[Bug 7369] eISLP -help dosen't display, 'text controller' error message

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Jun 27 16:26:25 CDT 2009 

http://bugs.winehq.org/show_bug.cgi?id=7369


Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net




--- Comment #9 from Anastasius Focht <focht at gmx.net>  2009-06-27 16:26:24 ---
Hello,

--- quote ---
Confirming. This works fine using only native ole32.dll.
Just before trouble starts there's a call to ole32.CreateDataCache. Guess
something goes wrong there. I'll attach a log
--- quote ---

Yes, its most likely ole32 CreateDataCache() that does something wrong.

--- snip ---
...
0009:Call KERNEL32.LoadLibraryW(0032b880
L"C:\\windows\\system32\\tx14_doc.dll") ret=03043784
0009:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\system32\\tx14_doc.dll" at 0x36d0000: native
0009:Call PE DLL (proc=0x3747a83,module=0x36d0000
L"tx14_doc.dll",reason=PROCESS_ATTACH,res=(nil)) 
...
0009:Ret  PE DLL (proc=0x3747a83,module=0x36d0000
L"tx14_doc.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 
...
0009:Call ole32.CreateDataCache(00000000,0375a6b0,0375a6c0,0032b1ec)
ret=0370c19f
0009:trace:ole:CreateDataCache ({00000000-0000-0000-0000-000000000000}, (nil),
{00000000-0000-0000-c000-000000000046}, 0x32b1ec)
...
0009:Ret  ole32.CreateDataCache() retval=00000000 ret=0370c19f
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000
tid=0009
0009:trace:seh:raise_exception  info[0]=00000000
0009:trace:seh:raise_exception  info[1]=00000000
0009:trace:seh:raise_exception  eax=00000000 ebx=03890168 ecx=75096484
edx=0032b1b0 esi=00000020 edi=00000000
0009:trace:seh:raise_exception  ebp=0032b1ac esp=0032b0d4 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0009:trace:seh:call_vectored_handlers calling handler at 0x706fab65
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x706fab65 returned 0
0009:trace:seh:call_vectored_handlers calling handler at 0x7b83ffd9
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x7b83ffd9 returned 0
0009:trace:seh:call_stack_handlers calling handler at 0x3754568 code=c0000005
flags=0 
...
0009:trace:msgbox:MSGBOX_OnInit L"20058 : Unexpected Text Control
error.\n(1-1d09)\r\n-2146808230\r\ntx4ole14"
...
--- snip ---

-> CreateDataCache(NULL, &CLSID_NULL, &IID_IUnknown, (LPVOID *)&pUnknown);

The app crashes while trying to call vtable member on returned interface.

Reference: http://msdn.microsoft.com/en-us/library/ms688476.aspx

Relevant Wine code:

--- snip dlls/ole32/datacache.c ---

static HRESULT WINAPI DataCache_NDIUnknown_QueryInterface(
            IUnknown*      iface,
            REFIID         riid,
            void**         ppvObject)
{
  DataCache *this = impl_from_NDIUnknown(iface);
  ...
  /*
   * Compare the riid with the interface IDs implemented by this object.
   */
  if (memcmp(&IID_IUnknown, riid, sizeof(IID_IUnknown)) == 0)
  {
    *ppvObject = iface;
  } 
  ...
}

...

HRESULT WINAPI CreateDataCache(
  LPUNKNOWN pUnkOuter,
  REFCLSID  rclsid,
  REFIID    riid,
  LPVOID*   ppvObj)
{ 
   ...
   /*
   * Make sure it supports the interface required by the caller.
   */
  hr = IUnknown_QueryInterface((IUnknown*)&(newCache->lpvtblNDIUnknown), riid,
ppvObj);

  /*
   * Release the reference obtained in the constructor. If
   * the QueryInterface was unsuccessful, it will free the class.
   */
  IUnknown_Release((IUnknown*)&(newCache->lpvtblNDIUnknown));

  return hr;
}
...
static const IUnknownVtbl DataCache_NDIUnknown_VTable =
{
  DataCache_NDIUnknown_QueryInterface,
  DataCache_NDIUnknown_AddRef,
  DataCache_NDIUnknown_Release
};
--- snip dlls/ole32/datacache.c ---

The app code after call to ole32.CreateDataCache() gives some hints
(annotated):

--- snip tx14_doc.dll ---
PE     3460000- 3504000    Export          tx14_doc

-> call to ole32.CreateDataCache()

0x0349c19f: cmpl    %edi,%eax 
0x0349c1a1: jnl            0x0349c1b5 ; S_OK
0x0349c1a3: xorl    %ecx,%ecx
0x0349c1a5: cmpl    $-2147024882,%eax
0x0349c1aa: setnz    %cl
0x0349c1ad: addl    $3,%ecx
0x0349c1b0: call    0x034b8f10
0x0349c1b5: movl    0x40(%ebp),%eax ; ppvObj
0x0349c1b8: movl    0x0(%eax),%ecx ; ole32.DataCache_NDIUnknown_VTable
0x0349c1ba: leal    0x0(%ebp),%edx
0x0349c1bd: pushl    %edx
0x0349c1be: pushl    $0x10
0x0349c1c0: leal    0x4(%ebp),%edx
0x0349c1c3: pushl    %edx
0x0349c1c4: pushl    %eax
0x0349c1c5: movl    0xc(%ecx),%eax ; DataCache_NDIUnknown_VTable->fn4
0x0349c1c8: call    *%eax          ; *boom*
0x0349c1ca: cmpl    %edi,%eax
--- snip tx14_doc.dll ---

The first hint is the call of the interface member function.
Vtable offset 0xC basically means the interface must contain at least four
member functions hence this can't be plain IUnknown (DataCache_NDIUnknown).

The next hint are the parameters. Four parameters get pushed before the iface
member call. The last one pushed is actually the implicit iface pThis, so the
interface function takes 3 parameters.
The second parameter can't obviously be a pointer one (0x10).

Looking through interfaces to match the constraints it seems
IOleCache/IOleCache2 is the best bet (IOleCache::Cache Method).
See: http://msdn.microsoft.com/en-us/library/ms680087.aspx

I tried to return IOleCache2 interface but it didn't work out in the end, it
conflicted with dlls/ole32/defaulthandler.c:DefaultHandler_Construct() which
also passes IID_IUnknown to CreateDataCache() and seems to expect this
DataCache_NDIUnknown (where does this come from, there doesn't seem to be any
documentation on it?).

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list