[Bug 23455] FileAlyzer 1.6.0.4 can't load PE images (needs imagehlp.ImageLoad and imagehlp.ImageUnload implementation)
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Nov 22 15:56:14 CST 2011
http://bugs.winehq.org/show_bug.cgi?id=23455
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
URL|http://www.safer-networking |http://www.spybotupdates.bi
|.org/en/filealyzer/index.ht |z/files/filealyz-1.6.0.4.ex
|ml |e
Component|-unknown |imagehlp
CC| |focht at gmx.net
Ever Confirmed|0 |1
Summary|Filealyzer can't load PE |FileAlyzer 1.6.0.4 can't
|images |load PE images (needs
| |imagehlp.ImageLoad and
| |imagehlp.ImageUnload
| |implementation)
--- Comment #8 from Anastasius Focht <focht at gmx.net> 2011-11-22 15:56:14 CST ---
Hello,
confirming, still present.
Looking at screenshot from comment #1, app version 1.6.0.4 is the culprit.
Newer 2.x versions seem to work better.
--- snip ---
0023:Call imagehlp.ImageLoad(00ac46d8 "DelZip179.dll",00a705d8 "C:\\Program
Files (x86)\\Safer Networking\\FileAlyzer\\") ret=005a39f5
0023:fixme:imagehlp:ImageLoad (DelZip179.dll, C:\Program Files (x86)\Safer
Networking\FileAlyzer\): stub
0023:Call ntdll.RtlAllocateHeap(0077c000,00000000,00000030) ret=68d8446b
0023:Ret ntdll.RtlAllocateHeap() retval=0077c138 ret=68d8446b
0023:Call ntdll.RtlAllocateHeap(0077c000,00000000,000000f8) ret=68d84495
0023:Ret ntdll.RtlAllocateHeap() retval=0077c170 ret=68d84495
0023:Ret imagehlp.ImageLoad() retval=0077c138 ret=005a39f5
0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x5a3a26 ip=005a3a26
tid=0023
0023:trace:seh:raise_exception info[0]=00000000
0023:trace:seh:raise_exception info[1]=0000000c
0023:trace:seh:raise_exception eax=00000000 ebx=00ad3218 ecx=0077c138
edx=00000000 esi=00000000 edi=00000000
0023:trace:seh:raise_exception ebp=0032ddd0 esp=0032dd90 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210246
0023:trace:seh:call_vectored_handlers calling handler at 0x72f7ee66
code=c0000005 flags=0
0023:trace:seh:call_vectored_handlers handler at 0x72f7ee66 returned 0
0023:trace:seh:call_stack_handlers calling handler at 0x5a3a72 code=c0000005
flags=0
--- snip ---
The Delphi app uses madExcept library which gives some insight what it tried to
do (reading PE header):
--- snip ---
main thread ($9):
00668cdd +7e9 FileAlyzer.exe FormUnitFileAlyzerMain 2319 +89
TformFileAlyzerMain.ReadPEHeader
00678baa +082 FileAlyzer.exe FormUnitFileAlyzerMain 5320 +10
TformFileAlyzerMain.ActivateTab
00678f84 +0c0 FileAlyzer.exe FormUnitFileAlyzerMain 5403 +9
TformFileAlyzerMain.pcMainChange
004d62b1 +015 FileAlyzer.exe ComCtrls 4421 +1
TCustomTabControl.Change
004d7695 +041 FileAlyzer.exe ComCtrls 5169 +8
TPageControl.Change
...
--- snip ---
If you implement ImageLoad (MapAndLoad) and ImageUnload (UnMapAndLoad) the app
displays PE header/section info properly.
--- snip ---
0041:Call imagehlp.ImageLoad(00acd528 "DelZip179.dll",00a692a8 "C:\\Program
Files (x86)\\Safer Networking\\FileAlyzer\\") ret=005a39f5
0041:fixme:imagehlp:ImageLoad (DelZip179.dll, C:\Program Files (x86)\Safer
Networking\FileAlyzer\): stub
0041:Call ntdll.RtlAllocateHeap(0077c000,00000000,00000030) ret=6c5c446b
0041:Ret ntdll.RtlAllocateHeap() retval=0077c138 ret=6c5c446b
0041:trace:imagehlp:MapAndLoad (DelZip179.dll, C:\Program Files (x86)\Safer
Networking\FileAlyzer\, 0x77c138, 1, 0)
0041:Call KERNEL32.SearchPathA(00a692a8 "C:\\Program Files (x86)\\Safer
Networking\\FileAlyzer\\",00acd528 "DelZip179.dll",6c5c7c88
".DLL",00000104,0032db60,00000000) ret=6c5c46fb
0041:Ret KERNEL32.SearchPathA() retval=00000040 ret=6c5c46fb
0041:Call KERNEL32.CreateFileA(0032db60 "C:\\Program Files (x86)\\Safer
Networking\\FileAlyzer\\DelZip179.dll",c0000000,00000001,00000000,00000003,00000000,00000000)
ret=6c5c4763
0041:Ret KERNEL32.CreateFileA() retval=000000e4 ret=6c5c4763
0041:Call
KERNEL32.CreateFileMappingA(000000e4,00000000,08000004,00000000,00000000,00000000)
ret=6c5c4813
0041:Ret KERNEL32.CreateFileMappingA() retval=000000e8 ret=6c5c4813
0041:Call KERNEL32.MapViewOfFile(000000e8,00000002,00000000,00000000,00000000)
ret=6c5c48bb
0041:Ret KERNEL32.MapViewOfFile() retval=029c0000 ret=6c5c48bb
0041:Call KERNEL32.CloseHandle(000000e8) ret=6c5c48cc
0041:Ret KERNEL32.CloseHandle() retval=00000001 ret=6c5c48cc
0041:Call ntdll.RtlImageNtHeader(029c0000) ret=6c5c4943
0041:Ret ntdll.RtlImageNtHeader() retval=029c0200 ret=6c5c4943
0041:Call ntdll.RtlAllocateHeap(00110000,00000000,00000041) ret=6c5c49fa
0041:Ret ntdll.RtlAllocateHeap() retval=027e2d68 ret=6c5c49fa
0041:Call KERNEL32.GetFileSize(000000e4,00000000) ret=6c5c4a78
0041:Ret KERNEL32.GetFileSize() retval=0003e5a0 ret=6c5c4a78
0041:Ret imagehlp.ImageLoad() retval=0077c138 ret=005a39f5
...
0041:Call imagehlp.ImageUnload(0077c138) ret=005a3a68
0041:trace:imagehlp:ImageUnload (0x77c138)
0041:Call ntdll.RtlFreeHeap(00110000,00000000,027e2d68) ret=6c5c4baa
0041:Ret ntdll.RtlFreeHeap() retval=00000001 ret=6c5c4baa
0041:Call KERNEL32.UnmapViewOfFile(029c0000) ret=6c5c4bc5
0041:Ret KERNEL32.UnmapViewOfFile() retval=00000001 ret=6c5c4bc5
0041:Call KERNEL32.CloseHandle(000000e4) ret=6c5c4be1
0041:Ret KERNEL32.CloseHandle() retval=00000001 ret=6c5c4be1
0041:Ret imagehlp.ImageUnload() retval=00000000 ret=005a3a68
--- snip ---
$ wine --version
wine-1.3.33-62-g35b9c42
$ sha1sum filealyz-1.6.0.4.exe
a06a60694c76bef76abe652454de8ef45475044f filealyz-1.6.0.4.exe
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list