http://bugs.winehq.org/show_bug.cgi?id=33127
Bug #: 33127 Summary: installer of Thunder 7.9 hangs Product: Wine Version: 1.5.25 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: jactry92@gmail.com Classification: Unclassified
Created attachment 43815 --> http://bugs.winehq.org/attachment.cgi?id=43815 The Log
reproduce: 1. download and run it: 'wine Thunder7.9.1.4304.exe' 2. click "接受并安装" to accept the license and begin the installation It will hangs in 93%.
Wine: wine-1.5.25-36-gdb92670
Thunder: $ sha1sum Thunder7.9.1.4304.exe: 3ebb738b20878ed2e9c8f2340ec7f362a673404c
http://bugs.winehq.org/show_bug.cgi?id=33127
Jactry Zeng jactry92@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://down.sandai.net/thun | |der7/Thunder7.9.1.4304.exe
http://bugs.winehq.org/show_bug.cgi?id=33127
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Installer
http://bugs.winehq.org/show_bug.cgi?id=33127
lizhenbo litimetal@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |litimetal@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=33127
hanska2@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hanska2@luukku.com
--- Comment #1 from hanska2@luukku.com --- The same problem with 1.7.22
https://bugs.winehq.org/show_bug.cgi?id=33127
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |fracting@gmail.com Ever confirmed|0 |1
--- Comment #2 from Qian Hong fracting@gmail.com --- Still present in 1.7.26
https://bugs.winehq.org/show_bug.cgi?id=33127
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #3 from super_man@post.com --- Still the same.
Last lines
fixme:advapi:RegisterTraceGuidsW (0x45cf490e, 0x45d01360, {637a0f36-dff5-4b2f-83dd-b106c1c725e2}, 1, 0x33fd58, (null), (null), 0x45d01368): stub fixme:advapi:RegisterTraceGuidsW register trace class {637a0f36-dff5-4b2f-83dd-b106c1c725e2}
1.7.50
https://bugs.winehq.org/show_bug.cgi?id=33127
Michael Müller michael@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |michael@fds-team.de
--- Comment #4 from Michael Müller michael@fds-team.de --- The installer tries to execute the installed Thunder.exe at 93% and freezes because the started program enters an endless loop.
The root issue is caused by some custom packer in Thunder.exe. The packer tries to find some suitable address by iterating over the free / allocated memory blocks using VirtualQuery(). If VirtualQuery returns a free memory block which is large enough, the code tries to allocate the memory using VirtualAlloc.
The problem is that Wine pretends in NtQueryVirtualMemory that all memory, which is not part of Wine's memory management system, is allocated:
-------- /* not in a reserved area at all, pretend it's allocated */ #ifdef __i386__ if (base >= (char *)address_space_start) { info->State = MEM_RESERVE; info->Protect = PAGE_NOACCESS; info->AllocationProtect = PAGE_NOACCESS; info->Type = MEM_PRIVATE; } else #endif --------
Since the application just started and only searches for addresses >= the module base address, it can't find any free memory. The code to pretend that all memory is reserved, was added for 32 bit applications to fix bug 4078. Removing this code fixes the reported issue, but reintroduces the problem that Wine doesn't know if the memory block is really unused or if it is allocated by some system library.
The endless loop is caused by a programming mistake in the packer code. The code tries to iterate over all memory blocks by computing the next address using the returned BaseAddress and RegionSize. The problem is that they try to round the addresses to the next page boundary but swapped an addition with a subtraction. This breaks the iteration and in fact the code only tries two different addresses in an endless loop.
https://bugs.winehq.org/show_bug.cgi?id=33127
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Component|-unknown |ntdll Summary|installer of Thunder 7.9 |Thunder 7.9 installer gets |hangs |stuck at 93 percent with | |Thunder.exe live looping, | |trying to find free vm | |region
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
Since Michael already did the analysis part, just backing with some snippets.
ProtectionID scan:
--- snip --- -=[ ProtectionID v0.6.6.7 DECEMBER]=- (c) 2003-2015 CDKiLLER & TippeX Build 24/12/14-22:48:13 Ready... Scanning -> Z:\home\focht\Downloads\Thunder.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 11856840 (0B4EBC8h) Byte(s) Compilation TimeStamp : 0x512B5AE0 -> Mon 25th Feb 2013 12:36:48 (GMT) [TimeStamp] 0x512B5AE0 -> Mon 25th Feb 2013 12:36:48 (GMT) | PE Header | - | Offset: 0x00000118 | VA: 0x00400118 | - [TimeStamp] 0x512B5AE0 -> Mon 25th Feb 2013 12:36:48 (GMT) | DebugDirectory | - | Offset: 0x000E65D4 | VA: 0x004E71D4 | - -> File Appears to be Digitally Signed @ Offset 0B4D200h, size : 019C8h / 06600 byte(s) [!] Executable uses SEH Tables (/SAFESEH) (1001 calculated 1001 recorded... 0 invalid addresses) [File Heuristics] -> Flag #1 : 00000100000001001001000000000100 (0x04049004) [Entrypoint Section Entropy] : 6.46 (section #0) ".text " | Size : 0xE4E70 (937584) byte(s) [DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA [SectionCount] 7 (0x7) | ImageSize 0xB96000 (12148736) byte(s) [VersionInfo] Company Name : ????????????? [VersionInfo] Product Name : ??7 [VersionInfo] Product Version : 7.9.1.4304 [VersionInfo] File Description : ??7 [VersionInfo] File Version : 7.9.1.4304 [VersionInfo] Original FileName : Thunder [VersionInfo] Internal Name : Thunder 2 [VersionInfo] Legal Trademarks : ?? [VersionInfo] Legal Copyrights : ???? (C) 2013 ????????????? [Debug Info] (record 1 of 1) (file offset 0xE65D0) Characteristics : 0x0 | TimeDateStamp : 0x512B5AE0 (Mon 25th Feb 2013 12:36:48 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x4F (79) AddressOfRawData : 0xFD3F8 | PointerToRawData : 0xFC7F8 CvSig : 0x53445352 | SigGuid 343D115E-D22D-4638-A1A796AA7FB17A4C Age : 0x1 | Pdb : e:\Thunder8\trunk\build\pdb\ProductRelease\Thunder.pdb [CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008) [!] File appears to have no protection or is using an unknown protection - Scan Took : 2.223 Second(s) [000000AD9h (2777) tick(s)] [499 of 573 scan(s) done] --- snip ---
To reproduce:
--- snip --- $ WINEDEBUG=+tid,+seh,+relay wine "C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe" -associate:all -regprotocol:all -inittaskdb:all >>log.txt 2>&1 --- snip ---
Live loop:
--- snip --- ... 0027:Call msvcr90.??2@YAPAXI@Z(00000018) ret=00481fbe 0027:Call ntdll.RtlAllocateHeap(012c0000,00000000,00000018) ret=7e7c6e08 0027:Ret ntdll.RtlAllocateHeap() retval=012c3330 ret=7e7c6e08 0027:Ret msvcr90.??2@YAPAXI@Z() retval=012c3330 ret=00481fbe 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Call KERNEL32.VirtualQuery(3b830000,0033f128,0000001c) ret=004826fc 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Call KERNEL32.VirtualQuery(45cf0000,0033f128,0000001c) ret=004826fc 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc ... 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Call KERNEL32.VirtualQuery(45cf0000,0033f128,0000001c) ret=004826fc 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 0027:Ret msvcr90.memset() retval=0033f128 ret=004826e9 0027:Call KERNEL32.VirtualQuery(45ce2000,0033f128,0000001c) ret=004826fc 0027:Ret KERNEL32.VirtualQuery() retval=0000001c ret=004826fc 0027:Call msvcr90.memset(0033f128,00000000,0000001c) ret=004826e9 ... <sequence repeats> --- snip ---
--- snip --- Wine-dbg> info share
Module Address Debug info Name (147 modules) PE 340000- 37d000 Deferred xlluaruntime PE 380000- 3c6000 Deferred xlgraphicplus PE 400000- f96000 Export thunder PE fa0000- 105e000 Deferred xlgraphic PE 1060000- 12b2000 Deferred xlue PE 10000000-10035000 Deferred xlfsio PE 21490000-214ed000 Deferred basecommunity PE 218a0000-21ad5000 Deferred downloadkernel PE 21ea0000-21f8f000 Deferred libexpat PE 22040000-2206b000 Deferred libpng13 PE 220e0000-220e9000 Deferred minizip PE 222b0000-22329000 Deferred sqlite3 PE 22660000-2268a000 Deferred xlstat PE 226c0000-22709000 Deferred xlusers PE 22760000-22773000 Deferred zlib1 PE 45cf0000-45d04000 Deferred wlanapi PE 72fa0000-72fb0000 Deferred wzcsapi ELF 7b800000-7ba71000 Dwarf kernel32<elf> -PE 7b820000-7ba71000 \ kernel32 ELF 7bc00000-7bd04000 Dwarf ntdll<elf> -PE 7bc20000-7bd04000 \ ntdll ELF 7bf00000-7bf04000 Deferred <wine-loader> ... --- snip ---
The app considers the following ranges in search for regions marked as 'MEM_FREE' (0x10000).
--- snip --- (Kernel32_LoadLibraryA_addr & ~(PAGESIZE-1))-0x40000000 ... 0x50000000 <reserved> 0x80000000 <reserved> 0x80010000 ... 0xfff80000 --- snip ---
The hang could theoretically happen even on Windows if the first iteration doesn't find a free region (either module mappings or other types).
Regards
https://bugs.winehq.org/show_bug.cgi?id=33127
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://down.sandai.net/thun |https://web.archive.org/web |der7/Thunder7.9.1.4304.exe |/20130425201443if_/http://d | |own.sandai.net/thunder7/Thu | |nder7.9.1.4304.exe
--- Comment #6 from Gijs Vermeulen gijsvrm@gmail.com --- I tried installing this app a couple of times and it seemed to finish correctly. This could, of course, be by chance, but at least to me it seems to be fixed currently. I tested with wine-6.15.
Can anyone confirm?
Adding stable download that matches the SHA1 in the OP.
https://bugs.winehq.org/show_bug.cgi?id=33127
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Summary|Thunder 7.9 installer gets |Thunder 7.9 installer gets |stuck at 93 percent with |stuck at 93 percent with |Thunder.exe live looping, |WinVer set to 'Windows XP' |trying to find free vm |(Thunder.exe live looping, |region |trying to find free vm | |region)
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
the problem is still present if you set WinVer to 'Windows XP'.
With Wine 2.2 release, the installer started working but that's because of commit https://source.winehq.org/git/wine.git/commitdiff/6737ac70d6233f6b10f397ee8f... ("wine.inf: Set default Windows version to win7."). Likely different code paths somewhere, skipping (post) installer steps.
Michael's analysis is still valid.
Tidbit:
I'm still on Fedora 32 which has libX11 1.6.12 hence encountered bug 35041 ("Multiple apps and games crash with heap corruption or live-lock in libX11 (EA Origin, Garmin Express Fit, SMPlayer, LotRO launcher, Kindle for PC, Conan Exiles)('taskset -c 0 wine ./foo.exe' is a workaround)") another time.
Upstream fixes went in with libx11 1.7.0
Installer crash:
--- snip --- Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x7da105ec). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7da105ec ESP:024dbde0 EBP:7d273010 EFLAGS:00010206( R- -- I - -P- ) EAX:00000000 EBX:7db13430 ECX:00000011 EDX:00000000 ESI:7c509f00 EDI:7db15e18 ... Backtrace: =>0 0x7da105ec in libx11.so.6 (+0x505ec) (0x7d273010) 1 0x7da1ae19 _XCloseLC+0x78() in libx11.so.6 (0x7d273010) 2 0x7da1ae63 _XlcCurrentLC+0x32() in libx11.so.6 (0x7d273010) 3 0x7da13ad5 _Xlcmbstowcs+0xe4() in libx11.so.6 (0x7d273010) 4 0x7da13ba6 _Xmbstowcs+0x25() in libx11.so.6 (0x7d273010) 5 0x7da28adf in libx11.so.6 (+0x68ade) (0x7d273010) 6 0x7da26c94 _XimLocalOpenIM+0x403() in libx11.so.6 (0x7d30bec0) 7 0x7da251c2 _XimOpenIM+0xe1() in libx11.so.6 (0x7d30bec0) 8 0x7da0b0fa XOpenIM+0x39() in libx11.so.6 (0x024de4d8) 9 0x7dbb35cf open_xim+0x3e(display=0x7d300610) [/home/focht/projects/wine/mainline-src-2.2/dlls/winex11.drv/xim.c:343] in winex11 (0x024de4d8) 10 0x7dbb4580 X11DRV_SetupXIM+0x2f() [/home/focht/projects/wine/mainline-src-2.2/dlls/winex11.drv/xim.c:448] in winex11 (0x024de4e8) 11 0x7dbb1103 x11drv_init_thread_data+0x132() [/home/focht/projects/wine/mainline-src-2.2/dlls/winex11.drv/x11drv_main.c:669] in winex11 (0x024de588) 12 0x7dbaa362 X11DRV_WindowPosChanging+0x2d1(hwnd=<couldn't compute location>, insert_after=<couldn't compute location>, swp_flags=<couldn't compute location>, window_rect=<couldn't compute location>, client_rect=<couldn't compute location>, visible_rect=<couldn't compute location>, surface=<couldn't compute location>) [/home/focht/projects/wine/mainline-src-2.2/dlls/winex11.drv/x11drv.h:362] in winex11 (0x024de5f8) 13 0x7e8a9165 set_window_pos+0xa4(hwnd=0x10056, insert_after=(nil), swp_flags=0x14, window_rect=0x24de7b4, client_rect=0x24de7b4, valid_rects=(nil)) [/home/focht/projects/wine/mainline-src-2.2/dlls/user32/winpos.c:2070] in user32 (0x024de738) 14 0x7e8a5057 WIN_CreateWindowEx+0x566(cs=0x24de8d0, className=*** invalid address 0xc047 ***, module=0x400000, unicode=0x1) [/home/focht/projects/wine/mainline-src-2.2/dlls/user32/win.c:1599] in user32 (0x024de898) 15 0x7e89ee43 CreateWindowExW+0x9d(exStyle=<couldn't compute location>, className=<couldn't compute location>, windowName=<couldn't compute location>, style=<couldn't compute location>, x=<couldn't compute location>, y=<couldn't compute location>, width=<couldn't compute location>, height=<couldn't compute location>, parent=<couldn't compute location>, menu=<couldn't compute location>, instance=<couldn't compute location>, data=<couldn't compute location>) [/home/focht/projects/wine/mainline-src-2.2/dlls/user32/win.c:1777] in user32 (0x024de918) 16 0x00414931 in thunder7.9.1.4304 (+0x14930) (0x024dc047) 0x7da105ec: movl 0x0(%eax),%esi Modules: Module Address Debug info Name (86 modules) PE 400000- 21b3000 Export thunder7.9.1.4304 ... Threads: process tid prio (all id:s are in hex) 00000008 (D) Z:\home\focht\Downloads\Thunder7.9.1.4304.exe 00000032 0 <== 00000009 0 --- snip ---
Workaround:
--- snip --- $ taskset -c 0 wine ./Thunder7.9.1.4304.exe --- snip ---
$ sha1sum Thunder7.9.1.4304.exe 3ebb738b20878ed2e9c8f2340ec7f362a673404c Thunder7.9.1.4304.exe
$ du -sh Thunder7.9.1.4304.exe 30M Thunder7.9.1.4304.exe
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla