff c-r-x 0009:trace:virtual:VIRTUAL_DumpView 0x436000 - 0x436fff c-r-- 0009:trace:seh:call_stack_handlers handler at 0x407aa8 returned 0 ... --- snip ---
The faults happening after guard page setup are intended, faults caused by Wine's ATL thunk checks are no longer seen.
Regards
https://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #25 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Anastasius Focht from comment #24)
Hello folks,
indeed, this works now.
Thanks Sebastian
No problem, glad that it works now. :)
By the way, some papers and documentations about ATL thunking also mention, that there are a couple of other instructions which are emulated on Windows. Are you aware of any application which need this?
Regards, Sebastian
https://bugs.winehq.org/show_bug.cgi?id=19296
--- Comment #26 from Anastasius Focht focht@gmx.net --- Hello Sebastian,
--- quote --- By the way, some papers and documentations about ATL thunking also mention, that there are a couple of other instructions which are emulated on Windows. Are you aware of any application which need this? --- quote ---
you are probably talking about this interesting and exhaustive paper (which also supports your clarification in comment #21 about the flags):
http://www.phreedom.org/research/bypassing-browser-memory-protections/bypass...
Page 12 shows a list of emulated instruction sequences.
Not that I'm aware of. Time will tell. There will always be that one guy, who reports a bug with some crappy/broken application :-)
Regards
https://bugs.winehq.org/show_bug.cgi?id=19296
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #27 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.29.
https://bugs.winehq.org/show_bug.cgi?id=19296
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |chochoy.nicolas@free.fr
--- Comment #28 from Anastasius Focht focht@gmx.net --- *** Bug 38620 has been marked as a duplicate of this bug. ***
-
wine-bugs@winehq.org