[Bug 23207] Mount & Blade Warband trial crashes quickly in GetSysColor

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Jun 14 13:09:12 CDT 2011 

http://bugs.winehq.org/show_bug.cgi?id=23207

Krzysztof Nowicki <krissn at op.pl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |krissn at op.pl

--- Comment #14 from Krzysztof Nowicki <krissn at op.pl> 2011-06-14 13:09:11 CDT ---
The closing of this bug was a bit premature in my opinion. After some battle
with winedbg I think I got to the bottom of it:

Wine-dbg>bt
Backtrace:
=>0 0x7ec1c81f GetSysColor+0x1e(nIndex=0x5) [sysparams.c:2916] in user32
(0x0440efe0)
  1 0x002583f4 in skinmagic (+0x183f3) (0x0440f07c)
  2 0x7eba8375 BITMAP_Load+0x2d5(instance=0x7eb80000, name=*** invalid address
0x7ff7 ***, desiredx=0, desiredy=0, loadflags=0) [cursoricon.c:2512] in user32
(0x0440f14c)
  3 0x7eba898f LoadImageW+0xde(hinst=(nil), name=*** invalid address 0x7ff7
***, type=0, desiredx=0, desiredy=0, loadflags=0) [cursoricon.c:2633] in user32
(0x0440f19c)
  4 0x7eba937a LoadBitmapW+0x44(instance=(nil), name=*** invalid address 0x7ff7
***) [cursoricon.c:2906] in user32 (0x0440f1cc)

Wine-dbg>disassemble ($eip-30),($eip+10)
0x7ec1c801 GetSysColor [sysparams.c:2914] in user32: jmp       0x00258393
0x7ec1c806 GetSysColor+0x5 [sysparams.c:2914] in user32: int   $3
0x7ec1c807 GetSysColor+0x6 [sysparams.c:2914] in user32: int   $3
0x7ec1c808 GetSysColor+0x7 [sysparams.c:2914] in user32: int   $3
0x7ec1c809 GetSysColor+0x8 [sysparams.c:2914] in user32: popl  %ecx
0x7ec1c80a GetSysColor+0x9 [sysparams.c:2914] in user32: addl  $0x3a7eb,%ecx
0x7ec1c810 GetSysColor+0xf [sysparams.c:2915] in user32: cmpl  $0,0x8(%ebp)
0x7ec1c814 GetSysColor+0x13 [sysparams.c:2915] in user32: js   0x7ec1c828
GetSysColor+0x27 [sysparams.c:2918] in user32
0x7ec1c816 GetSysColor+0x15 [sysparams.c:2915] in user32: cmpl $30,0x8(%ebp)
0x7ec1c81a GetSysColor+0x19 [sysparams.c:2915] in user32: jnle 0x7ec1c828
GetSysColor+0x27 [sysparams.c:2918] in user32
0x7ec1c81c GetSysColor+0x1b [sysparams.c:2916] in user32: movl 0x8(%ebp),%eax
0x7ec1c81f GetSysColor+0x1e [sysparams.c:2916] in user32: movl
0x3ef4c(%ecx,%eax,4),%eax
0x7ec1c826 GetSysColor+0x25 [sysparams.c:2916] in user32: jmp  0x7ec1c82d
GetSysColor+0x2c [sysparams.c:2919] in user32
0x7ec1c828 GetSysColor+0x27 [sysparams.c:2918] in user32: movl $0x0,%eax

It looks like the skinmagic DLL has hooked the call to GetSysColor. This would
have worked, except that the function is PIC and in place of the int $3
instructions there used to be a call $+5 instruction. This instruction was
executed by the hook code, but obviously it's results were completely wrong.

I remember that GCC has a __attribute__((ms_hook_prologue)) for generating
functions with the hot-patchable prologue. Is Wine using this option?

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list