[Bug 45703] Microsoft Office 365 applications crash on startup ( Microsoft AppV ISV virtual filesystem technology requires several native and core API to be hot-patchable )
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Nov 24 06:48:13 CST 2018
https://bugs.winehq.org/show_bug.cgi?id=45703
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |http://officecdn.microsoft.
| |com.edgesuite.net/db/492350
| |F6-3A01-4F97-B9C0-C7C6DDF67
| |D60/media/en-US/WordRetail.
| |img
Summary|Microsoft Office 365 |Microsoft Office 365
|applications crash on WINE |applications crash on
|3.14 |startup (Microsoft AppV ISV
| |virtual filesystem
| |technology requires several
| |native and core API to be
| |hot-patchable)
Component|-unknown |ntdll
Keywords|regression |obfuscation
CC| |focht at gmx.net
--- Comment #9 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
The main problem here is Microsoft Application Packaging and Virtualization
technology "App-V". It relies on hooking of native API and other core dlls to
implement virtual filesystems.
Download links for testing:
https://www.ryadel.com/en/ms-office-2016-365-official-iso-img-images-for-download-offline-install-product-key-required/
Example of virtualized filesystem within MS Office 2016 (365) installation,
with redirection target directory structure:
--- snip ---
$ tree --charset=ANSI -L 2 -d .wine/drive_c/Program\ Files/Microsoft\
Office/root/vfs/
.wine/drive_c/Program Files/Microsoft Office/root/vfs/
|-- Common AppData
| |-- Microsoft
| `-- Microsoft Help
|-- Common Programs
| `-- Microsoft Office 2016 Tools
|-- Fonts
| `-- private
|-- ProgramFilesCommonX86
| |-- DESIGNER
| |-- Microsoft Shared
| `-- ODBC
|-- ProgramFilesX86
| `-- Microsoft Office
|-- SystemX86
`-- Windows
|-- Installer
`-- PCHEALTH
17 directories
--- snip ---
The crash from initial bug report in debugger:
--- snip ---
Unhandled exception: page fault on read access to 0x6809f184 in 32-bit code
(0x7bc3f58d).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:7bc3f58d ESP:0033cf50 EBP:0033d378 EFLAGS:00010206( R- -- I - -P- )
EAX:680956f0 EBX:0033d400 ECX:0033d388 EDX:10082601
ESI:00000000 EDI:00000000
...
Backtrace:
=>0 0x7bc3f58d NtQueryDirectoryFile+0x7d(handle=<couldn't compute location>,
event=<couldn't compute location>, apc_routine=<couldn't compute location>,
apc_context=<couldn't compute location>, io=<couldn't compute location>,
buffer=<couldn't compute location>, length=<couldn't compute location>,
info_class=<couldn't compute location>, single_entry=<couldn't compute
location>, mask=<couldn't compute location>, restart_scan=<couldn't compute
location>) [/home/focht/projects/wine/mainline-src/dlls/ntdll/directory.c:1949]
in ntdll (0x0033d378)
1 0x100a3f7e in appvisvsubsystems32 (+0xa3f7d) (0x0033d3c0)
2 0x1008272e in appvisvsubsystems32 (+0x8272d) (0x0033d454)
3 0x1008362c in appvisvsubsystems32 (+0x8362b) (0x0033d488)
4 0x7bc28d01 lookup_manifest_file+0x160(dir=0x98, ai=0x33f5cc)
[/home/focht/projects/wine/mainline-src/dlls/ntdll/actctx.c:3100] in ntdll
(0x0033f538)
5 0x7bc3462d RtlCreateActivationContext+0x67c(handle=<couldn't compute
location>, ptr=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src/dlls/ntdll/actctx.c:3199] in ntdll
(0x0033f608)
6 0x7bc579f0 fixup_imports+0xcbf(wm=0x17fa70, load_path="C:\Program
Files\Microsoft Office\root\Office16;C:\windows\system32")
[/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:810] in ntdll
(0x0033f718)
7 0x7bc581cd load_native_dll+0x71c(load_path="C:\Program Files\Microsoft
Office\root\Office16;C:\windows\system32", name=<is not available>, file=<is
not available>)
[/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:2070] in ntdll
(0x0033f968)
8 0x7bc589c4 load_dll+0x5d3(load_path="C:\Program Files\Microsoft
Office\root\Office16;C:\windows\system32", libname="wwlib.dll", flags=0x1000)
[/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:2570] in ntdll
(0x0033fb18)
9 0x7bc59223 LdrLoadDll+0x5d(path_name=<couldn't compute location>,
flags=<couldn't compute location>, libname=<couldn't compute location>,
hModule=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:2603] in ntdll
(0x0033fb68)
10 0x7b45a4ec load_library+0xdb(libname=0x33fc08, flags=0x1000)
[/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:975] in kernel32
(0x0033fbe8)
11 0x7b45ac01 LoadLibraryExW+0xdb()
[/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:1035] in
kernel32 (0x0033fc28)
12 0x0040178f in winword (+0x178e) (0x0033fe74)
13 0x00401163 in winword (+0x1162) (0x0033fec0)
14 0x7b461b82 call_process_entry+0x11() in kernel32 (0x0033fed8)
15 0x7b463d00 start_process+0x14f(entry=<couldn't compute location>,
peb=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:1273] in
kernel32 (0x0033ffd8)
16 0x7b461b8e start_process_wrapper+0x9() in kernel32 (0x0033ffec)
0x7bc3f58d NtQueryDirectoryFile+0x7d
[/home/focht/projects/wine/mainline-src/dlls/ntdll/directory.c:1949] in ntdll:
testb $0x8,0x9a94(%eax)
1949 TRACE("(%p %p %p %p %p %p 0x%08x 0x%08x 0x%08x %s 0x%08x\n",
--- snip ---
Wine calls native API in internal function 'lookup_manifest_file':
--- snip ---
...
7BC28CD0 8985 BCDFFFFF MOV DWORD PTR SS:[LOCAL.2065],EAX
7BC28CD6 6A 01 PUSH 1
7BC28CD8 56 PUSH ESI
7BC28CD9 6A 00 PUSH 0
7BC28CDB 6A 03 PUSH 3
7BC28CDD 68 00200000 PUSH 2000
7BC28CE2 50 PUSH EAX
7BC28CE3 8D85 E0DFFFFF LEA EAX,[LOCAL.2056]
7BC28CE9 50 PUSH EAX
7BC28CEA 6A 00 PUSH 0
7BC28CEC 6A 00 PUSH 0
7BC28CEE 6A 00 PUSH 0
7BC28CF0 FFB5 B0DFFFFF PUSH DWORD PTR SS:[LOCAL.2068]
7BC28CF6 8985 A4DFFFFF MOV DWORD PTR SS:[LOCAL.2071],EAX
7BC28CFC E8 0F680100 CALL NtQueryDirectoryFile
...
--- snip ---
ntdll.dll NtQueryDirectoryFile (hooked):
--- snip ---
7BC3F510 E9 DB404494 JMP 100835F0
7BC3F515 05 EB4A0A00 ADD EAX,0A4AEB ; base pointer to GOT
7BC3F51A 8D4C24 04 LEA ECX,[ESP+4]
7BC3F51E 83E4 F0 AND ESP,FFFFFFF0
7BC3F521 FF71 FC PUSH DWORD PTR DS:[ECX-4]
7BC3F524 55 PUSH EBP
7BC3F525 89E5 MOV EBP,ESP
7BC3F527 57 PUSH EDI
7BC3F528 56 PUSH ESI
7BC3F529 53 PUSH EBX
7BC3F52A 51 PUSH ECX
7BC3F52B 81EC 18040000 SUB ESP,418
7BC3F531 8B59 10 MOV EBX,DWORD PTR DS:[ECX+10]
7BC3F534 8B11 MOV EDX,DWORD PTR DS:[ECX]
--- snip ---
App-V client side: 'AppVIsvSubsystems32.dll'
App-V remote/server side: 'OfficeClickToRun.exe' (RPC server)
Another native API example to also show the detour lib uses instruction
boundary padding.
ntdll.dll NtOpenKeyEx (patched):
--- snip ---
7BC6EC50 E9 4BD43F94 JMP 1006C0A0
7BC6EC55 CC INT3
7BC6EC56 CC INT3
7BC6EC57 FF71 FC PUSH DWORD PTR DS:[ECX-4]
7BC6EC5A 55 PUSH EBP
7BC6EC5B 89E5 MOV EBP,ESP
7BC6EC5D 53 PUSH EBX
7BC6EC5E 89CB MOV EBX,ECX
7BC6EC60 51 PUSH ECX
7BC6EC61 8B01 MOV EAX,DWORD PTR DS:[ECX]
7BC6EC63 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
7BC6EC66 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
7BC6EC69 83EC 0C SUB ESP,0C
7BC6EC6C FF73 0C PUSH DWORD PTR DS:[EBX+0C]
7BC6EC6F E8 FCF9FFFF CALL 7BC6E670
7BC6EC74 8D65 F8 LEA ESP,[EBP-8]
7BC6EC77 59 POP ECX
7BC6EC78 5B POP EBX
7BC6EC79 5D POP EBP
7BC6EC7A 8D61 FC LEA ESP,[ECX-4]
7BC6EC7D C2 1000 RETN 10
--- snip ---
ntdll.dll NtOpenKeyEx (unmodified):
--- snip ---
7BC6EC50 8D4C24 04 LEA ECX,[ARG.1]
7BC6EC54 83E4 F0 AND ESP,FFFFFFF0
7BC6EC57 FF71 FC PUSH DWORD PTR DS:[ECX-4]
7BC6EC5A 55 PUSH EBP
7BC6EC5B 89E5 MOV EBP,ESP
7BC6EC5D 53 PUSH EBX
7BC6EC5E 89CB MOV EBX,ECX
7BC6EC60 51 PUSH ECX
7BC6EC61 8B01 MOV EAX,DWORD PTR DS:[ECX]
7BC6EC63 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
7BC6EC66 8B49 08 MOV ECX,DWORD PTR DS:[ECX+8]
7BC6EC69 83EC 0C SUB ESP,0C
7BC6EC6C FF73 0C PUSH DWORD PTR DS:[EBX+0C]
7BC6EC6F E8 FCF9FFFF CALL 7BC6E670
7BC6EC74 8D65 F8 LEA ESP,[LOCAL.3]
7BC6EC77 59 POP ECX
7BC6EC78 5B POP EBX
7BC6EC79 5D POP EBP
7BC6EC7A 8D61 FC LEA ESP,[ECX-4]
7BC6EC7D C2 1000 RETN 10
--- snip ---
List of potentially hooked native and core API using one-liner on trace log
file:
--- snip ---
$ WINEDEBUG=+seh,+relay wine ./WINWORD.EXE >>log2.txt 2>&1
...
$ egrep "(GetProcAddress\(7.*ret=10.*)" log.txt
0051:Call KERNEL32.GetProcAddress(7b420000,10155a28 "FlsAlloc") ret=1011c695
0051:Call KERNEL32.GetProcAddress(7b420000,10155a34 "FlsFree") ret=1011c6a8
0051:Call KERNEL32.GetProcAddress(7b420000,10155a3c "FlsGetValue") ret=1011c6bb
0051:Call KERNEL32.GetProcAddress(7b420000,10155a48 "FlsSetValue") ret=1011c6ce
0051:Call KERNEL32.GetProcAddress(7b420000,10155a54
"InitializeCriticalSectionEx") ret=1011c6e1
0051:Call KERNEL32.GetProcAddress(7b420000,10171a54 "CreateEventExW")
ret=1011c6f4
0051:Call KERNEL32.GetProcAddress(7b420000,10171a74 "CreateSemaphoreExW")
ret=1011c707
0051:Call KERNEL32.GetProcAddress(7b420000,10155a70 "SetThreadStackGuarantee")
ret=1011c71a
0051:Call KERNEL32.GetProcAddress(7b420000,101796e8 "CreateThreadpoolTimer")
ret=1011c72d
0051:Call KERNEL32.GetProcAddress(7b420000,10155a88 "SetThreadpoolTimer")
ret=1011c740
0051:Call KERNEL32.GetProcAddress(7b420000,10155a9c
"WaitForThreadpoolTimerCallbacks") ret=1011c753
0051:Call KERNEL32.GetProcAddress(7b420000,10155abc "CloseThreadpoolTimer")
ret=1011c766
0051:Call KERNEL32.GetProcAddress(7b420000,101796a0 "CreateThreadpoolWait")
ret=1011c779
0051:Call KERNEL32.GetProcAddress(7b420000,10155ad4 "SetThreadpoolWait")
ret=1011c78c
0051:Call KERNEL32.GetProcAddress(7b420000,10155ae8 "CloseThreadpoolWait")
ret=1011c79f
0051:Call KERNEL32.GetProcAddress(7b420000,10155afc "FlushProcessWriteBuffers")
ret=1011c7b2
0051:Call KERNEL32.GetProcAddress(7b420000,10155b18
"FreeLibraryWhenCallbackReturns") ret=1011c7c5
0051:Call KERNEL32.GetProcAddress(7b420000,10155b38
"GetCurrentProcessorNumber") ret=1011c7d8
0051:Call KERNEL32.GetProcAddress(7b420000,10155b54
"GetLogicalProcessorInformation") ret=1011c7eb
0051:Call KERNEL32.GetProcAddress(7b420000,10155b74 "CreateSymbolicLinkW")
ret=1011c7fe
0051:Call KERNEL32.GetProcAddress(7b420000,10155b88 "SetDefaultDllDirectories")
ret=1011c811
0051:Call KERNEL32.GetProcAddress(7b420000,10155ba4 "EnumSystemLocalesEx")
ret=1011c824
0051:Call KERNEL32.GetProcAddress(7b420000,10155bb8 "CompareStringEx")
ret=1011c837
0051:Call KERNEL32.GetProcAddress(7b420000,10155bc8 "GetDateFormatEx")
ret=1011c84a
0051:Call KERNEL32.GetProcAddress(7b420000,10155bd8 "GetLocaleInfoEx")
ret=1011c85d
0051:Call KERNEL32.GetProcAddress(7b420000,10155be8 "GetTimeFormatEx")
ret=1011c870
0051:Call KERNEL32.GetProcAddress(7b420000,10155bf8 "GetUserDefaultLocaleName")
ret=1011c883
0051:Call KERNEL32.GetProcAddress(7b420000,10155c14 "IsValidLocaleName")
ret=1011c896
0051:Call KERNEL32.GetProcAddress(7b420000,10155c28 "LCMapStringEx")
ret=1011c8a9
0051:Call KERNEL32.GetProcAddress(7b420000,10155c38 "GetCurrentPackageId")
ret=1011c8bc
0051:Call KERNEL32.GetProcAddress(7b420000,10155c4c "GetTickCount64")
ret=1011c8cf
0051:Call KERNEL32.GetProcAddress(7b420000,10155c5c
"GetFileInformationByHandleExW") ret=1011c8e2
0051:Call KERNEL32.GetProcAddress(7b420000,10155c7c
"SetFileInformationByHandleW") ret=1011c8f5
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4628 "NtOpenKey") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4668 "NtOpenKeyEx") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a3738 "NtOpenKeyTransacted")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a3760 "NtOpenKeyTransactedEx")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4728 "NtDeleteKey") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4768 "NtFlushKey") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a47a8 "NtCreateKey") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a3788 "NtCreateKeyTransacted")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4828 "NtEnumerateKey")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4868 "NtQueryKey") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a48a8 "NtQueryObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a37b0 "NtSetInformationKey")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4928 "NtQueryValueKey")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a37d8 "NtEnumerateValueKey")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a49a8 "NtSetValueKey")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a3800 "NtDeleteValueKey")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4a28 "NtRenameKey") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a3828 "NtQueryMultipleValueKey")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a3850 "NtNotifyChangeKey")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a36c0
"NtNotifyChangeMultipleKeys") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a36e8 "NtQuerySecurityObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a3698 "NtSetSecurityObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a2d60 "NtDuplicateObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001a4be8 "NtClose") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,101715dc "IsWow64Process")
ret=10087759
0051:Call KERNEL32.GetProcAddress(7bc10000,00184bb0 "NtCreateFile")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,00184bf0 "NtOpenFile") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,00184c30 "NtDeleteFile")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,0018d360 "NtQueryAttributesFile")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,0018d388
"NtQueryFullAttributesFile") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,001941f0 "NtQueryDirectoryFile")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,00194218 "NtSetInformationFile")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,00184d70 "NtClose") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,00184db0 "CreateActCtxA")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,00184df0 "CreateActCtxW")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7bc10000,00194240 "NtQueryInformationFile")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,00194268 "GetModuleFileNameA")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,00193428 "GetModuleFileNameW")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,001964c8 "GetCurrentDirectoryA")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,00185bd8 "GetCurrentDirectoryW")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,00184bb0 "CoInitializeEx")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,00184bf0 "CoUninitialize")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,0018da60 "CoCreateInstanceEx")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,001949e0 "CoCreateInstance")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,0018ec10 "CoRegisterClassObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,001a3698 "CoRevokeClassObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,001a36c0 "CoGetClassObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,001a36e8 "CoGetInstanceFromFile")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,00197548 "CoResumeClassObjects")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,00197570 "CoSuspendClassObjects")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,00184e30 "OleInitialize")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,00184e70 "OleUninitialize")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,00197598 "OleRegEnumFormatEtc")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e7d0000,00184ef0 "OleRun") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e920000,00192678 "RegisterActiveObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e920000,00194a38 "RevokeActiveObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e920000,00184fb0 "GetActiveObject")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,001957c8 "CreateProcessW")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,00195808 "CreateProcessA")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7b420000,00195848 "WinExec") ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e750000,00196820 "CreateProcessAsUserW")
ret=1001d194
0051:Call KERNEL32.GetProcAddress(7e750000,00191390 "CreateProcessAsUserA")
ret=1001d194
--- snip ---
Another one-liner to show which API functions that are being looked up are
currently not 'DECLSPEC_HOTPATCH' in Wine source.
* filter for all core dlls (prelink/load base address range) API functions that
are getting looked up from specific dll (load base address range)
* filter for all function body (definition) occurrences in Wine sources, which
have no DECLSPEC_HOTPATCH
--- snip ---
$ egrep "(GetProcAddress\(7.*ret=10.*)" log.txt | cut -d "\"" -f2 | xargs -n1
-I '{}' egrep -R 'WINAPI.*{}\(' /home/focht/projects/wine/mainline-src/dlls/ |
grep -v DECLSPEC_HOTPATCH
/home/focht/projects/wine/mainline-src/dlls/kernel32/fiber.c:DWORD WINAPI
FlsAlloc( PFLS_CALLBACK_FUNCTION callback )
/home/focht/projects/wine/mainline-src/dlls/kernel32/fiber.c:BOOL WINAPI
FlsFree( DWORD index )
/home/focht/projects/wine/mainline-src/dlls/kernel32/fiber.c:PVOID WINAPI
FlsGetValue( DWORD index )
/home/focht/projects/wine/mainline-src/dlls/kernel32/fiber.c:BOOL WINAPI
FlsSetValue( DWORD index, PVOID data )
/home/focht/projects/wine/mainline-src/dlls/kernel32/sync.c:BOOL WINAPI
InitializeCriticalSectionEx( CRITICAL_SECTION *crit, DWORD spincount, DWORD
flags )
/home/focht/projects/wine/mainline-src/dlls/ntdll/critsection.c:NTSTATUS WINAPI
RtlInitializeCriticalSectionEx( RTL_CRITICAL_SECTION *crit, ULONG spincount,
ULONG flags )
/home/focht/projects/wine/mainline-src/dlls/kernel32/thread.c:BOOL WINAPI
SetThreadStackGuarantee(PULONG stacksize)
/home/focht/projects/wine/mainline-src/dlls/kernel32/thread.c:PTP_TIMER WINAPI
CreateThreadpoolTimer( PTP_TIMER_CALLBACK callback, PVOID userdata,
/home/focht/projects/wine/mainline-src/dlls/kernel32/thread.c:VOID WINAPI
SetThreadpoolTimer( TP_TIMER *timer, FILETIME *due_time,
/home/focht/projects/wine/mainline-src/dlls/kernel32/thread.c:PTP_WAIT WINAPI
CreateThreadpoolWait( PTP_WAIT_CALLBACK callback, PVOID userdata,
/home/focht/projects/wine/mainline-src/dlls/kernel32/thread.c:VOID WINAPI
SetThreadpoolWait( TP_WAIT *wait, HANDLE handle, FILETIME *due_time )
/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:VOID WINAPI
FlushProcessWriteBuffers(void)
/home/focht/projects/wine/mainline-src/dlls/ntdll/thread.c:ULONG WINAPI
NtGetCurrentProcessorNumber(void)
/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:BOOL WINAPI
GetLogicalProcessorInformation(PSYSTEM_LOGICAL_PROCESSOR_INFORMATION buffer,
PDWORD pBufLen)
/home/focht/projects/wine/mainline-src/dlls/kernel32/path.c:BOOLEAN WINAPI
CreateSymbolicLinkW(LPCWSTR link, LPCWSTR target, DWORD flags)
/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:BOOL WINAPI
SetDefaultDllDirectories( DWORD flags )
/home/focht/projects/wine/mainline-src/dlls/kernel32/locale.c:BOOL WINAPI
EnumSystemLocalesEx( LOCALE_ENUMPROCEX proc, DWORD flags, LPARAM lparam, LPVOID
reserved )
/home/focht/projects/wine/mainline-src/dlls/kernel32/locale.c:INT WINAPI
CompareStringEx(LPCWSTR locale, DWORD flags, LPCWSTR str1, INT len1,
/home/focht/projects/wine/mainline-src/dlls/kernel32/lcformat.c:INT WINAPI
GetDateFormatEx(LPCWSTR localename, DWORD flags,
/home/focht/projects/wine/mainline-src/dlls/kernel32/locale.c:INT WINAPI
GetLocaleInfoEx(LPCWSTR locale, LCTYPE info, LPWSTR buffer, INT len)
/home/focht/projects/wine/mainline-src/dlls/kernel32/lcformat.c:INT WINAPI
GetTimeFormatEx(LPCWSTR localename, DWORD flags,
/home/focht/projects/wine/mainline-src/dlls/kernel32/locale.c:INT WINAPI
GetUserDefaultLocaleName(LPWSTR localename, int buffersize)
/home/focht/projects/wine/mainline-src/dlls/kernel32/locale.c:BOOL WINAPI
IsValidLocaleName( LPCWSTR locale )
/home/focht/projects/wine/mainline-src/dlls/kernel32/locale.c:INT WINAPI
LCMapStringEx(LPCWSTR name, DWORD flags, LPCWSTR src, INT srclen, LPWSTR dst,
INT dstlen,
/home/focht/projects/wine/mainline-src/dlls/kernel32/version.c:LONG WINAPI
GetCurrentPackageId(UINT32 *len, BYTE *buffer)
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtOpenKey( PHANDLE retkey, ACCESS_MASK access, const OBJECT_ATTRIBUTES *attr )
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
RtlpNtOpenKey( PHANDLE retkey, ACCESS_MASK access, OBJECT_ATTRIBUTES *attr )
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtOpenKeyEx( PHANDLE retkey, ACCESS_MASK access, const OBJECT_ATTRIBUTES *attr,
ULONG options )
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtOpenKeyTransacted( PHANDLE retkey, ACCESS_MASK access, const
OBJECT_ATTRIBUTES *attr,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtOpenKeyTransactedEx( PHANDLE retkey, ACCESS_MASK access, const
OBJECT_ATTRIBUTES *attr,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtDeleteKey( HANDLE hkey )
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtFlushKey(HANDLE key)
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtCreateKey( PHANDLE retkey, ACCESS_MASK access, const OBJECT_ATTRIBUTES *attr,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
RtlpNtCreateKey( PHANDLE retkey, ACCESS_MASK access, const OBJECT_ATTRIBUTES
*attr,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtCreateKeyTransacted( PHANDLE retkey, ACCESS_MASK access, const
OBJECT_ATTRIBUTES *attr,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtEnumerateKey( HANDLE handle, ULONG index, KEY_INFORMATION_CLASS info_class,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtQueryKey( HANDLE handle, KEY_INFORMATION_CLASS info_class,
/home/focht/projects/wine/mainline-src/dlls/ntdll/om.c:NTSTATUS WINAPI
NtQueryObject(IN HANDLE handle,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtSetInformationKey(
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtQueryValueKey( HANDLE handle, const UNICODE_STRING *name,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
RtlpNtQueryValueKey( HANDLE handle, ULONG *result_type, PBYTE dest,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtEnumerateValueKey( HANDLE handle, ULONG index,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtSetValueKey( HANDLE hkey, const UNICODE_STRING *name, ULONG TitleIndex,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
RtlpNtSetValueKey( HANDLE hkey, ULONG type, const void *data,
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtDeleteValueKey( HANDLE hkey, const UNICODE_STRING *name )
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtRenameKey( HANDLE handle, UNICODE_STRING *name )
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtQueryMultipleValueKey(
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtNotifyChangeKey(
/home/focht/projects/wine/mainline-src/dlls/ntdll/reg.c:NTSTATUS WINAPI
NtNotifyChangeMultipleKeys(
/home/focht/projects/wine/mainline-src/dlls/ntdll/sec.c:NTSTATUS WINAPI
NtSetSecurityObject(HANDLE Handle,
/home/focht/projects/wine/mainline-src/dlls/ntdll/om.c:NTSTATUS WINAPI
NtDuplicateObject( HANDLE source_process, HANDLE source,
/home/focht/projects/wine/mainline-src/dlls/ntdll/om.c:NTSTATUS WINAPI NtClose(
HANDLE Handle )
/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:BOOL WINAPI
IsWow64Process(HANDLE hProcess, PBOOL Wow64Process)
/home/focht/projects/wine/mainline-src/dlls/ntdll/file.c:NTSTATUS WINAPI
NtCreateFile( PHANDLE handle, ACCESS_MASK access, POBJECT_ATTRIBUTES attr,
/home/focht/projects/wine/mainline-src/dlls/ntdll/file.c:NTSTATUS WINAPI
NtOpenFile( PHANDLE handle, ACCESS_MASK access,
/home/focht/projects/wine/mainline-src/dlls/ntdll/file.c:NTSTATUS WINAPI
NtDeleteFile( POBJECT_ATTRIBUTES ObjectAttributes )
/home/focht/projects/wine/mainline-src/dlls/ntdll/file.c:NTSTATUS WINAPI
NtQueryAttributesFile( const OBJECT_ATTRIBUTES *attr, FILE_BASIC_INFORMATION
*info )
/home/focht/projects/wine/mainline-src/dlls/ntdll/file.c:NTSTATUS WINAPI
NtQueryFullAttributesFile( const OBJECT_ATTRIBUTES *attr,
/home/focht/projects/wine/mainline-src/dlls/ntdll/directory.c:NTSTATUS WINAPI
NtQueryDirectoryFile( HANDLE handle, HANDLE event,
/home/focht/projects/wine/mainline-src/dlls/ntdll/file.c:NTSTATUS WINAPI
NtSetInformationFile(HANDLE handle, PIO_STATUS_BLOCK io,
/home/focht/projects/wine/mainline-src/dlls/ntdll/om.c:NTSTATUS WINAPI NtClose(
HANDLE Handle )
/home/focht/projects/wine/mainline-src/dlls/kernel32/actctx.c:HANDLE WINAPI
CreateActCtxA(PCACTCTXA pActCtx)
/home/focht/projects/wine/mainline-src/dlls/kernel32/actctx.c:HANDLE WINAPI
CreateActCtxW(PCACTCTXW pActCtx)
/home/focht/projects/wine/mainline-src/dlls/ntdll/file.c:NTSTATUS WINAPI
NtQueryInformationFile( HANDLE hFile, PIO_STATUS_BLOCK io,
/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:DWORD WINAPI
GetModuleFileNameA(
/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:DWORD WINAPI
GetModuleFileNameW( HMODULE hModule, LPWSTR lpFileName, DWORD size )
/home/focht/projects/wine/mainline-src/dlls/wininet/ftp.c:BOOL WINAPI
FtpGetCurrentDirectoryA(HINTERNET hFtpSession, LPSTR lpszCurrentDirectory,
/home/focht/projects/wine/mainline-src/dlls/kernel32/path.c:UINT WINAPI
GetCurrentDirectoryA( UINT buflen, LPSTR buf )
/home/focht/projects/wine/mainline-src/dlls/wininet/ftp.c:BOOL WINAPI
FtpGetCurrentDirectoryW(HINTERNET hFtpSession, LPWSTR lpszCurrentDirectory,
/home/focht/projects/wine/mainline-src/dlls/kernel32/path.c:UINT WINAPI
GetCurrentDirectoryW( UINT buflen, LPWSTR buf )
/home/focht/projects/wine/mainline-src/dlls/shell32/shellole.c:HRESULT WINAPI
SHCoCreateInstance(
/home/focht/projects/wine/mainline-src/dlls/ole32/compobj.c:HRESULT WINAPI
CoRegisterClassObject(
/home/focht/projects/wine/mainline-src/dlls/ole32/compobj.c:HRESULT WINAPI
CoResumeClassObjects(void)
/home/focht/projects/wine/mainline-src/dlls/ole32/compobj.c:HRESULT WINAPI
CoSuspendClassObjects(void)
--- snip ---
It seems *not* all API looked up are actually getting detoured. All native API
for sure and a good chunk of the others. It's possible to figure out the exact
number that are getting hot-patched at runtime using scriptable debugger that
scans all core dll entries for out-of-module/inter-modular jumps.
Tidbit: I've tested the same install with Wine 3.0 and it doesn't work there
either. It even suffers from additional problems. So your claim "it worked" -
it was likely just by chance. A debug build of Wine (-O0, -O1), no GOT/PIC at
entry, older GCC versions etc.
Anyway, this problem domain is known for years. There were various discussions
in the past on how to mitigate this. More recent one:
https://bugs.winehq.org/show_bug.cgi?id=45199#c30 (and follow-up comments).
* making Win32 API hot-patchable by default
* use '-fno-PIC' by default
* implement proper NT-style syscall thunks for native API (Wine-Staging)
Yet we still keep to continue the practice "as needed", polluting the tree
source with 'DECLSPEC_HOTPATCH'. Analysing/debugging that is just monkey work.
$ sha1sum WordRetail.img
7e327f7d685ff6da81e831e918959380908b25b7 WordRetail.img
$ du -sh WordRetail.img
4.2G WordRetail.img
$ wine --version
wine-3.21
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list