http://bugs.winehq.org/show_bug.cgi?id=23451
Summary: VMWare Thinapps (packaged with version >4.5) don't run Product: Wine Version: 1.2-rc5 Platform: x86 URL: http://rapidshare.com/files/393576825/notepad__.exe.ht ml OS/Version: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: xerox_xerox2000@yahoo.co.uk
This is a follow up of bug #22429
Uli created a VMWare thinapped version of notepad++ here: http://rapidshare.com/files/393576825/notepad__.exe.html.
He used Thinapp trial version 4.5. Apps created with thinapp versions below 4.5 seem to work fine now in current git, but this one doesn't:
It aborts with :
fixme:advapi:LookupAccountNameW (null) L"louis" 0x32c46c 0x32c264 0x32c86c 0x32c25c 0x32c268 - stub fixme:ntdll:NtQueryInformationProcess (process=0xffffffff) Unimplemented information class: ProcessDefaultHardErrorMode fixme:ntdll:NtRaiseHardError : stub. Errorstatus was 40000015
(Juan added some patches for the Unimplemented information class: ProcessDefaultHardErrorMode here: http://bugs.winehq.org/show_bug.cgi?id=22429#c25 but they don't fix this bug)
http://bugs.winehq.org/show_bug.cgi?id=23451
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |adrian.li.100w@gmail.com
--- Comment #1 from Dmitry Timoshkov dmitry@codeweavers.com 2010-07-01 00:14:02 --- *** Bug 23459 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=23451
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #2 from Anastasius Focht focht@gmx.net 2010-07-01 15:27:28 --- Hello,
this problem won't be fixed easily. It requires a redesign of Wine's process creation code.
The logs won't give much information, one has to debug some brain damaged virtualization layer. Basically it fails to properly create the child process "sandboxed one" - the way it wants.
--- snip --- "[*** PostMapExecutableBaseIntoChild failed C0000141]" ""C:\Program Files\Notepad++\notepad++.exe"" "RelaunchUsingCreateProcess::CreateProcess failed" --- snip ---
The 0xC0000141 status is custom made within virtualization layer it has nothing to do with some failed (native) API call.
When VMWare Thinapp layer creates the (real) child process, it creates it initially suspended. That reminded me of a technique used in malware to completely replace the executable image before code is being run in child address space. Basically the original image is unmapped using NtUnmapViewOfSection() and virtual memory is allocated in target address space, big enough to hold new (replacement) PE image. The new image is copied into target space (from in memory resources or disk) and then PEB members and entry point address get patched to new values (using thread context of main thread).
But this seems not the case here. CreateProcessW() returns successfully and the thinapp wrapper looks at internal data structures only to find out something didn't go right. When I skimmed through wrapper process address space, I came to an interesting memory block, near the end of user vm:
--- snip --- Wine-dbg>info maps ... 7f000000 7ffaffff free 7ffb0000 7ffbffff commit private RWX 7ffc0000 7ffcbfff free 7ffcc000 7ffcffff commit private RW 7ffd0000 7ffd3fff commit private RW 7ffd4000 7ffd7fff commit private RW 7ffd8000 7ffdbfff commit private RW 7ffdc000 7ffdefff free 7ffdf000 7ffdffff commit private RW 7ffe0000 7ffeffff commit private RW
Wine-dbg>x/100x 0x7ffb0000 0x7ffb0000: 3a9e4068 a3e06868 81e9003e 68804384 0x7ffb0010: 683a8980 3ea3e068 8472e900 60688043 0x7ffb0020: 68683d6f 003a7d10 438463e9 8d806880 0x7ffb0030: 5068683d e9003a7f 80438454 c1f1d868 0x7ffb0040: 5cb0687b 95e90034 68804384 7bc20c7c 0x7ffb0050: 345cb068 8486e900 00008043 00000000 0x7ffb0060: 00000000 00000000 00000000 00000000 0x7ffb0070: 00000000 00000000 00000000 00000000 0x7ffb0080: 00000000 00000000 00000000 00000000 --- snip ---
Suspicious as I am, I disassembled it:
--- snip --- Wine-dbg>disas 0x7ffb0000 0x7ffb0000: pushl $0x683a9e40 0x7ffb0005: pushl $0x3ea3e0 0x7ffb000a: jmp 0x003e8490 0x7ffb000f: pushl $0x683a8980 0x7ffb0014: pushl $0x3ea3e0 0x7ffb0019: jmp 0x003e8490 0x7ffb001e: pushl $0x683d6f60 0x7ffb0023: pushl $0x3a7d10 0x7ffb0028: jmp 0x003e8490 0x7ffb002d: pushl $0x683d8d80 0x7ffb0032: pushl $0x3a7f50 0x7ffb0037: jmp 0x003e8490 0x7ffb003c: pushl $0x7bc1f1d8 0x7ffb0041: pushl $0x345cb0 0x7ffb0046: jmp 0x003e84e0 0x7ffb004b: pushl $0x7bc20c7c 0x7ffb0050: pushl $0x345cb0 0x7ffb0055: jmp 0x003e84e0 0x7ffb005a: addb %al,0x0(%eax) 0x7ffb005c: addb %al,0x0(%eax) --- snip ---
That pretty much looks like trampoline code from hooks. Resolving the addresses revealed the following:
--- snip --- 0x683a9e40 MessageBoxA 0x683a8980 MessageBoxW 0x683d6f60 ShowWindow 0x683d8d80 ShowWindowAsync 0x7bc1f1d8 __wine_stub_NtCreateProcess in ntdll: nop 0x7bc20c7c __wine_stub_ZwCreateProcess in ntdll: nop --- snip ---
Digging deeper into jump target code for NtCreateProcess() hook it seems the virtualization layer partly replaces the params on its own (section object!) before calling the real OS entry. Though it would be pointless here because Wine doesn't even provide proper stubs for these native API.
What is most likely missing is a proper NT-like process creation sequence, resulting in calls to native APIs (for section creation, along with other stuff), with a final one to NtCreateProcess(). Because Wine doesn't resemble Windows' process creation, calls to native API (ought to be hooked) are never made. Hence some steps are simply "left out" leading to failure.
I'll leave it to Alexandre to decide if Wine will take the route of being more native API call sequence compatible one day. I currently see no value in redesigning process creation code just to please some brain damaged userland virtualization layers like ThinApp and Xenocode.
---
Ironically I came along this blog:
http://www.vreference.com/2010/03/18/thinapp-4-5-best-new-feature-linux-supp...
--- quote --- I try pack some trivial application with ThinApp 4.5 but on Ubuntu Linux with last version of wine don’t work any ThinApp applications. Every have problem with error “Crash in RelaunchUsingCreateProcess” On windows all work fine. --- quote ---
Obviously the problem I analyzed above.
The best part:
--- quote --- I don’t doubt there are still issues. I just appreciate the direction they are going in and the collaborative support they are giving to the WINE community. Hopefully they can make this work in most cases. --- quote ---
Sure sure ... I wonder how much do people get paid to spread stuff like this? Or is it drugs? ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=23451
--- Comment #3 from Alexandre Julliard julliard@winehq.org 2010-07-01 16:23:07 --- Yeah, supporting that sort of thing would be a major PITA. I doubt it's going to happen any time soon, if ever.
http://bugs.winehq.org/show_bug.cgi?id=23451
uli hellweiss@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hellweiss@gmx.de
--- Comment #4 from uli hellweiss@gmx.de 2010-07-02 06:20:02 --- I also found this link:
http://blogs.vmware.com/thinapp/2010/03/vmware-thinapp-45-whats-new.html
--- snip --- Additionally the ThinApp engineering team has been working diligently with the Linux Wine team to collaborate on suites of automated test. A significant number of test fixes made by ThinApp engineering were contributed back to the Wine project, especially targeted at reducing the number of test failures on Windows 7. The ThinApp engineering team has also set up ‘WineTestBot’, a service which allows Wine developers to run tests on VMware Virtual Machines which run a large selection of Windows versions. The result of the collaboration is both Wine and ThinApp improve their quality. --- snip ---
That's why I thought it should'nt be too hard to get ThinApps running.
http://bugs.winehq.org/show_bug.cgi?id=23451
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |ntdll Summary|VMWare Thinapps (packaged |VMWare Thinapps (packaged |with version >4.5) don't |with version >4.5) don't |run |run, also affects XenoCode | |wrapped apps
--- Comment #5 from Anastasius Focht focht@gmx.net 2010-08-23 11:06:07 --- Hello,
adding some info... Not only VMWare Thinapps but also various Xenocode wrapped apps need a proper native process creation sequence (they both have this in common).
Another "target" which suffers from this, wrapped by Xenocode:
http://bypass.cdn.skybound.ca/stylizer/Stylizer5Setup.exe
--- snip --- $ sha1sum Stylizer5Setup.exe bd7039b5a67f9846ffdd1795be044f5bf65607a6 Stylizer5Setup.exe --- snip ---
--- snip --- Scanning -> c:\Program Files\Skybound Stylizer 5\Stylizer.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 13330168 (0CB66F8h) Byte(s) -> File Appears to be Digitally Signed @ Offset 0CB5800h, size : 0EF8h / 03832 byte(s) -> File has 13191168 (0C94800h) bytes of appended data starting at offset 021000h [File Heuristics] -> Flag : 00000000000001001000000000000100 (0x00048004) [!] XenoCode Virtual Application Studio 2010 detected ! --- snip ---
I dumped all Xenocode hooks into Wine's ntdll, quite impressive number (though NtCreateProcess is the culprit here):
--- snip --- 7BC1F2B8 __wine_stub_NtCreateProcess E9 E0087784 JMP 0038FB9D 7BC1F310 __wine_stub_NtCreateThread E9 2F077784 JMP 0038FA44 7BC1F394 __wine_stub_NtExtendSection E9 74AB7784 JMP 00399F0D 7BC1F5FC __wine_stub_NtQueryOpenSubKeys E9 CFF37684 JMP 0038E9D0 7BC1F998 __wine_stub_NtUnloadKeyEx E9 38EB7684 JMP 0038E4D5 7BC35610 NtNotifyChangeDirectoryFile E9 E2D77584 JMP 00392DF7 7BC3B090 NtQueryDirectoryFile E9 8D7C7584 JMP 00392D22 7BC3DC50 NtSetEaFile E9 EB4D7584 JMP 00392A40 7BC3DCC0 NtQueryEaFile E9 EB4F7584 JMP 00392CB0 7BC3DD60 NtSetVolumeInformationFile E9 0F4C7584 JMP 00392974 7BC3DDE0 NtCreateMailslotFile E9 7E537584 JMP 00393163 7BC3DF70 NtUnlockFile E9 99497584 JMP 0039290E 7BC3E1A0 NtCancelIoFile E9 C4507584 JMP 00393269 7BC3E370 NtCreateNamedPipeFile E9 6D4D7584 JMP 003930E2 7BC3E5F0 NtLockFile E9 74487584 JMP 00392E69 7BC3E8E0 NtFlushBuffersFile E9 6E467584 JMP 00392F53 7BC3F330 NtQueryVolumeInformationFile E9 52387584 JMP 00392B87 7BC3F9C0 NtSetInformationFile E9 15307584 JMP 003929DA 7BC400B0 NtFsControlFile E9 292E7584 JMP 00392EDE 7BC40570 NtDeviceIoControlFile E9 3B2A7584 JMP 00392FB0 7BC40840 NtWriteFileGather E9 E51F7584 JMP 0039282A 7BC40FF0 NtWriteFile E9 A7187584 JMP 0039289C 7BC41720 NtReadFileScatter E9 7E137584 JMP 00392AA3 7BC41C50 NtReadFile E9 C00E7584 JMP 00392B15 7BC42A10 NtCreateFile E9 BD077584 JMP 003931D2 7BC42A70 NtDeleteFile E9 B0057584 JMP 00393025 7BC42B40 NtOpenFile E9 81077584 JMP 003932C6 7BC43000 NtQueryAttributesFile E9 95FD7484 JMP 00392D9A 7BC43150 NtQueryFullAttributesFile E9 FEFA7484 JMP 00392C53 7BC43320 NtQueryInformationFile E9 C8F87484 JMP 00392BED 7BC4A9B0 LdrGetDllHandle E9 39537484 JMP 0038FCEE 7BC4C0E0 LdrShutdownThread E9 DA477484 JMP 003908BF 7BC50F00 NtCreatePagingFile E9 7A217484 JMP 0039307F 7BC512D0 NtQuerySection E9 E98A7484 JMP 00399DBE 7BC53F80 NtMakeTemporaryObject E9 A9DB7384 JMP 00391B2E 7BC54170 NtSetInformationObject E9 F0D87384 JMP 00391A65 7BC549B0 NtClose E9 3FD27384 JMP 00391BF4 7BC54A30 NtDuplicateObject E9 53D17384 JMP 00391B88 7BC54B40 NtQuerySecurityObject E9 EDCC7384 JMP 00391832 7BC54E20 NtQueryObject E9 A3CC7384 JMP 00391AC8 7BC5B290 NtOpenProcess E9 77497384 JMP 0038FC0C 7BC5B3E0 NtSetInformationProcess E9 FC457384 JMP 0038F9E1 7BC5C080 NtTerminateProcess E9 CE447384 JMP 00390553 7BC5C100 NtSetInformationKey E9 62257384 JMP 0038E667 7BC5C170 NtRestoreKey E9 72267384 JMP 0038E7E7 7BC5C1E0 NtQueryMultipleValueKey E9 48287384 JMP 0038EA2D 7BC5CB00 NtUnloadKey E9 8A1A7384 JMP 0038E58F 7BC5CBA0 NtSaveKey E9 E51B7384 JMP 0038E78A 7BC5CC40 NtFlushKey E9 E4217384 JMP 0038EE29 7BC5CCE0 NtEnumerateValueKey E9 9E217384 JMP 0038EE83 7BC5D210 NtQueryKey E9 81187384 JMP 0038EA96 7BC5D250 NtEnumerateKey E9 971C7384 JMP 0038EEEC 7BC5D3D0 NtDeleteKey E9 DD1B7384 JMP 0038EFB2 7BC5D4A0 NtSetValueKey E9 44117384 JMP 0038E5E9 7BC5D630 NtQueryValueKey E9 CF127384 JMP 0038E904 7BC5DAD0 NtDeleteValueKey E9 80147384 JMP 0038EF55 7BC5DBC0 NtOpenKey E9 9A0F7384 JMP 0038EB5F 7BC5E850 NtCreateKey E9 CC077384 JMP 0038F021 7BC5EBF0 NtReplaceKey E9 52FC7284 JMP 0038E847 7BC5EC70 NtNotifyChangeKey E9 C5FF7284 JMP 0038EC3A 7BC5EF10 NtLoadKey E9 B7FE7284 JMP 0038EDCC 7BC69390 NtSetSecurityObject E9 3D847284 JMP 003917D2 7BC75680 NtSignalAndWaitForSingleObject E9 52C37184 JMP 003919D7 7BC756E0 NtWaitForMultipleObjects E9 1FC27184 JMP 00391904 7BC75760 NtWaitForSingleObject E9 33C17184 JMP 00391898 7BC7E780 NtAreMappedFilesTheSame E9 16B57184 JMP 00399C9B 7BC7EAB0 NtOpenSection E9 6FB37184 JMP 00399E24 7BC800C0 NtQueryVirtualMemory E9 339C7184 JMP 00399CF8 7BC80930 NtCreateSection E9 35967184 JMP 00399F6A 7BC81430 NtUnmapViewOfSection E9 2C897184 JMP 00399D61 7BC83C20 NtMapViewOfSection E9 5F627184 JMP 00399E84 --- snip ---
Regards
http://bugs.winehq.org/show_bug.cgi?id=23451
--- Comment #6 from butraxz@gmail.com 2013-06-27 12:45:18 CDT --- This ticket has not been updated for over 900 days.
Is this still an issue in wine version 1.6-rc3 or higher or is this to be closed as abandoned ?
http://bugs.winehq.org/show_bug.cgi?id=23451
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|download |obfuscation URL|http://rapidshare.com/files | |/393576825/notepad__.exe.ht | |ml | Summary|VMWare Thinapps (packaged |VMWare Thinapps (packaged |with version >4.5) don't |with version >4.5) and |run, also affects XenoCode |XenoCode wrapped apps fail |wrapped apps |to run (differences in | |process creation sequence | |at native API level)
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
yes, obviously still present. The download link is no longer valid, removing.
$ wine --version wine-1.7.8-220-g0bef543
Regards
https://bugs.winehq.org/show_bug.cgi?id=23451
ildar.mulyukov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ildar.mulyukov@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=23451
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fracting@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=23451
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lukasz.wojnilowicz@gmail.co | |m
--- Comment #8 from Anastasius Focht focht@gmx.net --- *** Bug 29940 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=23451
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=44912
https://bugs.winehq.org/show_bug.cgi?id=23451
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://archive.org/downloa | |d/stylizer-5-setup/Stylizer | |5Setup.exe Keywords| |download
--- Comment #9 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, obviously still present.
Adding stable download link via Internet Archive:
https://archive.org/download/stylizer-5-setup/Stylizer5Setup.exe
Apparently the normal capture process on the remaining public mirror sites didn't work so I uploaded directly.
$ sha1sum Stylizer5Setup.exe 59f394edcbe60824aaa49648c7a1aa73d0e8e751 Stylizer5Setup.exe
$ du -sh Stylizer5Setup.exe 15M Stylizer5Setup.exe
$ wine --version wine-5.7-170-gd1f858e03d
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla