[Bug 7679] IMVU 3D Avatar Chat client crashes
Wine Bugs
wine-bugs at winehq.org
Mon Apr 30 03:48:26 CDT 2007
http://bugs.winehq.org/show_bug.cgi?id=7679
------- Additional Comments From focht at gmx.net 2007-30-04 03:48 -------
Hello,
seems i have to provide more info to get someone adding a patch ;)
The following is a trace from problematic hooker call:
--- snip ---
..
trace:virtual:NtProtectVirtualMemory 0xffffffff 0x1c7812c 0000000c 0000000c
trace:virtual:VIRTUAL_SetProt 0x1c78000-0x1c78fff c----
trace:virtual:VIRTUAL_DumpView View: 0x1c70000 - 0x1c79fff 0x140
trace:virtual:VIRTUAL_DumpView 0x1c70000 - 0x1c70fff c-r--
trace:virtual:VIRTUAL_DumpView 0x1c71000 - 0x1c73fff c-r-x
trace:virtual:VIRTUAL_DumpView 0x1c74000 - 0x1c76fff c-rW-
trace:virtual:VIRTUAL_DumpView 0x1c77000 - 0x1c77fff c-r--
trace:virtual:VIRTUAL_DumpView 0x1c78000 - 0x1c78fff c----
trace:virtual:VIRTUAL_DumpView 0x1c79000 - 0x1c79fff c-r--
..
--- snip ---
The problem is VIRTUAL_GetProt() in dlls/ntdll/virtual.c:NtProtectVirtualMemory().
It doesnt honour multiple flag combinations (of course some of them are invalid).
As said in my previous comment, it tries to NtProtectVirtualMemory(
PAGE_WRITECOPY | PAGE_READWRITE) due to .idata section attributes.
VIRTUAL_GetProt( PAGE_WRITECOPY | PAGE_READWRITE) is called which can't handle
multiple flags and falls through default case (vprot = 0).
VIRTUAL_SetProt() is then called with (0 | VPROT_COMMITTED).
This results in no access page ("c----") where every pointer access causes
access violation.
To fix this, add the following pre-check in
--- snip dlls/ntdll/virtual.c ---
NTSTATUS WINAPI NtProtectVirtualMemory( HANDLE process, PVOID *addr_ptr, SIZE_T
*size_ptr,
ULONG new_prot, ULONG *old_prot )
{
FILE_VIEW *view;
sigset_t sigset;
NTSTATUS status = STATUS_SUCCESS;
char *base;
UINT i;
BYTE vprot, *p;
ULONG prot;
SIZE_T size = *size_ptr;
LPVOID addr = *addr_ptr;
RTL_OSVERSIONINFOEXW info;
TRACE("%p %p %08lx %08x\n", process, addr, size, new_prot );
/* Check for mutually exclusive protection values (e.g. WRITECOPY | READWRITE)
NOTE: VIRTUAL_GetProt doesnt honour multiple flags, so we do it here.
Make NtProtectVirtualMemory fail to emulate windows NT behaviour.
TODO: check for other invalid combinations */
if( (new_prot & (PAGE_READWRITE | PAGE_WRITECOPY)) ==
(PAGE_READWRITE | PAGE_WRITECOPY))
{
info.dwOSVersionInfoSize = sizeof(info);
if( (RtlGetVersion( &info) == STATUS_SUCCESS) &&
(info.dwPlatformId == VER_PLATFORM_WIN32_NT))
{
TRACE( "invalid page protection combination, emulating NT\n");
return STATUS_INVALID_PARAMETER;
}
}
if (process != NtCurrentProcess())
....
--- snip dlls/ntdll/virtual.c ---
After patch:
--- snip trace ---
..
trace:virtual:NtProtectVirtualMemory 0xffffffff 0x1c7812c 0000000c 0000000c
trace:virtual:NtProtectVirtualMemory invalid page protection combination,
emulating NT
trace:virtual:NtProtectVirtualMemory 0xffffffff 0x1e12000 00000004 00000004
trace:virtual:VIRTUAL_SetProt 0x1e12000-0x1e12fff c-rw-
trace:virtual:VIRTUAL_SetProt forcing exec permission on 0x1e12000-0x1e12fff
trace:virtual:VIRTUAL_DumpView View: 0x1e10000 - 0x1e14fff 0x140
trace:virtual:VIRTUAL_DumpView 0x1e10000 - 0x1e10fff c-r--
trace:virtual:VIRTUAL_DumpView 0x1e11000 - 0x1e11fff c-r-x
trace:virtual:VIRTUAL_DumpView 0x1e12000 - 0x1e12fff c-rw-
trace:virtual:VIRTUAL_DumpView 0x1e13000 - 0x1e13fff c-rW-
trace:virtual:VIRTUAL_DumpView 0x1e14000 - 0x1e14fff c-r--
..
--- snip trace ---
App starts now fine with winecfg = NT+
Though this check might miss some cases, there is no information that *all*
combination are mutually exclusive.
It might be fun to add all VirtualProtect( flag_combinations) test cases for
various windows versions :)
This is left as excercise.
It could be possible that allowing only one flag at a time breaks too much
stuff, so i coded this specific case here.
Shouldnt be a performance killer at all.
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the wine-bugs
mailing list