[Bug 46089] New: TopoEdit tool from Windows 10 SDK (10.0.17763.x) crashes in ntdll.LdrResolveDelayLoadedAPI during resolver failure ( NULL dll failure hook)
https://bugs.winehq.org/show_bug.cgi?id=46089
Bug ID: 46089 Summary: TopoEdit tool from Windows 10 SDK (10.0.17763.x) crashes in ntdll.LdrResolveDelayLoadedAPI during resolver failure (NULL dll failure hook) Product: Wine Version: 3.19 Hardware: aarch64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says.
Encountered while playing with some 64-bit ARM apps from Win10 SDK (running in qemuarm64 machine). Most likely present with x86_64 Wine too.
Trace log:
--- snip --- $ WINEDEBUG=+seh,+relay,+loaddll,+process,+module,+ntdll wine64 ./topoedit.exe
log.txt 2>&1
... 002b:Ret PE DLL (proc=0x180035d70,module=0x180000000 L"tedutil.dll",reason=PROCESS_ATTACH,res=0x22fc48) retval=1 002b:trace:module:process_attach (L"tedutil.dll",0x22fc48) - END 002b:trace:module:process_attach (L"topoedit.exe",0x22fc48) - END 002b:Starting process L"Z:\home\focht\Downloads\win10sdk_arm64\arm64\topoedit.exe" (entryproc=0x14001ddb0) ... 002b:Call KERNEL32.LoadLibraryExW(140020a08 L"TEDUTIL.dll",00000000,00000000) ret=140012c64 ... 002b:Ret KERNEL32.LoadLibraryExW() retval=180000000 ret=140012c64 002b:Call ntdll.LdrResolveDelayLoadedAPI(140000000,140022588,00000000,7b43da8c,140027010,00000000) ret=14001e8fc 002b:fixme:module:LdrResolveDelayLoadedAPI (0x140000000, 0x140022588, (nil), 0x7b43da8c, 0x140027010, 0x00000000), partial stub 002b:trace:module:load_dll looking for L"ext-ms-win-shell-comctl32-init-l1-1-0.dll" in L"Z:\home\focht\Downloads\win10sdk_arm64\arm64;C:\windows\system32;C:\windows\system;C:\windows;.;C:\windows\system32;C:\windows;C:\windows\system32\wbem" ... 002b:trace:module:get_load_order looking for L"ext-ms-win-shell-comctl32-init-l1-1-0.dll" 002b:trace:module:get_load_order got hardcoded default for L"ext-ms-win-shell-comctl32-init-l1-1-0.dll" 002b:trace:module:load_builtin_dll Trying built-in L"ext-ms-win-shell-comctl32-init-l1-1-0.dll" 002b:warn:module:load_builtin_dll cannot open .so lib for builtin L"ext-ms-win-shell-comctl32-init-l1-1-0.dll": /home/focht/projects/wine/mainline-install-aarch64/bin/../lib64/wine/ext-ms-win-shell-comctl32-init-l1-1-0.dll.so: cannot open shared object file: No such file or directory 002b:warn:module:load_dll Failed to load module L"ext-ms-win-shell-comctl32-init-l1-1-0.dll"; status=c0000135 002b:trace:seh:raise_exception info[0]=0000000000000000 002b:trace:seh:raise_exception info[1]=0000000000000000 002b:trace:seh:call_stack_handlers calling handler at 0x7b4d6330 code=c0000005 flags=0 002b:Call ntdll.NtCurrentTeb() ret=7b466c40 002b:Ret ntdll.NtCurrentTeb() retval=7ffd8000 ret=7b466c40 002b:Call ntdll.NtCreateEvent(0022edf0,001f0003,0022edf8,00000000,00000000) ret=7b466f00 002b:Ret ntdll.NtCreateEvent() retval=00000000 ret=7b466f00 002b:Call ntdll.NtCurrentTeb() ret=7b4c5924 002b:Ret ntdll.NtCurrentTeb() retval=7ffd8000 ret=7b4c5924 wine: Unhandled page fault on read access to 0x00000000 at address (nil) (thread 002b), starting debugger... ... System information: Wine build: wine-3.19-117-g4852130c82 Platform: arm64 Version: Windows 8.1 Host system: Linux Host version: 4.14.67-yocto-standard --- snip ---
Running with debugger:
--- snip --- Unhandled exception: page fault on read access to 0x00000000 in 64-bit code (0x0000000000000000). Register dump: ARM64 EL0t Mode Pc:0000000000000000 Sp:000000000023f5d0 Lr:000000007bc891b4 Cpsr:60000000(-ZC-) x0: 0000000000000004 x1: 000000000023f6a0 x2: 0000000000000010 x3: 000000007bd0c200 x4: 000000000023f6a0 x5: 0246490a4d1b1d40 x6: 401d1b4d0a494602 x7: 6e652e646c6e672e x8: 000000000023f6a0 x9: 0000000000000000 x10:00000000c0000135 x11:000000000000267c x12:000000000000267c x13:000000000002267c x14:0000000000000000 x15:0000000000000008 ip0:000000000002267c ip1:0000000000000000 x18:000000007ffd8000 x19:0000000140000000 x20:0000000000000001 x21:00000000002519be x22:0000000000000000 x23:000000014001f6f8 x24:0000000140025000 x25:0000000140025000 x26:000000007b4eaf38 x27:000000007b4ee926 x28:000000007b4a2b60 Fp:000000000023f740 ... Backtrace: =>0 0x0000000000000000 (0x000000000023f740) 1 0x000000007bc891b4 LdrResolveDelayLoadedAPI+0x3c7(base=0x140000000, desc=0x140022588, dllhook=(nil), syshook=0x7b494fa8, addr=0x140027010, flags=0) [/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:2995] in ntdll (0x000000000023f740) 2 0x000000007bc891b4 LdrResolveDelayLoadedAPI+0x3c7(base=0x7b4a2b60, desc=0x7b8252b8, dllhook=0x140000000, syshook=0x140022588, addr=(nil), flags=0) [/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:2995] in ntdll (0x000000000023f750) 3 0x000000014001e8fc in topoedit (+0x1e8fb) (0x000000000023f820) 4 0x0000000140012c90 in topoedit (+0x12c8f) (0x000000000023f820) 0x0000000000000000: -- no code accessible --
Wine-dbg>frame 1 2995 return dllhook(4, &delayinfo);
Wine-dbg>info locals 0x000000007bc891b3 LdrResolveDelayLoadedAPI+0x3c7: (0023f740) void* base=0x140000000 (parameter [fp-32]) IMAGE_DELAYLOAD_DESCRIPTOR* desc=0x140022588 (parameter [fp-40]) PDELAYLOAD_FAILURE_DLL_CALLBACK dllhook=(nil) (parameter [fp-48]) void* syshook=0x7b494fa8 (parameter [fp-56]) IMAGE_THUNK_DATA* addr=0x140027010 (parameter [fp-64]) ULONG flags=0 (parameter [fp-68]) IMAGE_THUNK_DATA* pIAT=0x140027010 (local [fp-80]) IMAGE_THUNK_DATA* pINT=0x1400225d8 (local [fp-88]) DELAYLOAD_INFO delayinfo={Size=0x48, DelayloadDescriptor=0x140022588, ThunkAddress=0x140027010, TargetDllName="ext-ms-win-shell-comctl32-init-l1-1-0.dll", TargetApiDescriptor={ImportDescribedByName=0x1, Description={Name=*** invalid address 0x267c ***, Ordinal=0x267c}}, TargetModuleBase=0x0(nil), Unused=0x0(nil), LastError=0xc0000135} (local [fp-160]) UNICODE_STRING mod={Length=0, MaximumLength=0, Buffer=0x0(nil)} (local [fp-176]) CHAR* name="ext-ms-win-shell-comctl32-init-l1-1-0.dll" (local [sp+184]) HMODULE* phmod=0x140025858 (local [sp+176]) NTSTATUS nts=0xc0000135 (local [sp+172]) FARPROC fp=0x7bd0915d (local [sp+160]) DWORD id=0 (local [sp+156]) --- snip ---
'ext-ms-win-shell-comctl32-init-l1-1-0.dll' doesn't exist as stub dll in Wine hence the delay load failure. Wine's 'LdrResolveDelayLoadedAPI' implementation unconditionally calls the dll provided failure hook without checking for NULL pointer.
The system failure hook parameter is actually valid:
--- snip --- Wine-dbg>disas 0x7b494fa8 0x000000007b494fa8 DelayLoadFailureHook [/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:1220] in kernel32: be_arm64_disasm_one_insn: not done --- snip ---
I guess this one could be called in case the dll failure hook is not provided.
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntdll/loader.c#l2936
--- snip --- 2936 void* WINAPI LdrResolveDelayLoadedAPI( void* base, const IMAGE_DELAYLOAD_DESCRIPTOR* desc, 2937 PDELAYLOAD_FAILURE_DLL_CALLBACK dllhook, void* syshook, 2938 IMAGE_THUNK_DATA* addr, ULONG flags ) 2939 { 2940 IMAGE_THUNK_DATA *pIAT, *pINT; 2941 DELAYLOAD_INFO delayinfo; 2942 UNICODE_STRING mod; 2943 const CHAR* name; 2944 HMODULE *phmod; 2945 NTSTATUS nts; 2946 FARPROC fp; 2947 DWORD id; 2948 2949 FIXME("(%p, %p, %p, %p, %p, 0x%08x), partial stub\n", base, desc, dllhook, syshook, addr, flags); 2950 2951 phmod = get_rva(base, desc->ModuleHandleRVA); 2952 pIAT = get_rva(base, desc->ImportAddressTableRVA); 2953 pINT = get_rva(base, desc->ImportNameTableRVA); 2954 name = get_rva(base, desc->DllNameRVA); 2955 id = addr - pIAT; 2956 2957 if (!*phmod) 2958 { 2959 if (!RtlCreateUnicodeStringFromAsciiz(&mod, name)) 2960 { 2961 nts = STATUS_NO_MEMORY; 2962 goto fail; 2963 } 2964 nts = LdrLoadDll(NULL, 0, &mod, phmod); 2965 RtlFreeUnicodeString(&mod); 2966 if (nts) goto fail; 2967 } 2968 2969 if (IMAGE_SNAP_BY_ORDINAL(pINT[id].u1.Ordinal)) 2970 nts = LdrGetProcedureAddress(*phmod, NULL, LOWORD(pINT[id].u1.Ordinal), (void**)&fp); 2971 else 2972 { 2973 const IMAGE_IMPORT_BY_NAME* iibn = get_rva(base, pINT[id].u1.AddressOfData); 2974 ANSI_STRING fnc; 2975 2976 RtlInitAnsiString(&fnc, (char*)iibn->Name); 2977 nts = LdrGetProcedureAddress(*phmod, &fnc, 0, (void**)&fp); 2978 } 2979 if (!nts) 2980 { 2981 pIAT[id].u1.Function = (ULONG_PTR)fp; 2982 return fp; 2983 } 2984 2985 fail: 2986 delayinfo.Size = sizeof(delayinfo); 2987 delayinfo.DelayloadDescriptor = desc; 2988 delayinfo.ThunkAddress = addr; 2989 delayinfo.TargetDllName = name; 2990 delayinfo.TargetApiDescriptor.ImportDescribedByName = !IMAGE_SNAP_BY_ORDINAL(pINT[id].u1.Ordinal); 2991 delayinfo.TargetApiDescriptor.Description.Ordinal = LOWORD(pINT[id].u1.Ordinal); 2992 delayinfo.TargetModuleBase = *phmod; 2993 delayinfo.Unused = NULL; 2994 delayinfo.LastError = nts; 2995 return dllhook(4, &delayinfo); 2996 } --- snip ---
$ sha1sum 17763.1.180914-1434.rs5_release_WindowsSDK.iso e702b5e5f2597d01eaee1eb1be7a34b0da0b6211 17763.1.180914-1434.rs5_release_WindowsSDK.iso
$ du -sh 17763.1.180914-1434.rs5_release_WindowsSDK.iso 815M 17763.1.180914-1434.rs5_release_WindowsSDK.iso
Regards
https://bugs.winehq.org/show_bug.cgi?id=46089
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |https://software-download.m | |icrosoft.com/download/pr/17 | |763.1.180914-1434.rs5_relea | |se_WindowsSDK.iso
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
filling fields.
The tool is described here:
https://docs.microsoft.com/en-us/windows/desktop/medfound/topoedit
Regards
https://bugs.winehq.org/show_bug.cgi?id=46089
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv@dawncrow.de
https://bugs.winehq.org/show_bug.cgi?id=46089
--- Comment #2 from André H. nerv@dawncrow.de --- Implementation based on tests: https://source.winehq.org/patches/data/153699
https://bugs.winehq.org/show_bug.cgi?id=46089
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED Fixed by SHA1| |95fa795fa1f8b416af097b61868 | |59ec32ea316d9
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/95fa795fa1f8b416af097b6186...
Thanks André
--- snip --- $ pwd /home/focht/projects/woa-winrt/win10sdk-install/Windows Kits/10/bin/10.0.17763.0/arm64
$ WINEDEBUG=+seh,+loaddll,+process wine64 ./topoedit.exe ... 0009:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\mf.dll" at 0x7fbc9b0000: builtin 0009:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\mfplat.dll" at 0x7fbc980000: builtin 0009:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\propsys.dll" at 0x7fbc940000: builtin 0009:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\api-ms-win-core-delayload-l1-1-1.dll" at 0x7fbc920000: builtin 0009:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll" at 0x7fbc900000: builtin 0009:trace:loaddll:load_native_dll Loaded L"Z:\home\focht\projects\woa-winrt\win10sdk-install\Windows Kits\10\bin\10.0.17763.0\arm64\tedutil.dll" at 0x180000000: native 0009:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\imm32.dll" at 0x7fbc6f0000: builtin 0009:trace:process:NtQueryInformationProcess (0xffffffffffffffff,0x00000007,0x22f988,0x00000008,(nil)) 0009:fixme:heap:RtlSetHeapInformation (nil) 1 (nil) 0 stub 0009:fixme:module:LdrResolveDelayLoadedAPI (0x140000000, 0x140022588, (nil), 0x7b494fa8, 0x140027010, 0x00000000), partial stub 0009:err:module:DelayLoadFailureHook failed to delay load ext-ms-win-shell-comctl32-init-l1-1-0.dll.InitCommonControlsEx 0009:trace:seh:raise_exception info[0]=00000001400215a0 0009:trace:seh:raise_exception info[1]=000000014002267e wine: Call from 0x7bcd0104 to unimplemented function ext-ms-win-shell-comctl32-init-l1-1-0.dll.InitCommonControlsEx, aborting 0009:trace:seh:call_stack_handlers calling handler at 0x7b4d6330 code=80000100 flags=1 wine: Unimplemented function ext-ms-win-shell-comctl32-init-l1-1-0.dll.InitCommonControlsEx called at address 0x7bcd0104 (thread 0009), starting debugger... 0009:trace:seh:start_debugger Starting debugger "winedbg --auto 8 80" --- snip ---
The system error hook is now called and the error is expected -> bug 46090 ("TopoEdit tool from Windows 10 SDK (10.0.17763.x) needs 'ext-ms-win-shell-comctl32-init-l1-1-0.dll' stub dll")
$ wine64 --version wine-3.20-41-gbae592cc96
Regards
https://bugs.winehq.org/show_bug.cgi?id=46089
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.21.
https://bugs.winehq.org/show_bug.cgi?id=46089
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |3.0.x
https://bugs.winehq.org/show_bug.cgi?id=46089
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|3.0.x |---
--- Comment #5 from Michael Stefaniuc mstefani@winehq.org --- Removing the 3.0.x milestone from bug fixes included in 3.0.5.
https://bugs.winehq.org/show_bug.cgi?id=46089
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://software-download.m |https://web.archive.org/web |icrosoft.com/download/pr/17 |/20190317015617/https://sof |763.1.180914-1434.rs5_relea |tware-download.microsoft.co |se_WindowsSDK.iso |m/download/pr/17763.1.18091 | |4-1434.rs5_release_WindowsS | |DK.iso
-
wine-bugs@winehq.org -
WineHQ Bugzilla