[Bug 39406] New: LabVIEW 2014: Errors during installation block the process (continue to accept them)
https://bugs.winehq.org/show_bug.cgi?id=39406
Bug ID: 39406 Summary: LabVIEW 2014: Errors during installation block the process (continue to accept them) Product: Wine Version: 1.7.52 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: zat_xorg@hotmail.com Distribution: ---
Created attachment 52522 --> https://bugs.winehq.org/attachment.cgi?id=52522 Backtrace file of error during installation
LabVIEW 2014: Installer finishes, but with error popups during the process (you have to accept in order to complete the installation)
http://www.ni.com/download/labview-development-system-2014/4735/en/
https://bugs.winehq.org/show_bug.cgi?id=39406
braytac zat_xorg@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |dotnet, Installer URL| |http://www.ni.com/download/ | |labview-development-system- | |2014/4735/en/
https://bugs.winehq.org/show_bug.cgi?id=39406
Vincent Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|dotnet |download Component|-unknown |ntoskrnl
--- Comment #1 from Vincent Povirk madewokherd@gmail.com --- Backtrace shows that this is a driver (cvintdrv.sys) crashing.
https://bugs.winehq.org/show_bug.cgi?id=39406
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 CC| |austinenglish@gmail.com Status|UNCONFIRMED |NEW
--- Comment #2 from Austin English austinenglish@gmail.com --- (In reply to Vincent Povirk from comment #1)
Backtrace shows that this is a driver (cvintdrv.sys) crashing.
My scuba computer's pc program has the same issue: http://www.cressi.com/DownloadArea/download.asp
in 1.9.18.
https://bugs.winehq.org/show_bug.cgi?id=39406
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|LabVIEW 2014: Errors during |LabVIEW 2014: Errors during |installation block the |installation block the |process (continue to accept |process (continue to accept |them) |them) (cvintdrv.sys)
https://bugs.winehq.org/show_bug.cgi?id=39406
soredake gi85qht0z@relay.firefox.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gi85qht0z@relay.firefox.com
https://bugs.winehq.org/show_bug.cgi?id=39406
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net URL|http://www.ni.com/download/ |https://web.archive.org/web |labview-development-system- |/20181022065706/http://down |2014/4735/en/ |load.ni.com/evaluation/labv | |iew/ekit/other/downloader/2 | |014LV-WinEng.exe Summary|LabVIEW 2014: Errors during |LabVIEW 201x CVI kernel |installation block the |driver 'cvintdrv.sys' |process (continue to accept |crashes due to missing |them) (cvintdrv.sys) |'ntoskrnl.SeExports' export | |(SE_EXPORTS structure)
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming, still present
Stable download links via Internet Archive:
https://web.archive.org/web/20181022065706/http://download.ni.com/evaluation...
https://web.archive.org/web/20181010222337/http://download.ni.com/evaluation...
https://web.archive.org/web/20181001215929/http://download.ni.com/evaluation...
https://web.archive.org/web/20181022081430/http://download.ni.com/evaluation...
https://web.archive.org/web/20181020184420/http://download.ni.com/evaluation...
Relevant part of trace log (after setting driver to manual start):
--- snip --- $ WINEDEBUG=+seh,+relay,+service,+ntoskrnl wine net start cvintdrv >>log.txt 2>&1
0560:trace:ntoskrnl:load_driver loading driver L"C:\windows\system32\drivers\cvintdrv.sys" 0560:Call KERNEL32.LoadLibraryW(0012d328 L"C:\windows\system32\drivers\cvintdrv.sys") ret=0036490e ... 0560:Call LDR notification callback (proc=00365B80,reason=1,data=00D5F860,context=00000000) ... 0560:trace:ntoskrnl:ldr_notify_callback loading L"cvintdrv.sys" ... 0560:trace:ntoskrnl:ldr_notify_callback relocating from 00010000-00018000 to 00E80000-00E88000 ... 0560:Ret KERNEL32.LoadLibraryW() retval=00e80000 ret=0036490e ... 0560:Call driver init 00E8603E (obj=0012D250,str=L"\Registry\Machine\System\CurrentControlSet\Services\cvintdrv") ... 0560:Call ntoskrnl.exe.MmGetSystemRoutineAddress(00d5fb38) ret=00e8402b ... 0560:fixme:ntoskrnl:MmGetSystemRoutineAddress L"IoCreateDeviceSecure" not found 0560:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00000000 ret=00e8402b ... 0560:Call ntoskrnl.exe.MmGetSystemRoutineAddress(00d5fb38) ret=00e8404f ... 0560:trace:ntoskrnl:MmGetSystemRoutineAddress L"IoValidateDeviceIoControlAccess" -> 00353A20 0560:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00353a20 ret=00e8404f 0560:Call ntoskrnl.exe.wcschr(00e8218e L"(A;;GA;;;SY)(A;;GA;;;BA)",0000003a) ret=00e84a52 0560:Call msvcrt.wcschr(00e8218e L"(A;;GA;;;SY)(A;;GA;;;BA)",0000003a) ret=7bc3ab64 0560:Ret msvcrt.wcschr() retval=00000000 ret=7bc3ab64 0560:Ret ntoskrnl.exe.wcschr() retval=00000000 ret=00e84a52 ... 0560:Call ntoskrnl.exe._wcsnicmp(00e82190 L"A;;GA;;;SY)(A;;GA;;;BA)",00e825d4 L"A",00000001) ret=00e84bb9 0560:Call msvcrt._wcsnicmp(00e82190 L"A;;GA;;;SY)(A;;GA;;;BA)",00e825d4 L"A",00000001) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=00000000 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=00000000 ret=00e84bb9 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825cc L"RC",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825cc L"RC",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffff5 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff5 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825c4 L"WD",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825c4 L"WD",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffff0 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff0 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825bc L"WO",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825bc L"WO",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffff0 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff0 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825b4 L"SD",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825b4 L"SD",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffff4 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff4 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825ac L"GA",00000002) ret=00e8486d 0560:Call msvcrt._wcsnicmp(00e82196 L"GA;;;SY)(A;;GA;;;BA)",00e825ac L"GA",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=00000000 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=00000000 ret=00e8486d 0560:Call ntoskrnl.exe._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83040 L"WD",00000002) ret=00e847d3 0560:Call msvcrt._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83040 L"WD",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=fffffffc ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=fffffffc ret=00e847d3 0560:Call ntoskrnl.exe._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83054 L"BA",00000002) ret=00e847d3 0560:Call msvcrt._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83054 L"BA",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=00000011 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=00000011 ret=00e847d3 0560:Call ntoskrnl.exe._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83068 L"SY",00000002) ret=00e847d3 0560:Call msvcrt._wcsnicmp(00e821a0 L"SY)(A;;GA;;;BA)",00e83068 L"SY",00000002) ret=7bc3ab64 ... 0560:Ret msvcrt._wcsnicmp() retval=00000000 ret=7bc3ab64 0560:Ret ntoskrnl.exe._wcsnicmp() retval=00000000 ret=00e847d3 0560:trace:seh:dispatch_exception code=c0000005 flags=0 addr=00E8483B ip=00e8483b tid=0560 0560:trace:seh:dispatch_exception info[0]=00000000 0560:trace:seh:dispatch_exception info[1]=90909170 0560:trace:seh:dispatch_exception eax=000000e0 ebx=00e821a0 ecx=90909090 edx=0000000c esi=00000028 edi=00e83068 0560:trace:seh:dispatch_exception ebp=00d5fa4c esp=00d5fa3c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010297 0560:trace:seh:call_vectored_handlers calling handler at 0035DA00 code=c0000005 flags=0 0560:trace:seh:call_vectored_handlers handler at 0035DA00 returned 0 0560:trace:seh:call_vectored_handlers calling handler at 7B00F270 code=c0000005 flags=0 0560:trace:seh:call_vectored_handlers handler at 7B00F270 returned 0 0560:trace:seh:call_stack_handlers calling handler at 7BC52730 code=c0000005 flags=0 0560:Call ntdll.NtCreateEvent(00d5f310,001f0003,00d5f384,00000000,00000000) ret=7b010402 0560:Ret ntdll.NtCreateEvent() retval=00000000 ret=7b010402 wine: Unhandled page fault on read access to 90909170 at address 00E8483B (thread 0560), starting debugger... --- snip ---
Trace doesn't reveal much but debugging the crash site does:
--- snip --- 00E847B3 | mov edi,edi | 00E847B5 | push ebp | 00E847B6 | mov ebp,esp | 00E847B8 | push ecx | 00E847B9 | push ebx | 00E847BA | mov ebx,dword ptr ss:[ebp+8] | 00E847BD | push esi | 00E847BE | xor esi,esi | 00E847C0 | push edi | 00E847C1 | mov edi,cvintdrv.E83040 | 00E847C6 | mov dword ptr ss:[ebp-4],esi | 00E847C9 | push dword ptr ds:[edi+8] | 00E847CC | push edi | 00E847CD | push ebx | 00E847CE | call <JMP.&__wcsnicmp> | 00E847D3 | add esp,C | 00E847D6 | test eax,eax | 00E847D8 | je cvintdrv.E847FD | 00E847DA | add dword ptr ss:[ebp-4],14 | 00E847DE | inc esi | 00E847DF | add edi,14 | 00E847E2 | cmp dword ptr ss:[ebp-4],F0 | 00E847E9 | jb cvintdrv.E847C9 | 00E847EB | mov eax,dword ptr ss:[ebp+C] | 00E847EE | and dword ptr ds:[eax],0 | 00E847F1 | mov eax,C0000073 | 00E847F6 | pop edi | 00E847F7 | pop esi | 00E847F8 | pop ebx | 00E847F9 | leave | 00E847FA | ret C | 00E847FD | mov ecx,dword ptr ss:[ebp+10] | 00E84800 | imul esi,esi,14 | 00E84803 | mov eax,dword ptr ds:[esi+E83048] | 00E84809 | lea eax,dword ptr ds:[ebx+eax*2] | 00E8480C | mov dword ptr ds:[ecx],eax | 00E8480E | cmp dword ptr ds:[esi+E8303C],1 | 00E84815 | jne cvintdrv.E8482D | 00E84817 | push 20 | 00E84819 | push 1 | 00E8481B | call dword ptr ds:[&_IoIsWdmVersionAvailable@8] | 00E84821 | test al,al | 00E84823 | jne cvintdrv.E8482D | 00E84825 | mov eax,dword ptr ss:[ebp+C] | 00E84828 | and dword ptr ds:[eax],0 | 00E8482B | jmp cvintdrv.E84843 | 00E8482D | mov ecx,dword ptr ds:[<&___wine_stub_SeExports>] | 00E84833 | mov ecx,dword ptr ds:[ecx] | 00E84835 | mov eax,dword ptr ds:[esi+E83038] | 0xE0 00E8483B | mov eax,dword ptr ds:[eax+ecx] | *boom* 00E8483E | mov ecx,dword ptr ss:[ebp+C] | 00E84841 | mov dword ptr ds:[ecx],eax | 00E84843 | xor eax,eax | 00E84845 | jmp cvintdrv.E847F6 | --- snip ---
dword ptr ds:[eax+ecx*1] = [0xE0+0x90909090] = 0x90909170
Microsoft docs:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs...
--- quote --- The SeExports structure is a large external static SE_EXPORTS structure that defines a number of well-known security constants for privilege values and security identifiers. --- quote ---
Wine source:
https://source.winehq.org/git/wine.git/blob/7d3186e029fb4cf417fab59483a37d8a...
--- snip --- 1326 @ stub SeExports --- snip ---
ProtectionID scan:
--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\windows\system32\drivers\cvintdrv.sys File Type : 32-Bit Driver (good checksum) (Subsystem : Native / 1), Size : 21792 (05520h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x4E937FD8 -> Mon 10th Oct 2011 23:29:28 (GMT) [TimeStamp] 0x4E937FD8 -> Mon 10th Oct 2011 23:29:28 (GMT) | PE Header | - | Offset: 0x000000C8 | VA: 0x000100C8 | - [TimeStamp] 0x4E937FD8 -> Mon 10th Oct 2011 23:29:28 (GMT) | DebugDirectory | - | Offset: 0x00000AC4 | VA: 0x000120C4 | - -> File Appears to be Digitally Signed @ Offset 03200h, size : 02320h / 08992 byte(s) [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000100000001001100000000000111 (0x0404C007) [Entrypoint Section Entropy] : 5.40 (section #4) "INIT " | Size : 0x516 (1302) byte(s) [DllCharacteristics] -> Flag : (0x0400) -> NOSEH [SectionCount] 6 (0x6) | ImageSize 0x8000 (32768) byte(s) [ModuleReport] [IAT] Modules -> ntoskrnl.exe | HAL.dll [Debug Info] (record 1 of 1) (file offset 0xAC0) Characteristics : 0x0 | TimeDateStamp : 0x4E937FD8 (Mon 10th Oct 2011 23:29:28 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x4E (78) AddressOfRawData : 0x25D8 | PointerToRawData : 0xFD8 CvSig : 0x53445352 | SigGuid 01BFF930-BFF0-4554-937CAF4FAB5F7A02 Age : 0x17 (23) | Pdb : c:\winddk\7600.16385.1\lib\wxp\i386\i386\CVINTDRV.pdb [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.347 Second(s) [00000015Bh (347) tick(s)] [135 of 580 scan(s) done]
Scanning -> C:\windows\system32\drivers\CVINTDrv.ver [!] File does not have any imports [!] File does not have an entrypoint File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 1536 (0600h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x52D6B97A -> Wed 15th Jan 2014 16:38:18 (GMT) [TimeStamp] 0x52D6B97A -> Wed 15th Jan 2014 16:38:18 (GMT) | PE Header | - | Offset: 0x000000B8 | VA: 0x100000B8 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00010000000001001000010001000000 (0x10048440) [DllCharacteristics] -> Flag : (0x0400) -> NOSEH [SectionCount] 1 (0x1) | ImageSize 0x2000 (8192) byte(s) [VersionInfo] Company Name : National Instruments [VersionInfo] Product Name : LabWindows/CVI 2013 [VersionInfo] Product Version : 13.0.1.201 [VersionInfo] File Description : LabWindows/CVI Version Resource File [VersionInfo] File Version : 13.0.1.201 [VersionInfo] Original FileName : versionResource.dll [VersionInfo] Internal Name : CVIVersionResource [VersionInfo] Legal Copyrights : Copyright © 1987-2014 National Instruments. All rights reserved. [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.250 Second(s) [0000000FAh (250) tick(s)] [246 of 580 scan(s) done] --- snip ---
virustotal.com scan:
https://www.virustotal.com/gui/file/fb224b34081efdcf34f43901cfc423635e176206...
$ sha1sum 201*-WinEng* b16e80402d7567b49e0f47a673fe53accbd1e029 2014LV-WinEng.exe 6e67bff38ea397df8317e5d9b4895c25d0674186 2015LV-WinEng.exe 15f2845122cedd53715bc96cf93afa6890c5d0fc 2016LV-WinEng.exe 8ffb9bb144d6e4071999f333a19c2ef266e4ec68 2017LV-WinEng.exe 4365d9beca39f743b31a87a1b44b2e456b290b86 2018LV-WinEng.exe
$ du -sh 201*-WinEng* 1.4G 2014LV-WinEng.exe 1.4G 2015LV-WinEng.exe 1.5G 2016LV-WinEng.exe 1.4G 2017LV-WinEng.exe 1.6G 2018LV-WinEng.exe
$ wine --version wine-6.0-rc6
Regards
https://bugs.winehq.org/show_bug.cgi?id=39406
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|LabVIEW 201x CVI kernel |Multiple kernel drivers |driver 'cvintdrv.sys' |crash due to missing |crashes due to missing |'ntoskrnl.SeExports' export |'ntoskrnl.SeExports' export |(SE_EXPORTS |(SE_EXPORTS structure) |structure)(LabVIEW 201x CVI | |'cvintdrv.sys', F-Secure | |BlackLight Engine 2.2 | |'fsbldrv.sys') URL|https://web.archive.org/web |https://web.archive.org/web |/20181022065706/http://down |/20210116145628/ftp://ftp.f |load.ni.com/evaluation/labv |-secure.com/anti-virus/tool |iew/ekit/other/downloader/2 |s/fsbl.exe |014LV-WinEng.exe |
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
I've found another much smaller download for reproduce:
F-Secure BlackLight Engine 2.2.x (Rootkit scanner) from bug 21038
Stable download via Internet Archive:
https://web.archive.org/web/20210116145628/ftp://ftp.f-secure.com/anti-virus...
To extract/debug the driver standalone, set a breakpoint on StartServiceA() and force quit. This prevents the "temp" rootkit detection helper driver/service binary from getting deleted immediately upon failure/unload.
Service registry entry:
--- snip --- [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fsbl-standalone] "DisplayName"="F-Secure BlackLight Beta Engine Driver" "ErrorControl"=dword:00000001 "ImagePath"="C:\users\focht\Temp\F-Secure\BlackLight\fsbldrv.sys" "ObjectName"="LocalSystem" "PreshutdownTimeout"=dword:0002bf20 "Start"=dword:00000003 "Type"=dword:00000001 "WOW64"=dword:00000001 --- snip ---
Manually start:
--- snip ---- $ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll wine net start fsbl-standalone
log.txt 2>&1
... 0108:trace:ntoskrnl:load_driver loading driver L"C:\users\focht\Temp\F-Secure\BlackLight\fsbldrv.sys" 0108:Call KERNEL32.LoadLibraryW(000433b0 L"C:\users\focht\Temp\F-Secure\BlackLight\fsbldrv.sys") ret=0032606e ... 0108:trace:loaddll:build_module Loaded L"C:\users\focht\Temp\F-Secure\BlackLight\fsbldrv.sys" at 0000000000D60000: native 0108:Call LDR notification callback (proc=00000000003274E0,reason=1,data=0000000000C3F2D0,context=0000000000000000) ... 0108:trace:ntoskrnl:ldr_notify_callback loading L"fsbldrv.sys" ... 0108:trace:ntoskrnl:ldr_notify_callback relocating from 0000000000010000-000000000001D000 to 0000000000D60000-0000000000D6D000 ... 0108:Ret LDR notification callback (proc=00000000003274E0,reason=1,data=0000000000C3F2D0,context=0000000000000000) 0108:Ret ntdll.LdrLoadDll() retval=00000000 ret=7b020b30 ... 0108:Ret KERNEL32.LoadLibraryW() retval=00d60000 ret=0032606e ... 0108:Call driver init 0000000000D6A010 (obj=0000000000043200,str=L"\Registry\Machine\System\CurrentControlSet\Services\fsbl-standalone") 0108:trace:seh:dispatch_exception code=c0000005 flags=0 addr=0000000000D6A03C ip=0000000000D6A03C tid=0108 0108:trace:seh:dispatch_exception info[0]=0000000000000000 0108:trace:seh:dispatch_exception info[1]=0000000000000320 0108:trace:seh:dispatch_exception rax=0000000000000320 rbx=0000000000d6a010 rcx=0000000000043200 rdx=0000000000043368 0108:trace:seh:dispatch_exception rsi=000000007b6038a8 rdi=00000000000433b0 rbp=0000000000c3f890 rsp=0000000000c3f808 0108:trace:seh:dispatch_exception r8=0000000000d66108 r9=000000002ddfa232 r10=0000000000000028 r11=0000000000000000 0108:trace:seh:dispatch_exception r12=0000000000043200 r13=0000000000043368 r14=0000000000041908 r15=0000000000000000 0108:trace:seh:call_vectored_handlers calling handler at 000000000031D2F0 code=c0000005 flags=0 ... 0108:fixme:ntoskrnl:MmGetSystemRoutineAddress L"IoCreateDeviceSecure" not found ... 0108:trace:ntoskrnl:MmGetSystemRoutineAddress L"IoValidateDeviceIoControlAccess" -> 0000000000312F98 ... 0108:Call ntoskrnl.exe._wcsnicmp(00d653c0 L"A;;GA;;;SY)(A;;GA;;;BA)",00d65824 L"A",00000001) ret=00d68f7f ... 0108:Ret ntoskrnl.exe._wcsnicmp() retval=00000000 ret=00d68f7f 0108:Call ntoskrnl.exe._wcsnicmp(00d653c6 L"GA;;;SY)(A;;GA;;;BA)",00d6581c L"RC",00000002) ret=00d68fef ... 0108:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff5 ret=00d68fef 0108:Call ntoskrnl.exe._wcsnicmp(00d653c6 L"GA;;;SY)(A;;GA;;;BA)",00d65814 L"WD",00000002) ret=00d68fef ... 0108:Ret ntoskrnl.exe._wcsnicmp() retval=fffffff0 ret=00d68fef 0108:Call ntoskrnl.exe._wcsnicmp(00d653c6 L"GA;;;SY)(A;;GA;;;BA)",00d6580c L"WO",00000002) ret=00d68fef ... 0108:Call ntoskrnl.exe._wcsnicmp(00d653d0 L"SY)(A;;GA;;;BA)",00d66164 L"BA",00000002) ret=00d69174 ... 0108:Ret ntoskrnl.exe._wcsnicmp() retval=00000011 ret=00d69174 0108:Call ntoskrnl.exe._wcsnicmp(00d653d0 L"SY)(A;;GA;;;BA)",00d6617c L"SY",00000002) ret=00d69174 ... 0108:Ret ntoskrnl.exe._wcsnicmp() retval=00000000 ret=00d69174 0108:trace:seh:dispatch_exception code=c0000005 flags=0 addr=0000000000D691C8 ip=0000000000D691C8 tid=0108 0108:trace:seh:dispatch_exception info[0]=0000000000000000 0108:trace:seh:dispatch_exception info[1]=00000000ffffffff 0108:trace:seh:dispatch_exception rax=0000000000315338 rbx=0000000000d653d4 rcx=0000000028ec8348 rdx=0000000000000108 0108:trace:seh:dispatch_exception rsi=0000000000d66184 rdi=0000000000000006 rbp=0000000000000002 rsp=0000000000c3f520 0108:trace:seh:dispatch_exception r8=0000000000000000 r9=0000000000000000 r10=0000000000c3f06b r11=0000000000000000 0108:trace:seh:dispatch_exception r12=0000000010000000 r13=0000000000d66140 r14=00000000c000000d r15=0000000000c3f5c8 0108:trace:seh:call_vectored_handlers calling handler at 000000000031D2F0 code=c0000005 flags=0 0108:trace:seh:call_vectored_handlers handler at 000000000031D2F0 returned 0 0108:trace:seh:call_vectored_handlers calling handler at 000000007B011BA0 code=c0000005 flags=0 0108:trace:seh:call_vectored_handlers handler at 000000007B011BA0 returned 0 ... 0108:trace:seh:start_debugger Starting debugger L"winedbg --auto 252 68" ... wine: Unhandled page fault on read access to FFFFFFFFFFFFFFFF at address 0000000000D691C8 (thread 0108), starting debugger... --- snip ---
Crash site using x64dbg (winedbg doesn't work here which is a different issue)
--- snip --- 0000000000D6916F | call <JMP.&_wcsnicmp> | 0000000000D69174 | test eax,eax | 0000000000D69176 | je fsbldrv.D69191 | 0000000000D69178 | inc edi | 0000000000D6917A | inc rbp | 0000000000D6917D | add rsi,18 | 0000000000D69181 | cmp edi,C | 0000000000D69184 | jb fsbldrv.D69160 | 0000000000D69186 | mov r13d,C0000073 | 0000000000D6918C | jmp fsbldrv.D6927B | 0000000000D69191 | lea rdi,qword ptr ss:[rbp+rbp*2] | 0000000000D69196 | cmp dword ptr ds:[r13+rdi*8+8],1 | 0000000000D6919C | mov eax,dword ptr ds:[r13+rdi*8+14] | 0000000000D691A1 | lea rbx,qword ptr ds:[rbx+rax*2] | 0000000000D691A5 | jne fsbldrv.D691B9 | 0000000000D691A7 | mov dl,20 | 0000000000D691A9 | mov cl,1 | 0000000000D691AB | call qword ptr ds:[<&IoIsWdmVersionAvailable>] | 0000000000D691B1 | test al,al | 0000000000D691B3 | jne fsbldrv.D691B9 | 0000000000D691B5 | xor ecx,ecx | 0000000000D691B7 | jmp fsbldrv.D691CC | 0000000000D691B9 | mov rax,qword ptr ds:[<&__wine_stub_SeExports> | 0000000000D691C0 | mov rdx,qword ptr ds:[r13+rdi*8] | 0000000000D691C5 | mov rcx,qword ptr ds:[rax] | 0000000000D691C8 | mov rcx,qword ptr ds:[rdx+rcx] | 0000000000D691CC | xor r13d,r13d | 0000000000D691CF | test rbx,rbx | 0000000000D691D2 | je fsbldrv.D6925C | --- snip ---
virustotal.com scans:
'fsbl.exe' app:
https://www.virustotal.com/gui/file/9f366a024370ed1c559f327db5266d3a27343d40...
'fsbldrv.sys' driver:
https://www.virustotal.com/gui/file/2a4426c59dac979b357f1d080bd3f63662d8513f...
$ sha1sum fsbl.exe b91cc97353117ed488acee290b39ef63ded7f5e4 fsbl.exe
$ du -sh fsbl.exe 1.1M fsbl.exe
$ wine --version wine-6.0-40-g00401d22782
Regards
https://bugs.winehq.org/show_bug.cgi?id=39406
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present. Reproducing is no longer straight forward though.
Since Wine 6.22 release, specifically commit https://source.winehq.org/git/wine.git/commitdiff/162991a03ceb4b45963b7129bf... ("ntoskrnl: Add IoCreateDeviceSecure semi-stub."), the crash is avoided due to drivers now taking a different code path (bug 52312).
Another driver from 'Dokan' project:
https://github.com/dokan-dev/dokany/releases/tag/v1.5.0.3000
https://web.archive.org/web/20220101193836/https://github.com/dokan-dev/doka...
https://www.virustotal.com/gui/file/701b56281010adf9fc401d5189dd223b1b300d4d...
$ sha1sum Dokan_x64.msi 0661e14c01785fdf636d826fee34e556b02dc7d4 Dokan_x64.msi
$ du -sh Dokan_x64.msi 12M Dokan_x64.msi
$ wine --version wine-7.0-rc3-34-gb6dc8399087
Regards
https://bugs.winehq.org/show_bug.cgi?id=39406
soredake broaden_acid002@simplelogin.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|broaden_acid002@simplelogin | |.com |
-
wine-bugs@winehq.org -
WineHQ Bugzilla