Hi, All:
I also find out 2 special things (1) The address of the array which causes the exception happens to be the memory-mapped address of comctl32.dll (check the /proc/../smaps) (2) If the address of the array is pointing to heap (from my malloc), or some other places which are not occupied by any dll, then "no" exception will occur
Originally I doubt the exception may be the bug of the RPC library I am using (libc6-dev package inside Ubuntu). However, if that's the case, my malloc pointer should also cause exception (but it doesn't)
Still hope someone can give a hint on how to debug this question
Best wishes, Jui-Hao
Message: 11 Date: Wed, 21 Apr 2010 09:37:53 -0400 From: Jui-Hao Chiang windtracekimo@gmail.com Subject: Intercept relay_call causes seh:raise_exception code=c0000005 To: wine-devel@winehq.org Message-ID: i2h52cf60ee1004210637gc7f20e5dq9b958127331b18cf@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1
Hi, All, I am currently using the WINEDEBUG=relay feature to intercept function calls as the following
- in dlls/ntdll/relay.c, insert code snippet in
static LONGLONG WINAPI relay_call( struct relay_descr *descr, unsigned int idx, const INT_PTR *stack ) { ..... my_own_function(entry_point->name, nb_args stack); /* added by myself */ ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1 ); /* original Wine code*/ .... }
LONGLONG my_own_function(const char *funcname, int nb_args, const INT_PTR *stack) { /* CreateBitmap has 5 parameters, the 5th one is pointing to an array while others are native type as the following HBITMAP WINAPI CreateBitmap( INT width, INT height, UINT planes, UINT bpp, LPCVOID bits ) */ if (strcmp(funcname, "CreateBitmap") == 0) Rpc_CreateBitmap(*(stack+1), *(stack+2), *(stack+3), *(stack+4), *(stack+5)); // this function just try to forward all parameters to remote RPC server for record }
- Run program with WINEDEBUG=trace+all,relay wine notepad > dump 2>&1
- If I only pass the parameter 1 to 4 to Rpc_CreateBitmap, then there
is no problem, but if I add the 5th one (which points to some array), then the notepad aborts with he following debug message
0009:Call gdi32.CreateBitmap(00000008,00000008,00000001,00000001,7e95d822) ret=7e8da083 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0xb754a21d ip=b754a21d tid=0009 0009:trace:seh:raise_exception info[0]=00000001 0009:trace:seh:raise_exception info[1]=7e95d822 0009:trace:seh:raise_exception eax=00000055 ebx=b7593ff4 ecx=0033fa4c edx=00000001 esi=7e95d822 edi=00000001 0009:trace:seh:raise_exception ebp=0033fa54 esp=0033fa44 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010202 0009:trace:seh:call_vectored_handlers calling handler at 0x7b83fd50 code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7b83fd50 returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x7bc4a480 code=c0000005 flags=0 0009:trace:seh:__regs_RtlUnwind code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc6bc50 code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind handler at 0x7bc6bc50 returned 1 0009:exception in PE entry point (proc=0x7e95a890,module=0x7e8c0000,reason=PROCESS_ATTACH,res=0x1)
- But if I use malloc to copy the content of the array pointed by 5th
parameter, then there is no problem LONGLONG my_own_function(const char *funcname, int nb_args, const INT_PTR *stack) { char *buffer = NULL; if (strcmp(funcname, "CreateBitmap") == 0) { buffer = (char*)malloc(.....); memcpy(buffer, *(stack+5), ....); Rpc_CreateBitmap(*(stack+1), *(stack+2), *(stack+3), *(stack+4), buffer); /* No exception if I do this */ }
Can anyone gives me a hint that what's happening here? or I am doing some illegal operations? Appreciate any comments, Jui-Hao