I am having problems with this Program, Little Fighter II, and also the installer that comes with the Worms II demo, both internet downloadable. Anyway both of these faults might be due to stack overflows or overwrites, especially the Worms II one below. What variable controls the size of the stack allocated to a thread ?
More info below
Worms II http://www.worms2.com/main.html?page=good&area=demo&file=3
LF2 http://www.littlefighter.com/
Worms II fails during setup with a seg fault here
0xddb2484a: popw %es 0xddb2484c: popw %fs 0xddb2484f: popw %gs 0xddb24852: orl %eax,%eax 0xddb24854: lret $0xc
::stack
0xddb2484a() This is part of relay16.s in ntdll in part reproduced below
movzwl (112), %esp .byte 0x64 popl (112) popl %edx popl %ecx popl %ebp popw %ds popw %es popw %fs popw %gs orl %eax, %eax lret $12 And Has this machine state
%cs = 0x0017 %eax = 0x00000000 %ds = 0x023f %ebx = 0x0000000e %ss = 0x023f %ecx = 0x00000436 %es = 0x001f %edx = 0x03a703a7 %fs = 0x0227 %esi = 0x0000056d %gs = 0x0000 %edi = 0x00005ddd
%eip = 0xddb2484a %ebp = 0x000054e2 %kesp = 0xeeb18fe4
%eflags = 0x00010246 id=0 vip=0 vif=0 ac=0 vm=0 rf=1 nt=0 iopl=0x0 status=<of,df,IF,tf,sf,ZF,af,PF,cf>
%esp = 0x00005416 %trapno = 0xd %err = 0x3a4
With these memory mappings BASE LIMIT SIZE NAME 0 10000 10000 [ anon ] 10000 110000 100000 [ anon ] 8042000 8048000 6000 [ stack ] 8050000 8051000 1000 /export/home/local/bin/wine 8060000 8061000 1000 /export/home/local/bin/wine 8061000 8105000 a4000 [ heap ] 65430000 65530000 100000 tmpfs.0.2.472492402 dc6a0000 dc6a1000 1000 [ anon ] dc6b0000 dc6c0000 10000 /export/home/local/lib/wine/ctl3d32.dll.so dc6c0000 dc6c1000 1000 [ anon ] dc6c1000 dc6c4000 3000 /export/home/local/lib/wine/ctl3d32.dll.so dc6d3000 dc6d5000 2000 /export/home/local/lib/wine/ctl3d32.dll.so dc6e0000 dc6f0000 10000 /export/home/local/lib/wine/lz32.dll.so dc6f0000 dc6f1000 1000 [ anon ] dc6f1000 dc6f5000 4000 /export/home/local/lib/wine/lz32.dll.so dc704000 dc705000 1000 /export/home/local/lib/wine/lz32.dll.so dc710000 dc720000 10000 /export/home/local/lib/wine/version.dll.so dc720000 dc721000 1000 [ anon ] dc721000 dc728000 7000 /export/home/local/lib/wine/version.dll.so dc737000 dc739000 2000 /export/home/local/lib/wine/version.dll.so dc740000 dc741000 1000 [ anon ] dc741000 dc841000 100000 [ anon ] dc841000 dc843000 2000 [ anon ] dc843000 dc965000 122000 [ anon ] dc980000 dc990000 10000 /export/home/local/lib/wine/midimap.drv.so dc990000 dc991000 1000 [ anon ] dc991000 dc994000 3000 /export/home/local/lib/wine/midimap.drv.so dc9a3000 dc9a4000 1000 /export/home/local/lib/wine/midimap.drv.so dc9b0000 dc9c0000 10000 [ anon ] dc9c0000 dcac0000 100000 [ anon ] dcae0000 dcaf0000 10000 /export/home/local/lib/wine/msacm32.dll.so dcaf0000 dcaf1000 1000 [ anon ] dcaf1000 dcafe000 d000 /export/home/local/lib/wine/msacm32.dll.so dcb0d000 dcb0f000 2000 /export/home/local/lib/wine/msacm32.dll.so dcb20000 dcb21000 1000 [ anon ] dcb30000 dcb40000 10000 /export/home/local/lib/wine/msacm.drv.so dcb40000 dcb41000 1000 [ anon ] dcb41000 dcb46000 5000 /export/home/local/lib/wine/msacm.drv.so dcb55000 dcb56000 1000 /export/home/local/lib/wine/msacm.drv.so dcb60000 dcb66000 6000 /opt/cfw/gcc322/lib/libgcc_s.so.1 dcb75000 dcb77000 2000 /opt/cfw/gcc322/lib/libgcc_s.so.1 dcb80000 dcbd9000 59000 /opt/cfw/gcc322/lib/libstdc++.so.5.0.2 dcbe8000 dcbfd000 15000 /opt/cfw/gcc322/lib/libstdc++.so.5.0.2 dcbfd000 dcc01000 4000 /opt/cfw/gcc322/lib/libstdc++.so.5.0.2 dcc10000 dcc16000 6000 /export/home/local/lib/libaudioio.0.4.so dcc25000 dcc26000 1000 /export/home/local/lib/libaudioio.0.4.so dcc26000 dcc29000 3000 /export/home/local/lib/libaudioio.0.4.so dcc30000 dcc40000 10000 /export/home/local/lib/wine/wineaudioio.drv.so dcc40000 dcc41000 1000 [ anon ] dcc41000 dcc51000 10000 /export/home/local/lib/wine/wineaudioio.drv.so dcc60000 dcc62000 2000 /export/home/local/lib/wine/wineaudioio.drv.so dcc70000 dcc80000 10000 /export/home/local/lib/wine/winmm.dll.so dcc80000 dcc81000 1000 [ anon ] dcc81000 dccd0000 4f000 /export/home/local/lib/wine/winmm.dll.so dccdf000 dcce5000 6000 /export/home/local/lib/wine/winmm.dll.so dccf0000 dccf1000 1000 [ anon ] dcd00000 dcd02000 2000 /usr/X11R6/lib/X11/locale/common/xlcDef.so.2 dcd11000 dcd12000 1000 /usr/X11R6/lib/X11/locale/common/xlcDef.so.2 dcd20000 dcd30000 10000 [ anon ] dcd40000 dcd41000 1000 [ anon ] dcd50000 dcd54000 4000 /usr/X11R6/lib/libXrender.so.1.1 dcd63000 dcd64000 1000 /usr/X11R6/lib/libXrender.so.1.1 dcd70000 dcd71000 1000 [ anon ] dcd80000 dce3b000 bb000 /usr/X11R6/lib/libX11.so.6.2 dce4a000 dce4d000 3000 /usr/X11R6/lib/libX11.so.6.2 dce50000 dce5c000 c000 /usr/X11R6/lib/libXext.so.6.4 dce6b000 dce6c000 1000 /usr/X11R6/lib/libXext.so.6.4 dce70000 dce85000 15000 /usr/X11R6/lib/libICE.so.6.3 dce94000 dce95000 1000 /usr/X11R6/lib/libICE.so.6.3 dce95000 dce97000 2000 /usr/X11R6/lib/libICE.so.6.3 dcea0000 dcea7000 7000 /usr/X11R6/lib/libSM.so.6.0 dceb6000 dceb8000 2000 /usr/X11R6/lib/libSM.so.6.0 dcec0000 dced0000 10000 /export/home/local/lib/wine/x11drv.dll.so dced0000 dced1000 1000 [ anon ] dced1000 dcf23000 52000 /export/home/local/lib/wine/x11drv.dll.so dcf32000 dcf36000 4000 /export/home/local/lib/wine/x11drv.dll.so dcf36000 dcf37000 1000 /export/home/local/lib/wine/x11drv.dll.so dcf40000 dcf76000 36000 /usr/X11R6/lib/libfreetype.so.6.2 dcf85000 dcf89000 4000 /usr/X11R6/lib/libfreetype.so.6.2 dcf90000 dcf91000 1000 [ anon ] dcfa0000 dcfd0000 30000 /export/home/local/lib/wine/kernel32.dll.so dcfd0000 dcfd1000 1000 [ anon ] dcfd1000 dd04a000 79000 /export/home/local/lib/wine/kernel32.dll.so dd059000 dd071000 18000 /export/home/local/lib/wine/kernel32.dll.so dd080000 dd090000 10000 /export/home/local/lib/wine/advapi32.dll.so dd090000 dd091000 1000 [ anon ] dd091000 dd0a8000 17000 /export/home/local/lib/wine/advapi32.dll.so dd0b7000 dd0bb000 4000 /export/home/local/lib/wine/advapi32.dll.so dd0c0000 dd0e0000 20000 /export/home/local/lib/wine/gdi32.dll.so dd0e0000 dd0e1000 1000 [ anon ] dd0e1000 dd11c000 3b000 /export/home/local/lib/wine/gdi32.dll.so dd12b000 dd134000 9000 /export/home/local/lib/wine/gdi32.dll.so dd134000 dd144000 10000 /export/home/local/lib/wine/gdi32.dll.so dd150000 dd170000 20000 /export/home/local/lib/wine/user32.dll.so dd170000 dd171000 1000 [ anon ] dd171000 dd218000 a7000 /export/home/local/lib/wine/user32.dll.so dd227000 dd239000 12000 /export/home/local/lib/wine/user32.dll.so dd239000 dd27c000 43000 /export/home/local/lib/wine/user32.dll.so dd280000 dd290000 10000 /export/home/local/lib/wine/winedos.dll.so dd290000 dd291000 1000 [ anon ] dd291000 dd2bd000 2c000 /export/home/local/lib/wine/winedos.dll.so dd2cc000 dd2ce000 2000 /export/home/local/lib/wine/winedos.dll.so dd2ce000 dd2d0000 2000 /export/home/local/lib/wine/winedos.dll.so dd2e0000 dd2e1000 1000 [ anon ] dd2e1000 dd3e1000 100000 [ anon ] dd3e1000 dd3e3000 2000 [ anon ] dd3e3000 dd4f3000 110000 [ anon ] dd500000 dd501000 1000 [ anon ] dd510000 dd520000 10000 /export/home/local/lib/wine/winevdm.exe.so dd520000 dd521000 1000 [ anon ] dd521000 dd523000 2000 /export/home/local/lib/wine/winevdm.exe.so dd532000 dd533000 1000 /export/home/local/lib/wine/winevdm.exe.so dd540000 dd541000 1000 [ anon ] dd550000 dd551000 1000 [ anon ] dd560000 dd610000 b0000 [ anon ] dd610000 dd670000 60000 [ anon ] dd680000 dd681000 1000 [ anon ] dd690000 dd691000 1000 [ anon ] dd6a0000 dd6a3000 3000 /usr/lib/libmp.so.2 dd6b3000 dd6b4000 1000 /usr/lib/libmp.so.2 dd6c0000 dd6c2000 2000 /usr/lib/libmd5.so.1 dd6d2000 dd6d3000 1000 /usr/lib/libmd5.so.1 dd6e0000 dd6e8000 8000 /usr/lib/libaio.so.1 dd6f8000 dd6f9000 1000 /usr/lib/libaio.so.1 dd6f9000 dd6fa000 1000 /usr/lib/libaio.so.1 dd700000 dd701000 1000 [ anon ] dd710000 dd711000 1000 [ anon ] dd720000 dd72d000 d000 /usr/lib/libm.so.1 dd73c000 dd73d000 1000 /usr/lib/libm.so.1 dd740000 dd7c9000 89000 /usr/lib/libnsl.so.1 dd7d9000 dd7de000 5000 /usr/lib/libnsl.so.1 dd7de000 dd7e6000 8000 /usr/lib/libnsl.so.1 dd7f0000 dd7fb000 b000 /usr/lib/libsocket.so.1 dd80b000 dd80c000 1000 /usr/lib/libsocket.so.1 dd810000 dd811000 1000 [ anon ] dd820000 dd853000 33000 /usr/lib/libresolv.so.2 dd863000 dd866000 3000 /usr/lib/libresolv.so.2 dd866000 dd867000 1000 /usr/lib/libresolv.so.2 dd870000 dd876000 6000 /usr/lib/librt.so.1 dd886000 dd887000 1000 /usr/lib/librt.so.1 dd890000 dd92d000 9d000 /usr/lib/libc.so.1 dd93d000 dd943000 6000 /usr/lib/libc.so.1 dd943000 dd944000 1000 /usr/lib/libc.so.1 dd950000 dda30000 e0000 /export/home/local/lib/libwine_unicode.so.1 dda3f000 dda40000 1000 /export/home/local/lib/libwine_unicode.so.1 dda50000 dda51000 1000 [ anon ] dda60000 dda64000 4000 /export/home/local/lib/libwine.so.1 dda73000 dda74000 1000 /export/home/local/lib/libwine.so.1 dda74000 dda87000 13000 /export/home/local/lib/libwine.so.1 dda90000 ddac0000 30000 /export/home/local/lib/wine/ntdll.dll.so ddac0000 ddac1000 1000 [ anon ] ddac1000 ddb3d000 7c000 /export/home/local/lib/wine/ntdll.dll.so ddb4c000 ddb57000 b000 /export/home/local/lib/wine/ntdll.dll.so ddb57000 ddb79000 22000 /export/home/local/lib/wine/ntdll.dll.so ddb80000 ddb81000 1000 /usr/lib/libdl.so.1 ddb90000 ddbda000 4a000 /usr/lib/ld.so.1 ddbea000 ddbee000 4000 /usr/lib/ld.so.1 ddbee000 ddbf0000 2000 /usr/lib/ld.so.1
The Fault indicates that the exception occurs at eip 0xddb2484a: and the address of the fault indicates it also is at 0xddb2484a which would indicate that it had trouble fetching the instruction ???
Also Note the very low value of esp, Its also possible there has been a stack overflow here. My question is simply. Does This also occur under Linux ????, can Someone try it for me
LF2 Faults creating the first thread as documented here before. Could someone also test this under Linux as it would be useful to know whether this problem is solaris specific, or is related to wine generally EG a stack overflow or improperly allocated/protected segment
Thanks in advance
Bob
Robert Lunnon wrote:
I am having problems with this Program, Little Fighter II, and also the installer that comes with the Worms II demo, both internet downloadable. Anyway both of these faults might be due to stack overflows or overwrites, especially the Worms II one below. What variable controls the size of the stack allocated to a thread ?
Hi Robert. Worms2 installer installs (more or less correctly) on Linux. So, this is likely a Solaris porting issue. Thread size is set when creating the thread, with some guard pages (but it should be at least 1 MB)
the crash way be caused by a stack corruption (ie a function pops one dword too much). you could look at this with -debugmsg +relay.
The Fault indicates that the exception occurs at eip 0xddb2484a: and the address of the fault indicates it also is at 0xddb2484a which would indicate that it had trouble fetching the instruction ???
insn is pop %es, so a wrong selector value on the stack will cause the exception
A+
-
Eric Pouech -
Robert Lunnon