[Bug 46914] New: CompressonatorGUI 3.1 installer crashes in Win10 mode ( Advanced Installer Module bug, incorrect usage of kernel32.Wow64RevertWow64FsRedirection)

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Mar 25 20:38:39 CDT 2019 

https://bugs.winehq.org/show_bug.cgi?id=46914

            Bug ID: 46914
           Summary: CompressonatorGUI 3.1 installer crashes in Win10 mode
                    (Advanced Installer Module bug, incorrect usage of
                    kernel32.Wow64RevertWow64FsRedirection)
           Product: Wine
           Version: 4.4
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: kernel32
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

split out of bug 46883 (after adding the missing registry keys for Windows 10
version check).

https://bugs.winehq.org/show_bug.cgi?id=46883#c2

--- quote ---
Err: correction, it crashes in staging-4.4 too. If the keys are present the
installer starts fine old wine-version 3.0 though. So probably a regression,
but i`ll do some testing further first.
--- quote ---

https://bugs.winehq.org/show_bug.cgi?id=46883#c3

--- quote ---
Did regression test

9839bb7691a1b1c57a4ca501d03825420c1609d7 is the first bad commit
commit 9839bb7691a1b1c57a4ca501d03825420c1609d7
Author: Alexandre Julliard <julliard at winehq.org>
Date:   Sat Feb 9 21:21:47 2019 +0100

    ntdll: Skip dlls of the wrong machine type when searching through the load
path.

    Signed-off-by: Alexandre Julliard <julliard at winehq.org>

:040000 040000 f87bb0ed081f8b42e86a8084a8a31ed8271bb52a
ae3234ae55fb52708ff68472510d2a0acbf5e8da M    dlls

So note, crash only happens in win10, after adding the two registrykeys
--- quote ---

Technically it's not a regression. Wine works more correctly now, revealing a
bug in WoW64 filesystem redirection handling.

The installer does a very stupid thing:

--- snip ---
$ WINEDEBUG=+seh,+relay,+msi,+module,+loaddll,+server,+process,+imports wine
./CompressonatorGUI_x64_3.1.4064.exe >>log.txt 2>&1
...
0009:Call KERNEL32.LoadLibraryW(0050b310 L"kernel32.dll") ret=0048969a
...
0009:Ret  KERNEL32.LoadLibraryW() retval=7b420000 ret=0048969a
0009:Call KERNEL32.GetProcAddress(7b420000,00510034
"Wow64DisableWow64FsRedirection") ret=004896c9
0009:Ret  KERNEL32.GetProcAddress() retval=7b4391ac ret=004896c9
0009:Call KERNEL32.GetProcAddress(7b420000,00510054
"Wow64RevertWow64FsRedirection") ret=004896db
0009:Ret  KERNEL32.GetProcAddress() retval=7b4391fc ret=004896db
0009:Call KERNEL32.GetProcAddress(7b420000,0050b32c "IsWow64Process")
ret=004896ed
0009:Ret  KERNEL32.GetProcAddress() retval=7b435ad4 ret=004896ed
0009:Call KERNEL32.IsWow64Process(ffffffff,0033ed10) ret=00489704
0009:trace:process:NtQueryInformationProcess
(0xffffffff,0x0000001a,0x33eca4,0x00000004,(nil))
0009:Ret  KERNEL32.IsWow64Process() retval=00000001 ret=00489704
0009:Call KERNEL32.Wow64DisableWow64FsRedirection(0033ed2c) ret=0048974e
0009:Ret  KERNEL32.Wow64DisableWow64FsRedirection() retval=00000001
ret=0048974e
0009:Call KERNEL32.CopyFileW(0017a260
L"C:\\windows\\system32\\msi.dll",005886c8
L"C:\\users\\focht\\Temp\\shi8c54.tmp",00000000) ret=0047baa1
...
0009:Ret  KERNEL32.CopyFileW() retval=00000001 ret=0047baa1
0009:Call KERNEL32.Wow64RevertWow64FsRedirection(0033ed2c) ret=00489738
0009:Ret  KERNEL32.Wow64RevertWow64FsRedirection() retval=00000001 ret=00489738
0009:Call version.GetFileVersionInfoSizeW(005886c8
L"C:\\users\\focht\\Temp\\shi8c54.tmp",0033f174) ret=0047bcc2 
...
--- snip ---

The installer passes the address of 'OldValue' parameter to
Wow64RevertWow64FsRedirection(), not the value.

MSDN:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa365745(v=vs.85).aspx

--- quote ---
Wow64RevertWow64FsRedirection function

Restores file system redirection for the calling thread.

This function should not be called without a previous call to the
Wow64DisableWow64FsRedirection function.

Any data allocation on behalf of the Wow64DisableWow64FsRedirection function is
cleaned up by this function.
Syntax
C++


BOOL WINAPI Wow64RevertWow64FsRedirection(
  _In_ PVOID OldValue
);

Parameters

OldValue [in]

    The WOW64 file system redirection value. This value is obtained from the
Wow64DisableWow64FsRedirection function.
...
--- quote ---

This causes the WOW64 file system redirection not reverted to old state - all
filesystem accesses go to 64-bits part.

Wine source:

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/kernel32/path.c#l1972

--- snip ---
1972 /***********************************************************************
1973  *           Wow64RevertWow64FsRedirection   (KERNEL32.@)
1974  */
1975 BOOL WINAPI Wow64RevertWow64FsRedirection( PVOID old_value )
1976 {
1977     NTSTATUS status = RtlWow64EnableFsRedirection( !old_value );
1978     if (status) SetLastError( RtlNtStatusToDosError(status) );
1979     return !status;
1980 }
--- snip ---

Subsequent dynamic loading of dlls fails for the 32-bit process because loader
only finds the 64-bit dll counterparts.

First failure (non-fatal):

--- snip ---
...
0009:Call KERNEL32.LoadLibraryExW(0033f22e
L"C:\\windows\\system32\\explorerframe.dll",00000000,00000008) ret=7da78778
0009:trace:module:load_dll looking for
L"C:\\windows\\system32\\explorerframe.dll" in
L"C:\\windows\\system32;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem"
0009: create_file( access=80100000, sharing=00000005, create=1,
options=00000060, attrs=00000000,
objattr={rootdir=0000,attributes=00000040,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/windows/system32/explorerframe.dll" )
0009: create_file() = 0 { handle=0088 }
0009: get_handle_fd( handle=0088 )
0009: *fd* 0088 -> 118
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089,
options=00000060 }
0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001,
size=00000000, file_handle=0088, objattr={} )
0009: create_mapping() = 0 { handle=0090 }
0009: close_handle( handle=0088 )
0009: close_handle() = 0
0009: get_mapping_info( handle=0090, access=0000000c )
0009: get_mapping_info() = 0 { size=00004000, flags=01800000, shared_file=0000,
image={base=10000000,entry_point=10001000,map_size=00004000,stack_size=00100000,stack_commit=00001000,zerobits=00000000,subsystem=00000000,subsystem_low=0000,subsystem_high=0004,gp=00000000,image_charact=2022,dll_charact=0100,machine=8664,contains_code=1,image_flags=80,loader_flags=00000000,header_size=00000200,file_size=00000c38,checksum=00000000,cpu=x86_64}
}
0009: get_handle_fd( handle=0090 )
0009: *fd* 0090 -> 119
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d,
options=00000020 }
0009:trace:module:map_image mapped PE file at 0x10000000-0x10004000
0009:trace:module:map_image mapping section .text at 0x10001000 off 200 size 5
virt 1000 flags 60000020
0009:trace:module:map_image clearing 0x10001200 - 0x10002000
0009:trace:module:map_image mapping section .reloc at 0x10002000 off 400 size 8
virt 1000 flags 42000040
0009:trace:module:map_image clearing 0x10002200 - 0x10003000
0009:trace:module:map_image mapping section .rsrc at 0x10003000 off 600 size
638 virt 1000 flags 40000040
0009:trace:module:map_image clearing 0x10003800 - 0x10004000
0009: map_view( mapping=0090, access=0000000c, base=10000000, size=00004000,
start=00000000 )
0009: map_view() = 0
0009: close_handle( handle=0090 )
0009: close_handle() = 0
0009:trace:module:open_dll_file
L"\\??\\C:\\windows\\system32\\explorerframe.dll" is for arch 8664, continuing
search
0009: unmap_view( base=10000000 )
0009: unmap_view() = 0
0009:warn:module:load_dll Failed to load module
L"C:\\windows\\system32\\explorerframe.dll"; status=c000007b
0009:Ret  KERNEL32.LoadLibraryExW() retval=00000000 ret=7da78778
0009:err:ole:COMPOBJ_DllList_Add couldn't load in-process dll
L"C:\\windows\\system32\\explorerframe.dll" 
--- snip ---

Second failure (fatal):

--- snip ---
0009:Call KERNEL32.LoadLibraryA(005010f0 "dwmapi.dll") ret=004c0c0c
0009:trace:module:load_dll looking for L"dwmapi.dll" in
L"Z:\\home\\focht\\Downloads;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem"
0009: create_file( access=80100000, sharing=00000005, create=1,
options=00000060, attrs=00000000,
objattr={rootdir=0000,attributes=00000040,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/windows/system32/dwmapi.dll" )
0009: create_file() = 0 { handle=00fc }
0009: get_handle_fd( handle=00fc )
0009: *fd* 00fc -> 123
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089,
options=00000060 }
0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001,
size=00000000, file_handle=00fc, objattr={} )
0009: create_mapping() = 0 { handle=010c }
0009: close_handle( handle=00fc )
0009: close_handle() = 0
0009: get_mapping_info( handle=010c, access=0000000c )
0009: get_mapping_info() = 0 { size=00004000, flags=01800000, shared_file=0000,
image={base=10000000,entry_point=10001000,map_size=00004000,stack_size=00100000,stack_commit=00001000,zerobits=00000000,subsystem=00000000,subsystem_low=0000,subsystem_high=0004,gp=00000000,image_charact=2022,dll_charact=0100,machine=8664,contains_code=1,image_flags=80,loader_flags=00000000,header_size=00000200,file_size=000009d0,checksum=00000000,cpu=x86_64}
}
0009: get_handle_fd( handle=010c )
0009: *fd* 010c -> 129
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d,
options=00000020 }
0009:trace:module:map_image mapped PE file at 0x10000000-0x10004000
0009:trace:module:map_image mapping section .text at 0x10001000 off 200 size 5
virt 1000 flags 60000020
0009:trace:module:map_image clearing 0x10001200 - 0x10002000
0009:trace:module:map_image mapping section .reloc at 0x10002000 off 400 size 8
virt 1000 flags 42000040
0009:trace:module:map_image clearing 0x10002200 - 0x10003000
0009:trace:module:map_image mapping section .rsrc at 0x10003000 off 600 size
3d0 virt 1000 flags 40000040
0009:trace:module:map_image clearing 0x10003400 - 0x10004000
0009: map_view( mapping=010c, access=0000000c, base=10000000, size=00004000,
start=00000000 )
0009: map_view() = 0
0009: close_handle( handle=010c )
0009: close_handle() = 0
0009:trace:module:open_dll_file L"\\??\\C:\\windows\\system32\\dwmapi.dll" is
for arch 8664, continuing search
0009: unmap_view( base=10000000 )
0009: unmap_view() = 0
0009: create_file( access=80100000, sharing=00000005, create=1,
options=00000060, attrs=00000000,
objattr={rootdir=0000,attributes=00000040,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/windows/system32/dwmapi.dll" )
0009: create_file() = 0 { handle=00fc }
0009: get_handle_fd( handle=00fc )
0009: *fd* 00fc -> 123
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089,
options=00000060 }
0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001,
size=00000000, file_handle=00fc, objattr={} )
0009: create_mapping() = 0 { handle=010c }
0009: close_handle( handle=00fc )
0009: close_handle() = 0
0009: get_mapping_info( handle=010c, access=0000000c )
0009: get_mapping_info() = 0 { size=00004000, flags=01800000, shared_file=0000,
image={base=10000000,entry_point=10001000,map_size=00004000,stack_size=00100000,stack_commit=00001000,zerobits=00000000,subsystem=00000000,subsystem_low=0000,subsystem_high=0004,gp=00000000,image_charact=2022,dll_charact=0100,machine=8664,contains_code=1,image_flags=80,loader_flags=00000000,header_size=00000200,file_size=000009d0,checksum=00000000,cpu=x86_64}
}
0009: get_handle_fd( handle=010c )
0009: *fd* 010c -> 129
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d,
options=00000020 }
0009:trace:module:map_image mapped PE file at 0x10000000-0x10004000
0009:trace:module:map_image mapping section .text at 0x10001000 off 200 size 5
virt 1000 flags 60000020
0009:trace:module:map_image clearing 0x10001200 - 0x10002000
0009:trace:module:map_image mapping section .reloc at 0x10002000 off 400 size 8
virt 1000 flags 42000040
0009:trace:module:map_image clearing 0x10002200 - 0x10003000
0009:trace:module:map_image mapping section .rsrc at 0x10003000 off 600 size
3d0 virt 1000 flags 40000040
0009:trace:module:map_image clearing 0x10003400 - 0x10004000
0009: map_view( mapping=010c, access=0000000c, base=10000000, size=00004000,
start=00000000 )
0009: map_view() = 0
0009: close_handle( handle=010c )
0009: close_handle() = 0
0009:trace:module:open_dll_file L"\\??\\C:\\windows\\system32\\dwmapi.dll" is
for arch 8664, continuing search
0009: unmap_view( base=10000000 )
0009: unmap_view() = 0
0009:warn:module:load_dll Failed to load module L"dwmapi.dll"; status=c000007b
0009:Ret  KERNEL32.LoadLibraryA() retval=00000000 ret=004c0c0c
0009:Call KERNEL32.GetLastError() ret=004c0c18
0009:Ret  KERNEL32.GetLastError() retval=000000c1 ret=004c0c18
0009:Call KERNEL32.RaiseException(c06d007e,00000000,00000001,0033e764)
ret=004c0c4b
0009:trace:seh:raise_exception code=c06d007e flags=0 addr=0x7b44c162
ip=7b44c162 tid=0009
0009:trace:seh:raise_exception  info[0]=0033e714
0009:trace:seh:raise_exception  eax=7b43a4cd ebx=00000000 ecx=00000000
edx=0033e708 esi=0033e708 edi=0033e6d0
0009:trace:seh:raise_exception  ebp=0033e6a8 esp=0033e644 cs=330023 ds=33002b
es=f7be002b fs=f7be0063 gs=f7be006b flags=00000216
0009:trace:seh:call_stack_handlers calling handler at 0x4f8b8c code=c06d007e
flags=0 
--- snip ---

ProtectionID scan for documentation:

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> Z:\home\focht\Downloads\CompressonatorGUI_x64_3.1.4064.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 83494931 (04FA0813h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x5602AAD6 -> Wed 23rd Sep 2015 13:36:22 (GMT)
[TimeStamp] 0x5602AAD6 -> Wed 23rd Sep 2015 13:36:22 (GMT) | PE Header | - |
Offset: 0x000000F0 | VA: 0x004000F0 | -
[TimeStamp] 0x5602AAD6 -> Wed 23rd Sep 2015 13:36:22 (GMT) | DebugDirectory | -
| Offset: 0x000FD444 | VA: 0x004FE844 | -
-> File has 81963539 (04E2AA13h) bytes of appended data starting at offset
0175E00h
[LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64)
[!] Executable uses SEH Tables (/SAFESEH) (1489 calculated 1489 recorded... 0
invalid addresses) 
[LoadConfig] CodeIntegrity -> Flags 0x1 | Catalog 0x0 (0) | Catalog Offset
0x555C3A43 | Reserved 0x73726573
[LoadConfig] GuardAddressTakenIatEntryTable 0x6369765C | Count 0x5C726F74
(1551003508)
[LoadConfig] GuardLongJumpTargetTable 0x6B736544 | Count 0x5C706F74
(1550872436)
[LoadConfig] HybridMetadataPointer 0x4E415242 | DynamicValueRelocTable
0x775C4843
[LoadConfig] FailFastIndirectProc 0x525C6E69 | FailFastPointer 0x61656C65
[LoadConfig] UnknownZero1 0x735C6573
[File Heuristics] -> Flag #1 : 00000100000001001101000000000100 (0x0404D004)
[Entrypoint Section Entropy] : 6.63 (section #0) ".text   " | Size : 0xFC61C
(1033756) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 5 (0x5) | ImageSize 0x180000 (1572864) byte(s)
[VersionInfo] Company Name : GPUOpen.com
[VersionInfo] Product Name : CompressonatorGUI
[VersionInfo] Product Version : 3.1.4064
[VersionInfo] File Description : CompressonatorGUI 3.1.4064 installer
[VersionInfo] File Version : 3.1.4064
[VersionInfo] Original FileName : CompressonatorGUI_x64_3.1.4064.exe
[VersionInfo] Internal Name : CompressonatorGUI_x64_3.1.4064
[VersionInfo] Legal Copyrights : Copyright (C) 2018 GPUOpen.com
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll |
ADVAPI32.dll | SHELL32.dll | ole32.dll | OLEAUT32.dll | dbghelp.dll |
SHLWAPI.dll | COMCTL32.dll | MSIMG32.dll | VERSION.dll | MPR.dll | COMDLG32.dll
[ModuleReport] [DelayImport] Modules -> msi.dll | gdiplus.dll | UxTheme.dll |
WININET.dll | dwmapi.dll
[Debug Info] (record 1 of 1) (file offset 0xFD440)
Characteristics : 0x0 | TimeDateStamp : 0x5602AAD6 (Wed 23rd Sep 2015 13:36:22
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x5C (92) 
AddressOfRawData : 0x116DA0 | PointerToRawData : 0x1159A0
CvSig : 0x53445352 | SigGuid B2ED720C-03A3-4C47-8C3FDFDD897BE428
Age : 0x1 (1) | Pdb :
C:\Users\victor\Desktop\BRANCH\win\Release\stubs\x86\ExternalUi.pdb
[-= Installer =-] Advanced Installer Module !
[CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008)
- Scan Took : 2.661 Second(s) [000000923h (2339) tick(s)] [566 of 580 scan(s)
done]
--- snip ---

$ sha1sum CompressonatorGUI_x64_3.1.4064.exe 
c7958e4a7caa2e0011e2abd906fc71cec6603818  CompressonatorGUI_x64_3.1.4064.exe

$ du -sh CompressonatorGUI_x64_3.1.4064.exe 
80M    CompressonatorGUI_x64_3.1.4064.exe

$ wine --version
wine-4.4-232-gc7f323107b

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list