[Bug 26504] New: Unhandled exception: page fault on write access to "blah" in 32-bit code
http://bugs.winehq.org/show_bug.cgi?id=26504
Summary: Unhandled exception: page fault on write access to "blah" in 32-bit code Product: Wine Version: 1.1.42 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: NixonInnes@gmail.com
Created an attachment (id=33744) --> (http://bugs.winehq.org/attachment.cgi?id=33744) Some system descriptions & Application Log
Runes of Magic, a 3D application crashes on start-up.
I am running a 64-bit version of Debian "Squeeze", and the nVidia graphics drivers (installed via 'the debian way'), which to as far as my knowledge work fine. I have Wine version 1.1.42 and with it I have installed "Microsoft Visual C++ 2005" via 'winetricks'. VC++ is required by the application. I have also installed D3DX9.
http://bugs.winehq.org/show_bug.cgi?id=26504
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Unhandled exception: page |Runes of Magic crashes on |fault on write access to |start-up |"blah" in 32-bit code |
--- Comment #1 from Dmitry Timoshkov dmitry@codeweavers.com 2011-03-21 11:13:49 CDT --- Please retest with a more recent Wine version.
http://bugs.winehq.org/show_bug.cgi?id=26504
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW URL| |http://www.gameborder.com/d | |ownload.cgi?c=1071 Keywords| |download CC| |focht@gmx.net Ever Confirmed|0 |1 Summary|Runes of Magic crashes on |Runes of Magic 3.0.x: |start-up |"ClientUpdater.exe" crashes | |sometimes during updates on | |MD5 checksum processing | |(squirrel virtual machine)
--- Comment #2 from Anastasius Focht focht@gmx.net 2012-04-13 18:31:13 CDT --- Hello,
confirming. Happens sometimes, not reliably reproducible. This seems different from crash in bug 22856 which has 'wininet' origin.
The frequent restarting of client updater through parent client hampers debugging. I disabled wine JIT debugger/crash handler and to have a different debugger automatically attached when the crash happens. The callstack seems to indicate some MD5 checksumming functionality and a script engine/virtual machine being involved here.
Callstack (annotated):
--- snip ---- ... 093ED4D0 00430D6F ; RETURN from ClientUpdate.0042D7C0 to ClientUpdate.00430D6F 093ED4D4 0069CDD0 ; Arg1 = 69CDD0 093ED4D8 00000009 ; Arg2 = 9 093ED4DC 00000009 ; Arg3 = 9 093ED4E0 093ED548 ; Arg4 = 93ED548 093ED4E4 00000001 ; Arg5 = 1 093ED4E8 00000000 ; Arg6 = 0 ... 093ED528 00424890 ; RETURN from ClientUpdate.00430BC0 to ClientUpdate.00424890 093ED52C 0069CEB8 ; Arg1 = 69CEB8 093ED530 00000002 ; Arg2 = 2 093ED534 00000009 ; Arg3 = 9 093ED538 093ED548 ; Arg4 = 93ED548 093ED53C 00000001 ; Arg5 = 1 ... 093ED558 00414B36 ; RETURN from ClientUpdate.00424850 to ClientUpdate.00414B36 093ED55C 00000001 ; Arg1 = 1 ... 093ED588 00409A39 ; RETURN from ClientUpdate.00414AF0 to ClientUpdate.00409A39 093ED58C 093EDDBC ; Arg1 = UNICODE "Checking MD5" ... 093ED5C0 0040EA6B ; RETURN from ClientUpdate.004099F0 to ClientUpdate.0040EA6B 093ED5C4 093EDDBC ; Arg1 = UNICODE "Checking MD5" 093ED5C8 004D72F0 ; UNICODE "%s" 093ED5CC 0063D96C ; UNICODE "Checking MD5" 093ED5D0 004D7CBC ; UNICODE "MSG_MD5_CHECKING" ... --- snip ---
There are string references "SquirrelFunction<> call failed" and "Native stack overflow" around some code there.
This seems to be "Squirrel programming language" -> http://www.squirrel-lang.org
"SquirrelFunction<> call failed"
http://bgb.googlecode.com/svn-history/trunk/BGB/sqplus/sqplus.h
"Native stack overflow"
http://bgb.googlecode.com/svn-history/trunk/BGB/squirrel/sqvm.cpp
Google for +"SquirrelFunction<> call failed" and +"runes" yields some results so this also seems to happen on Windows sometimes. Might be even an application bug that manifests more frequently on Wine.
$ wine --version wine-1.5.2
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Runes of Magic Regards ... $ sha1sum ClientUpdate.exe 1a98df173daee596dbe20a84f3d2465d94053dd3 ClientUpdate.exe --- snip ---
Regards
http://bugs.winehq.org/show_bug.cgi?id=26504
--- Comment #3 from Anastasius Focht focht@gmx.net 2012-04-21 14:56:19 CDT --- Hello,
cleaning up my disk, hence adding some info before it gets lost (not fully analysed).
The client uses the builtin "Squirrel" script engine/vm and small scriptlets. The scripts can be found in a file called "vcfile.res" which is password-protected. The password can be easily found using a debugger -> "vcfile-dorkas629"
After unpacking the archive there will be GUI resources (.jpeg files) and scriptlets (.nut files):
--- snip --- $ ls -o *.nut -r--r--r--. 1 focht 248 Apr 30 2009 BeginDlgLayer.nut -r--r--r--. 1 focht 2810 Apr 30 2009 BeginDlg.nut -rw-rw-r--. 1 focht 24638 Jun 29 2010 configdata.nut -r--r--r--. 1 focht 4248 Sep 13 2009 ConfigLayout.nut -r--r--r--. 1 focht 3724 Sep 13 2009 config.nut -rw-rw-r--. 1 focht 4634 Oct 18 2011 flags.nut -rw-rw-r--. 1 focht 6120 Oct 18 2011 include.nut -r--r--r--. 1 focht 6918 Oct 15 2009 IniSliderBar.nut -r--r--r--. 1 focht 3956 Sep 10 2009 LanguageDlgLayout.nut -rw-rw-r--. 1 focht 4788 Oct 18 2011 language.nut -rw-rw-r--. 1 focht 6884 Mar 15 2010 LanguageSelectDlg.nut -rw-rw-r--. 1 focht 15276 Jun 30 2010 launcherLayer.nut -r--r--r--. 1 focht 8940 Feb 4 2010 Launcher.nut -rw-rw-r--. 1 focht 16152 Apr 19 2010 Main.nut -r--r--r--. 1 focht 1274 Mar 26 2009 MessageBoxDLG.nut -rw-rw-r--. 1 focht 1576 Mar 26 2009 MessageBoxLayout.nut -r--r--r--. 1 focht 1392 Feb 5 2010 stringdef.nut --- snip ---
The scriptlets are unicode.
Main.nut and Launcher.nut are probably the interesting ones. They seem to be closely tied to win32 API (window objects, messages/pump).
Example snippet (from Main.nut):
--- snip --- SQ.LoadModule("stringdef.nut"); SQ.LoadModule("include.nut"); SQ.LoadModule("flags.nut");
SQ.LoadModule("MessageBoxDlg.nut"); SQ.LoadModule("Config.nut");
SQ.LoadModule( "language.nut"); SQ.LoadModule("LanguageSelectDlg.nut"); SQ.LoadModule("Launcher.nut");
g_config<-Ini(config); g_runeDevConfig<-Ini(runeDev);
class MainFrame extends FrameWnd { ...
function Notify( msg) { //print(msg.sType); //
if (msg.sType=="timer") { // //print(msg.pSender.GetName());
if (msg.pSender.GetName()=="cur_ProgressBar") { if (msg.wParam==100) { local now=VC.GetDLFileSizeNow(); local max=VC.GetDLFileSizeMax(); _page.CurlProgress(now,max); local speed=VC.GetDLSpeed();
local listmsg=format("(%.2f KB/s) ",speed/1024); SetProPostMessage(listmsg);
if (max>100 && now>0) {
local par=now*100/ max; par=par*(50)/100.0; SetToTalProgressBar(par+30); } } if (msg.wParam==101) { local par=VC.MD5_GetPar();
_page.CurlProgress(par,100); } } } ... --- snip ---
The scriptlets itself might not really be part of the problem (could be anything, script engine/virtual machine/runtime itself) but it's always useful to have a high-level language view which can be partly mapped to relay trace log/win32 API call sequences.
Regards
https://bugs.winehq.org/show_bug.cgi?id=26504
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.gameborder.com/d |http://www.gamestar.de/_mis |ownload.cgi?c=1071 |c/downloads/getDLUrl.cfm?dl | |Id=52301
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
I can't reproduce this anymore but I found a nasty mshtml bug exhibited by the client updater which will be subject to a new bug.
The client updater now fails to downloaded early 3.0.x patch files automatically because the old download server URL is broken/offline:
--- snip --- ... 0034:Call KERNEL32.lstrlenW(00a5d57c L"http://frogster.vo.llnwd.net/o9/patch/en/patch_3.0.5.2262.en_3.0.5.2284.en.e...") ret=00401587 ... 0045:Call user32.CharNextW(00507c3e L"File patch_3.0.5.2262.en_3.0.5.2284.en.exe download error") ret=004517d6 ... --- snip ---
The download URL is encoded in a file which lives in 'update.inf' - a disguised password-protected .zip archive (can be broken and repacked but that's not the point here).
Manually download a few patch files from 'patch_3.0.5.2262.en_3.0.5.2284.en.exe' up to 'patch_3.0.8.2336.en_3.0.8.2349.en.exe' and place them into game folder. Execute them manually in order to update the client until build 2349. After that the download URL will point to new server.
Here is a site which carries all patches: http://rom.tagdocs.de/
$ wine --version wine-1.7.20
Regards
https://bugs.winehq.org/show_bug.cgi?id=26504
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
resolving 'fixed'.
Follow-up bug is 36731
Regards
https://bugs.winehq.org/show_bug.cgi?id=26504
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.21.
-
wine-bugs@winehq.org