https://bugs.winehq.org/show_bug.cgi?id=49165
Bug ID: 49165 Summary: Crash when trying to open Veracrypt Product: Wine Version: 5.8 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: mikrutrafal54@gmail.com Distribution: ---
Created attachment 67184 --> https://bugs.winehq.org/attachment.cgi?id=67184 Veracrypt log
I'm not sure if this is fixable bug, because Veracrypt probably use a lot of low level functions.
https://launchpad.net/veracrypt/trunk/1.24-update6/+download/VeraCrypt%20Por...
Steps to reproduce: - Download - Extract/Install project - Run
https://bugs.winehq.org/show_bug.cgi?id=49165
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Status|UNCONFIRMED |NEW Ever confirmed|0 |1 CC| |xerox.xerox2000x@gmail.com URL| |https://launchpad.net/verac | |rypt/trunk/1.24-update6/+do | |wnload/VeraCrypt%20Portable | |%201.24-Update6.exe
--- Comment #1 from Louis Lenders xerox.xerox2000x@gmail.com --- Confirming +add some info to fields.
I'm not sure if this is fixable bug, because Veracrypt probably use a lot of low >level functions.
I fear with you ;)
Regards
00ec:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\Device\VeraCrypt" 80 0000000000DAF600 0000000000DAF608 wine: Unhandled page fault on write access to 0000000000A9DFD0 at address 0000000067A13931 (thread 00ec), starting debugger... 005c:err:service:process_send_command service protocol error - failed to read pipe r = 0 count = 0!
https://bugs.winehq.org/show_bug.cgi?id=49165
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|Crash when trying to open |VeraCrypt 1.24 filter |Veracrypt |driver 'veracrypt_x64.sys' | |crashes in entry point | |('IoGetDeviceObjectPointer' | |must not return a stub | |device if the device object | |doesn't exist) Component|-unknown |ntoskrnl
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
https://web.archive.org/web/20200319114317/https://launchpadlibrarian.net/46...
Trace log:
--- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl wine ./VeraCrypt.exe >>log.txt 2>&1 ... 00ec:Call driver init 0000000000D57600 (obj=00000000000FBC70,str=L"\Registry\Machine\System\CurrentControlSet\Services\veracrypt") ... 00ec:Call ntoskrnl.exe.MmGetSystemRoutineAddress(00b5f740) ret=00d5718a ... 00ec:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryActiveProcessorCountEx" not found 00ec:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00000000 ret=00d5718a 00ec:trace:seh:raise_exception code=c0000096 flags=0 addr=0xc8a983 ip=c8a983 tid=00ec 00ec:trace:seh:raise_exception rax=0000000000b5f6b8 rbx=0000000000d57600 rcx=0000000000d577d0 rdx=0000000000222004 00ec:trace:seh:raise_exception rsi=0000000000000000 rdi=0000000000d577d0 rbp=0000000000b5f669 rsp=0000000000b5f5b0 00ec:trace:seh:raise_exception r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 00ec:trace:seh:raise_exception r12=0000000000000000 r13=0000000000222004 r14=0000000000000001 r15=0000000000000000 00ec:trace:seh:call_vectored_handlers calling handler at 0x22cf50 code=c0000096 flags=0 00ec:trace:seh:call_vectored_handlers handler at 0x22cf50 returned ffffffff 00ec:Call ntoskrnl.exe.RtlInitUnicodeString(00b5f660,00d577d0 L"\Device\VeraCrypt") ret=00c8a9b2 00ec:Call ntdll.RtlInitUnicodeString(00b5f660,00d577d0 L"\Device\VeraCrypt") ret=7bca1eff 00ec:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7bca1eff 00ec:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=00000024 ret=00c8a9b2 00ec:Call ntoskrnl.exe.IoGetDeviceObjectPointer(00b5f660,00000080,00b5f600,00b5f608) ret=00c8a9c9 00ec:Call KERNEL32.IsBadStringPtrW(00d577d0,00000011) ret=00235647 00ec:Ret KERNEL32.IsBadStringPtrW() retval=00000000 ret=00235647 00ec:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\Device\VeraCrypt" 80 0000000000B5F600 0000000000B5F608 00ec:Ret ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=00c8a9c9 00ec:Call ntoskrnl.exe.KeInitializeEvent(00b5f670,00000000,00000000) ret=00c8a9e0 00ec:trace:ntoskrnl:KeInitializeEvent event 0000000000B5F670, type 0, state 0. 00ec:Ret ntoskrnl.exe.KeInitializeEvent() retval=00000029 ret=00c8a9e0 00ec:Call ntoskrnl.exe.IoBuildDeviceIoControlRequest(00222004,00259578,00000000,00000000,00b5f718,00000004,00000000,00b5f670,00b5f688) ret=00c8aa1a 00ec:trace:ntoskrnl:IoBuildDeviceIoControlRequest 222004, 0000000000259578, 0000000000000000, 0, 0000000000B5F718, 4, 0, 0000000000B5F670, 0000000000B5F688 00ec:trace:ntoskrnl:IoAllocateIrp -128, 0 00ec:Call ntdll.RtlAllocateHeap(008e0000,00000000,00000310) ret=0022f10d 00ec:Ret ntdll.RtlAllocateHeap() retval=008e0330 ret=0022f10d 00ec:trace:ntoskrnl:ExAllocatePoolWithTag 784 pool 0 -> 00000000008E0330 00ec:trace:ntoskrnl:IoInitializeIrp 00000000008E0330, 784, -128 00ec:Call msvcrt.memset(008e0330,00000000,00000310) ret=0022f1a7 00ec:Ret msvcrt.memset() retval=008e0330 ret=0022f1a7 00ec:trace:seh:raise_exception code=c0000005 flags=0 addr=0x22f9b8 ip=22f9b8 tid=00ec 00ec:trace:seh:raise_exception info[0]=0000000000000001 00ec:trace:seh:raise_exception info[1]=00000000008ddfb8 00ec:trace:seh:raise_exception rax=00000000008de000 rbx=0000000000222004 rcx=00007f2d1af1da0e rdx=0000000000000037 00ec:trace:seh:raise_exception rsi=00000000008e0330 rdi=0000000000000000 rbp=0000000000000000 rsp=0000000000b5f470 00ec:trace:seh:raise_exception r8=0000000000000000 r9=0000000000b5ec02 r10=0000000000000000 r11=0000000000000000 00ec:trace:seh:raise_exception r12=0000000000b5f718 r13=0000000000000004 r14=0000000000000000 r15=0000000000b5f688 00ec:trace:seh:call_vectored_handlers calling handler at 0x22cf50 code=c0000005 flags=0 00ec:trace:seh:call_vectored_handlers handler at 0x22cf50 returned 0 ... --- snip ---
The driver is open source so it's rather boring.
https://www.veracrypt.fr/code/VeraCrypt/tree/src/Driver/Ntdriver.c?h=VeraCry...
--- snip --- NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) { PKEY_VALUE_PARTIAL_INFORMATION startKeyValue; LONG version; int i;
Dump ("DriverEntry " TC_APP_NAME " " VERSION_STRING VERSION_STRING_SUFFIX "\n");
DetectX86Features ();
PsGetVersion (&OsMajorVersion, &OsMinorVersion, NULL, NULL);
Dump ("OsMajorVersion=%d OsMinorVersion=%d\n", OsMajorVersion, OsMinorVersion);
// NX pool support is available starting from Windows 8 if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2)) { ExDefaultNonPagedPoolType = (POOL_TYPE) NonPagedPoolNx; ExDefaultMdlProtection = MdlMappingNoExecute; }
// KeAreAllApcsDisabled is available starting from Windows Server 2003 if ((OsMajorVersion > 5) || (OsMajorVersion == 5 && OsMinorVersion >= 2)) { UNICODE_STRING KeAreAllApcsDisabledFuncName; RtlInitUnicodeString(&KeAreAllApcsDisabledFuncName, L"KeAreAllApcsDisabled");
KeAreAllApcsDisabledPtr = (KeAreAllApcsDisabledFn) MmGetSystemRoutineAddress(&KeAreAllApcsDisabledFuncName); }
// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7 // KeQueryActiveGroupCount/KeQueryActiveProcessorCountEx/KeSetSystemGroupAffinityThread are available starting from Windows 7 if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1)) { UNICODE_STRING saveFuncName, restoreFuncName, groupCountFuncName, procCountFuncName, setAffinityFuncName; RtlInitUnicodeString(&saveFuncName, L"KeSaveExtendedProcessorState"); RtlInitUnicodeString(&restoreFuncName, L"KeRestoreExtendedProcessorState"); RtlInitUnicodeString(&groupCountFuncName, L"KeQueryActiveGroupCount"); RtlInitUnicodeString(&procCountFuncName, L"KeQueryActiveProcessorCountEx"); RtlInitUnicodeString(&setAffinityFuncName, L"KeSetSystemGroupAffinityThread"); KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName); KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName); KeSetSystemGroupAffinityThreadPtr = (KeSetSystemGroupAffinityThreadFn) MmGetSystemRoutineAddress(&setAffinityFuncName); KeQueryActiveGroupCountPtr = (KeQueryActiveGroupCountFn) MmGetSystemRoutineAddress(&groupCountFuncName); KeQueryActiveProcessorCountExPtr = (KeQueryActiveProcessorCountExFn) MmGetSystemRoutineAddress(&procCountFuncName); }
// ExGetFirmwareEnvironmentVariable is available starting from Windows 8 if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2)) { UNICODE_STRING funcName; RtlInitUnicodeString(&funcName, L"ExGetFirmwareEnvironmentVariable"); ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName); }
// Load dump filter if the main driver is already loaded if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version)))) return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath);
TCDriverObject = DriverObject; memset (VirtualVolumeDeviceObjects, 0, sizeof (VirtualVolumeDeviceObjects)); ... --- snip ---
"Load dump filter if the main driver is already loaded". The drivers asks for it's own driver object '\Device\VeraCrypt' which isn't created yet (first time driver init/entry).
https://www.veracrypt.fr/code/VeraCrypt/tree/src/Driver/Ntdriver.c?h=VeraCry...
--- snip --- NTSTATUS TCDeviceIoControl (PWSTR deviceName, ULONG IoControlCode, void *InputBuffer, ULONG InputBufferSize, void *OutputBuffer, ULONG OutputBufferSize) { IO_STATUS_BLOCK ioStatusBlock; NTSTATUS ntStatus; PIRP irp; PFILE_OBJECT fileObject; PDEVICE_OBJECT deviceObject; KEVENT event; UNICODE_STRING name;
if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled()) { TCDeviceIoControlWorkItemArgs args;
PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject); if (!workItem) return STATUS_INSUFFICIENT_RESOURCES;
args.deviceName = deviceName; args.IoControlCode = IoControlCode; args.InputBuffer = InputBuffer; args.InputBufferSize = InputBufferSize; args.OutputBuffer = OutputBuffer; args.OutputBufferSize = OutputBufferSize;
KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE); IoQueueWorkItem (workItem, TCDeviceIoControlWorkItemRoutine, DelayedWorkQueue, &args);
KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL); IoFreeWorkItem (workItem);
return args.Status; }
RtlInitUnicodeString(&name, deviceName); ntStatus = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject);
if (!NT_SUCCESS (ntStatus)) return ntStatus;
KeInitializeEvent(&event, NotificationEvent, FALSE); ...
--- snip ---
Wine returns a stub driver object in any case which is bad.
https://source.winehq.org/git/wine.git/blob/9e26bc811656ad8eb901bffa5528b9ce...
--- snip --- 1648 /*********************************************************************** 1649 * IoGetDeviceObjectPointer (NTOSKRNL.EXE.@) 1650 */ 1651 NTSTATUS WINAPI IoGetDeviceObjectPointer( UNICODE_STRING *name, ACCESS_MASK access, PFILE_OBJECT *file, PDEVICE_OBJECT *device ) 1652 { 1653 static DEVICE_OBJECT stub_device; 1654 static DRIVER_OBJECT stub_driver; 1655 1656 FIXME( "stub: %s %x %p %p\n", debugstr_us(name), access, file, device ); 1657 1658 stub_device.StackSize = 0x80; /* minimum value to appease SecuROM 5.x */ 1659 stub_device.DriverObject = &stub_driver; 1660 1661 *file = NULL; 1662 *device = &stub_device; 1663 1664 return STATUS_SUCCESS; 1665 } --- snip ---
The crash is in 'IoBuildDeviceIoControlRequest' -> IoGetNextIrpStackLocation() -> irpsp access which is the result of earlier misconception.
https://source.winehq.org/git/wine.git/blob/9e26bc811656ad8eb901bffa5528b9ce...
--- snip --- 1200 /*********************************************************************** 1201 * IoBuildDeviceIoControlRequest (NTOSKRNL.EXE.@) 1202 */ 1203 PIRP WINAPI IoBuildDeviceIoControlRequest( ULONG code, PDEVICE_OBJECT device, 1204 PVOID in_buff, ULONG in_len, 1205 PVOID out_buff, ULONG out_len, 1206 BOOLEAN internal, PKEVENT event, 1207 PIO_STATUS_BLOCK iosb ) 1208 { 1209 PIRP irp; 1210 PIO_STACK_LOCATION irpsp; 1211 MDL *mdl; 1212 1213 TRACE( "%x, %p, %p, %u, %p, %u, %u, %p, %p\n", 1214 code, device, in_buff, in_len, out_buff, out_len, internal, event, iosb ); 1215 1216 if (device == NULL) 1217 return NULL; 1218 1219 irp = IoAllocateIrp( device->StackSize, FALSE ); 1220 if (irp == NULL) 1221 return NULL; 1222 1223 irpsp = IoGetNextIrpStackLocation( irp ); 1224 irpsp->MajorFunction = internal ? IRP_MJ_INTERNAL_DEVICE_CONTROL : IRP_MJ_DEVICE_CONTROL; 1225 irpsp->Parameters.DeviceIoControl.IoControlCode = code; 1226 irpsp->Parameters.DeviceIoControl.InputBufferLength = in_len; 1227 irpsp->Parameters.DeviceIoControl.OutputBufferLength = out_len; 1228 irpsp->DeviceObject = NULL; 1229 irpsp->CompletionRoutine = NULL; 1230 --- snip ---
A similar case is bug 27668 ("SecuROM 4.x/5.x: SpellForce won't recognize original CD during install/play ('IoGetDeviceObjectPointer' needs to return real device/driver object for '\Device\CdRom0')").
In any case, this filter driver relies on layered kernel driver architecture. Until Wine has a proper design and implementation of a layered kernel driver concept this can't work.
Even then, due to the nature of this kernel driver this not going to work under Wine. FYI there is a native Linux port if dm-crypt / LUKS doesn't fit your requirements.
$ sha1sum VeraCrypt\ Portable\ 1.24-Update6.exe 489e85916d2f93f1664110d987132d678178d83b VeraCrypt Portable 1.24-Update6.exe
$ du -sh VeraCrypt\ Portable\ 1.24-Update6.exe 35M VeraCrypt Portable 1.24-Update6.exe
$ wine --version wine-5.8-173-g9e26bc8116
Regards
https://bugs.winehq.org/show_bug.cgi?id=49165
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com
--- Comment #3 from Zebediah Figura z.figura12@gmail.com --- For what it's worth, Wine does mostly have a proper implementation of layered drivers; we use it for PnP drivers. What blocks this bug is (1) the relevant driver loads in a different address space from the device it's trying to access, because we currently separate most drivers from each other; (2) we don't send all file access to the relevant device anyway. (1) may be solvable, depending on the reasons for doing it, but (2) almost certainly makes this a WONTFIX.
https://bugs.winehq.org/show_bug.cgi?id=49165
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://launchpad.net/verac |https://web.archive.org/web |rypt/trunk/1.24-update6/+do |/20200319114317/https://lau |wnload/VeraCrypt%20Portable |nchpadlibrarian.net/4686578 |%201.24-Update6.exe |62/VeraCrypt%20Portable%201 | |.24-Update6.exe Summary|VeraCrypt 1.24 filter |Multiple kernel drivers |driver 'veracrypt_x64.sys' |crash in entry point due to |crashes in entry point |'IoGetDeviceObjectPointer' |('IoGetDeviceObjectPointer' |returning a stub device |must not return a stub |when the device object |device if the device object |doesn't exist (VeraCrypt |doesn't exist) |1.24 'veracrypt_x64.sys', | |NAV 2010 'ccHPx64.sys')
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
adding another driver and refining summary for collecting.
Symantec Hash Provider driver 'ccHP' from Norton Antivirus 2010.
https://web.archive.org/web/20111104092310/http://spftrl.digitalriver.com/pu...
NOTE: Needs multiple prerequisite bugs fixed or worked around before coming to this place.
* bug 34083 ("Norton/Symantec AntiVirus 10.x installers fail to validate embedded certificate (CERT with multiple OU fields, crypt32.CertGetNameStringW must return RDNs in reverse order)")
* bug 50431 ("SCM erroneously tries to start 64-bit kernel drivers as 32-bit service when 'ImagePath' contains '\SystemRoot\system32\drivers' and 'WOW64=1')"
To debug driver crashes it's best to disable autostart. Change start type to "manual" (3).
--- snip --- [System\CurrentControlSet\Services\ccHP] ... "Start"=dword:00000003 --- snip ---
--- snip --- $ WINEDEBUG=+seh,+relay,+loaddll,+ntoskrnl wine net start ccHP >>log.txt 2>&1 ... 0054:trace:ntoskrnl:load_driver loading driver L"C:\windows\system32\drivers\NAVx64\1100000.088\ccHPx64.sys" 0054:Call KERNEL32.LoadLibraryW(00041490 L"C:\windows\system32\drivers\NAVx64\1100000.088\ccHPx64.sys") ret=0032606e ... 0054:Ret KERNEL32.LoadLibraryW() retval=00d60000 ret=0032606e ... 0054:Call driver init 0000000000DF8008 (obj=0000000000042DD0,str=L"\Registry\Machine\System\CurrentControlSet\Services\ccHP") ... 0054:Call ntoskrnl.exe.IoWMIRegistrationControl(00def6c8,80010001) ret=00d61775 0054:fixme:ntoskrnl:IoWMIRegistrationControl (0000000000DEF6C8 2147549185) stub 0054:Ret ntoskrnl.exe.IoWMIRegistrationControl() retval=00000000 ret=00d61775 0054:Call ntoskrnl.exe.IoGetDeviceObjectPointer(00c3f710,001f01ff,00c3f708,00c3f700) ret=00d61c9f ... 0054:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\Device\SYMEFA" 1f01ff 0000000000C3F708 0000000000C3F700 0054:Ret ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=00d61c9f 0054:Call ntoskrnl.exe.IoBuildSynchronousFsdRequest(0000001b,0034d5c8,00000000,00000000,00000000,00c3f720,00c3f738) ret=00d61d1b 0054:trace:ntoskrnl:IoBuildSynchronousFsdRequest (27 000000000034D5C8 0000000000000000 0 0000000000000000 0000000000C3F738) 0054:trace:ntoskrnl:IoBuildAsynchronousFsdRequest (27 000000000034D5C8 0000000000000000 0 0000000000000000 0000000000C3F738) 0054:trace:ntoskrnl:IoAllocateIrp -128, 0 0054:Call ntdll.RtlAllocateHeap(009c0000,00000000,00000310) ret=0031fab9 0054:Ret ntdll.RtlAllocateHeap() retval=009c03b0 ret=0031fab9 0054:trace:ntoskrnl:ExAllocatePoolWithTag 784 pool 0 -> 00000000009C03B0 0054:trace:ntoskrnl:IoInitializeIrp 00000000009C03B0, 784, -128 0054:Call msvcrt.memset(009c03b0,00000000,00000310) ret=0031fb53 0054:Ret msvcrt.memset() retval=009c03b0 ret=0031fb53 0054:trace:seh:dispatch_exception code=c0000005 flags=0 addr=000000000032069E ip=000000000032069E tid=0054 0054:trace:seh:dispatch_exception info[0]=0000000000000001 0054:trace:seh:dispatch_exception info[1]=00000000009be038 0054:trace:seh:dispatch_exception rax=00000000009c03b0 rbx=000000000000001b rcx=00000000e421390f rdx=0000000000000037 0054:trace:seh:dispatch_exception rsi=000000000034d5c8 rdi=00000000009c03b0 rbp=0000000000c3f560 rsp=0000000000c3f510 0054:trace:seh:dispatch_exception r8=0000000000000000 r9=0000000000000000 r10=0000000000c3efe2 r11=0000000000000000 0054:trace:seh:dispatch_exception r12=00000000009be080 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 0054:trace:seh:call_vectored_handlers calling handler at 000000000031D2F0 code=c0000005 flags=0 0054:trace:seh:call_vectored_handlers handler at 000000000031D2F0 returned 0 0054:trace:seh:call_vectored_handlers calling handler at 000000007B011BA0 code=c0000005 flags=0 0054:trace:seh:call_vectored_handlers handler at 000000007B011BA0 returned 0 --- snip ---
Virustotal.com scan of the installer binary:
https://www.virustotal.com/gui/file/b8110fba782df5f9bfc25d39315b5ccd1f375b20...
$ sha1sum NAV10TBEN.exe eadfb9c860146186c548aba695a9be87607f5586 NAV10TBEN.exe
$ du -sh NAV10TBEN.exe 74M NAV10TBEN.exe
$ wine --version wine-6.0-rc4
Regards
https://bugs.winehq.org/show_bug.cgi?id=49165
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Multiple kernel drivers |Multiple kernel drivers |crash in entry point due to |crash in entry point due to |'IoGetDeviceObjectPointer' |'IoGetDeviceObjectPointer' |returning a stub device |returning a stub device |when the device object |when the device object |doesn't exist (VeraCrypt |doesn't exist (VeraCrypt |1.24 'veracrypt_x64.sys', |1.24 'veracrypt_x64.sys', |NAV 2010 'ccHPx64.sys') |NAV 2010 'ccHPx64.sys', | |Protect DiSC | |'acedrv11.sys') Keywords| |obfuscation
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Adding another driver 'acedrv11.sys' from 'Protect DiSC' DRM scheme (continuation of bug 39734)
https://web.archive.org/web/20210701055235/https://dl.4players.de/f1/pc/cobr...
NOTE: The driver service startup suffers from bug 50431 (remove 'WOW64' driver key).
--- snip --- $ pwd /home/focht/.wine/drive_c/windows/system32/drivers
$ file acedrv11.sys acedrv11.sys: PE32+ executable (native) x86-64, for MS Windows --- snip ---
--- snip --- $ WINEDEBUG=+seh,+relay,+server,+ntoskrnl,+loaddll,+module wine net start acedrv11 >>log.txt 2>&1 ... 0120:trace:loaddll:build_module Loaded L"C:\windows\system32\drivers\acedrv11.sys" at 0000000000DC0000: native ... 0120:trace:module:process_attach (L"acedrv11.sys",0000000000000000) - START 0120:Call LDR notification callback (proc=0000000000367A00,reason=1,data=0000000000C7F2A0,context=0000000000000000) ... 0120:trace:ntoskrnl:ldr_notify_callback loading L"acedrv11.sys" ... 0120:Ret LDR notification callback (proc=0000000000367A00,reason=1,data=0000000000C7F2A0,context=0000000000000000) 0120:trace:module:process_attach (L"acedrv11.sys",0000000000000000) - END 0120:Ret ntdll.LdrLoadDll() retval=00000000 ret=7b020d66 ... 0120:Ret kernelbase.LoadLibraryExW() retval=00dc0000 ret=7bc42e5f 0120:Ret KERNEL32.LoadLibraryExW() retval=00dc0000 ret=003664b6 ... 0120:Call driver init 0000000000DE9008 (obj=0000000000173930,str=L"\Registry\Machine\System\CurrentControlSet\Services\acedrv11") ... 0120:Call ntoskrnl.exe.IoCreateDevice(00173930,00000048,00c7f6c8,00000022,00000000,00000000,00c7f6c0) ret=00e09947 ... 0120:trace:ntoskrnl:IoCreateDevice (0000000000173930, 72, L"\Device\PCDDRV11", 34, 0, 0, 0000000000C7F6C0) 0120:Call ntdll.RtlAllocateHeap(00140000,00000008,000001a8) ret=00361a7e 0120:Ret ntdll.RtlAllocateHeap() retval=001742a0 ret=00361a7e 0120: create_device( rootdir=0000, user_ptr=001742b0, manager=0040, name=L"\Device\PCDDRV11" ) 0120: create_device() = 0 0034:Call ntdll.RtlEnterCriticalSection(7f9c6bdbea20) ret=7f9c6bd6bd9d 0120:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=00e09947 ... 0120:Call ntoskrnl.exe.IoCreateSymbolicLink(00c7f6f8,00c7f6c8) ret=00e0996f ... 0120:trace:ntoskrnl:IoCreateSymbolicLink L"\DosDevices\ACEDRV11" -> L"\Device\PCDDRV11" 0120:Call ntdll.NtCreateSymbolicLinkObject(00c7f5b0,000f0001,00c7f5b8,00c7f6c8) ret=00361ffd 0120: create_symlink( access=000f0001, objattr={rootdir=0000,attributes=000000d0,sd={},name=L"\DosDevices\ACEDRV11"}, target_name=L"\Device\PCDDRV11" ) 0120: create_symlink() = 0 { handle=0048 } 0120:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=00361ffd ... 0120:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=00e0996f ... 0120:Call ntoskrnl.exe.IoGetDeviceObjectPointer(00c7f6c8,00000080,00c7f740,00c7f738) ret=00dc86fe ... 0120:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\DosDevices\CdRom0" 80 0000000000C7F740 0000000000C7F738 0120:Ret ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=00dc86fe 0120:Call ntoskrnl.exe.ExAllocatePool(00000000,000000b8) ret=00de1064 0120:Call ntdll.RtlAllocateHeap(00a00000,00000000,000000b8) ret=0035ffc8 0120:Ret ntdll.RtlAllocateHeap() retval=00a00470 ret=0035ffc8 0120:trace:ntoskrnl:ExAllocatePoolWithTag 184 pool 0 -> 0000000000A00470 0120:Ret ntoskrnl.exe.ExAllocatePool() retval=00a00470 ret=00de1064 0120:Call ntoskrnl.exe.KeInitializeEvent(00a00478,00000000,00000000) ret=00de1187 0120:trace:ntoskrnl:KeInitializeEvent event 0000000000A00478, type 0, state 0. 0120:Ret ntoskrnl.exe.KeInitializeEvent() retval=00000029 ret=00de1187 0120:Call ntoskrnl.exe.IoBuildSynchronousFsdRequest(00000003,0038d5c8,00de6ec0,00000060,00c7f650,00a00478,00c7f658) ret=00e0bc4b 0120:trace:ntoskrnl:IoBuildSynchronousFsdRequest (3 000000000038D5C8 0000000000DE6EC0 96 0000000000C7F650 0000000000C7F658) 0120:trace:ntoskrnl:IoBuildAsynchronousFsdRequest (3 000000000038D5C8 0000000000DE6EC0 96 0000000000C7F650 0000000000C7F658) 0120:trace:ntoskrnl:IoAllocateIrp -128, 0 0120:Call ntdll.RtlAllocateHeap(00a00000,00000000,00000310) ret=0035fea9 0120:Ret ntdll.RtlAllocateHeap() retval=00a00540 ret=0035fea9 0120:trace:ntoskrnl:ExAllocatePoolWithTag 784 pool 0 -> 0000000000A00540 0120:trace:ntoskrnl:IoInitializeIrp 0000000000A00540, 784, -128 0120:Call msvcrt.memset(00a00540,00000000,00000310) ret=0035ff43 0120:Ret msvcrt.memset() retval=00a00540 ret=0035ff43 0120:trace:seh:dispatch_exception code=c0000005 flags=0 addr=0000000000360A9E ip=0000000000360A9E tid=0120 0120:trace:seh:dispatch_exception info[0]=0000000000000001 0120:trace:seh:dispatch_exception info[1]=00000000009fe1c8 0120:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception (code=c0000005) raised 0120:trace:seh:dispatch_exception rax=0000000000a00540 rbx=0000000000000003 rcx=0000000000c9ea80 rdx=0000000000000000 0120:trace:seh:dispatch_exception rsi=000000000038d5c8 rdi=0000000000a00540 rbp=0000000000c7f480 rsp=0000000000c7f430 0120:trace:seh:dispatch_exception r8=0000000000000000 r9=0000000000000030 r10=00007f732f8a6768 r11=0000000000000000 0120:trace:seh:dispatch_exception r12=00000000009fe210 r13=0000000000c7f650 r14=0000000000000060 r15=0000000000de6ec0 0120:trace:seh:call_vectored_handlers calling handler at 000000000035D380 code=c0000005 flags=0 0120:trace:seh:call_vectored_handlers handler at 000000000035D380 returned 0 ... wine: Unhandled page fault on write access to 00000000009FE1C8 at address 0000000000360A9E (thread 0120), starting debugger... --- snip ---
$ sha1sum BurningWheelsDemo.exe 6dc03653b97a0336a5c57fc4b04af61e3ebcee5e BurningWheelsDemo.exe
$ du -sh BurningWheelsDemo.exe 286M BurningWheelsDemo.exe
$ wine --version wine-6.11-235-g7f1623bc626
Regards
-
WineHQ Bugzilla