So we get ntdll:info failures because win32k.sys appears to sometimes be loaded at the NULL address. This seems to impact only two VMs: wvistau64 and w7pro64.
https://test.winehq.org/data/tests/ntdll:info.html
Checking the win32k.sys load addresses I get: https://testbot.winehq.org/JobDetails.pl?Key=82496
32-bit BF800000 wxppro BF800000 w2003std 00000000 wvistau64 00010000 w2008s64 92F60000 w7u 00080000 win7u-64 (personal VMware VM) 00000000 w7pro64 8EA28000 w8 0002A000 w864 3E760000 w10pro64
64-bit FFFFF96000000000 wvistau64 FFFFF96000010000 w2008s64 FFFFF96000000000 w7pro64 FFFFF9600002A000 w864 FFFFF8AD3E760000 w10pro64
So the lower 32 bits of the 64 bit load address always match the 32 bit load address for 32-bit processes. Except that for 64-bit processes this is not a NULL pointer because the upper 32 bits are non-zero.
Could it be that on Windows 7 and lower 64-bit OSes the 32-bit win32k.sys load address is accidentally NULL because Microsoft overlooked this? Maybe because of the (then) new ASLR code?
Would the following patch be ok?
commit 41ebdf0560a41b130a798ca1f14ffcd6f6feaaa9 Author: Francois Gouget fgouget@free.fr Date: Wed Nov 25 20:15:09 2020 +0100
ntdll/tests: win32k.sys is sometimes loaded at 0x0 on 64-bit Win <= 7.
Signed-off-by: Francois Gouget fgouget@codeweavers.com
diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c index 5db7a800cbe..ed8a9354bdc 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -490,7 +490,9 @@ static void test_query_module(void) const SYSTEM_MODULE *module = &info->Modules[i];
ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex); - ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i); + ok(module->ImageBaseAddress || + (!module->ImageBaseAddress && strstr((char*)module->Name, "\win32k.sys")), /* 64-bit Vista and Win7 */ + "%u: got NULL address for %s\n", i, module->Name); ok(module->ImageSize, "%u: got 0 size\n", i); ok(module->LoadCount, "%u: got 0 load count\n", i); } @@ -516,7 +518,9 @@ static void test_query_module(void) const SYSTEM_MODULE *module = &infoex->BaseInfo;
ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex); - ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i); + ok(module->ImageBaseAddress || + (!module->ImageBaseAddress && strstr((char*)module->Name, "\win32k.sys")), /* 64-bit Vista and Win7 */ + "%u: got NULL address for %s\n", i, module->Name); ok(module->ImageSize, "%u: got 0 size\n", i); ok(module->LoadCount, "%u: got 0 load count\n", i);
On 11/26/20 9:49 AM, Francois Gouget wrote:
So we get ntdll:info failures because win32k.sys appears to sometimes be loaded at the NULL address. This seems to impact only two VMs: wvistau64 and w7pro64.
https://test.winehq.org/data/tests/ntdll:info.html
Checking the win32k.sys load addresses I get: https://testbot.winehq.org/JobDetails.pl?Key=82496
32-bit BF800000 wxppro BF800000 w2003std 00000000 wvistau64 00010000 w2008s64 92F60000 w7u 00080000 win7u-64 (personal VMware VM) 00000000 w7pro64 8EA28000 w8 0002A000 w864 3E760000 w10pro64
64-bit FFFFF96000000000 wvistau64 FFFFF96000010000 w2008s64 FFFFF96000000000 w7pro64 FFFFF9600002A000 w864 FFFFF8AD3E760000 w10pro64
So the lower 32 bits of the 64 bit load address always match the 32 bit load address for 32-bit processes. Except that for 64-bit processes this is not a NULL pointer because the upper 32 bits are non-zero.
Could it be that on Windows 7 and lower 64-bit OSes the 32-bit win32k.sys load address is accidentally NULL because Microsoft overlooked this? Maybe because of the (then) new ASLR code?
Would the following patch be ok?
commit 41ebdf0560a41b130a798ca1f14ffcd6f6feaaa9 Author: Francois Gouget fgouget@free.fr Date: Wed Nov 25 20:15:09 2020 +0100
ntdll/tests: win32k.sys is sometimes loaded at 0x0 on 64-bit Win <= 7. Signed-off-by: Francois Gouget <fgouget@codeweavers.com>diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c index 5db7a800cbe..ed8a9354bdc 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -490,7 +490,9 @@ static void test_query_module(void) const SYSTEM_MODULE *module = &info->Modules[i];
ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex);
ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i);
ok(module->ImageBaseAddress ||(!module->ImageBaseAddress && strstr((char*)module->Name, "\\win32k.sys")), /* 64-bit Vista and Win7 */"%u: got NULL address for %s\n", i, module->Name); ok(module->ImageSize, "%u: got 0 size\n", i); ok(module->LoadCount, "%u: got 0 load count\n", i);@@ -516,7 +518,9 @@ static void test_query_module(void) const SYSTEM_MODULE *module = &infoex->BaseInfo;
ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex);
ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i);
ok(module->ImageBaseAddress ||(!module->ImageBaseAddress && strstr((char*)module->Name, "\\win32k.sys")), /* 64-bit Vista and Win7 */"%u: got NULL address for %s\n", i, module->Name); ok(module->ImageSize, "%u: got 0 size\n", i); ok(module->LoadCount, "%u: got 0 load count\n", i);
Personally I'd think it's not worth testing the address at all if on wow64; there's no reason this should be specific to win32k.sys.
It could sometimes be NULL, such as win32k.sys on Win <= 7.
Signed-off-by: Francois Gouget fgouget@codeweavers.com ---
Something like this then?
dlls/ntdll/tests/info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c index 5db7a800cbe..4379d8a84c6 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -490,7 +490,7 @@ static void test_query_module(void) const SYSTEM_MODULE *module = &info->Modules[i];
ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex); - ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i); + ok(module->ImageBaseAddress || is_wow64, "%u: got NULL address for %s\n", i, module->Name); ok(module->ImageSize, "%u: got 0 size\n", i); ok(module->LoadCount, "%u: got 0 load count\n", i); } @@ -516,7 +516,7 @@ static void test_query_module(void) const SYSTEM_MODULE *module = &infoex->BaseInfo;
ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex); - ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i); + ok(module->ImageBaseAddress || is_wow64, "%u: got NULL address for %s\n", i, module->Name); ok(module->ImageSize, "%u: got 0 size\n", i); ok(module->LoadCount, "%u: got 0 load count\n", i);
On 11/30/20 9:19 AM, Francois Gouget wrote:
It could sometimes be NULL, such as win32k.sys on Win <= 7.
Signed-off-by: Francois Gouget fgouget@codeweavers.com
Something like this then?
That seems reasonable to me, yeah.
dlls/ntdll/tests/info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c index 5db7a800cbe..4379d8a84c6 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -490,7 +490,7 @@ static void test_query_module(void) const SYSTEM_MODULE *module = &info->Modules[i];
ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex);
ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i);
ok(module->ImageBaseAddress || is_wow64, "%u: got NULL address for %s\n", i, module->Name); ok(module->ImageSize, "%u: got 0 size\n", i); ok(module->LoadCount, "%u: got 0 load count\n", i);@@ -516,7 +516,7 @@ static void test_query_module(void) const SYSTEM_MODULE *module = &infoex->BaseInfo;
ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex);
ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i);
ok(module->ImageBaseAddress || is_wow64, "%u: got NULL address for %s\n", i, module->Name); ok(module->ImageSize, "%u: got 0 size\n", i); ok(module->LoadCount, "%u: got 0 load count\n", i);
-
Francois Gouget -
Francois Gouget -
Zebediah Figura (she/her)