[Bug 21190] SQLDetective: setup_exception_record stack overflow on program start (VirtualQuery information on builtins)

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Aug 18 15:21:02 CDT 2010 

http://bugs.winehq.org/show_bug.cgi?id=21190


Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |focht at gmx.net
          Component|-unknown                    |ntdll
         Resolution|                            |DUPLICATE
            Summary|SQLDetective:               |SQLDetective:
                   |setup_exception_record      |setup_exception_record
                   |stack overflow on program   |stack overflow on program
                   |start                       |start (VirtualQuery
                   |                            |information on builtins)




--- Comment #6 from Anastasius Focht <focht at gmx.net>  2010-08-18 15:21:01 ---
Hello,

most likely a dupe of bug 16998

That delphi app tries to hook several API of builtins by writing trampolines to
API entries (first 5 bytes).
It checks the page protection and adjusts it accordingly to write permission
before trying to patch the API entries.
Unfortunately Wine isn't honest about the prot masks and the app assumes "no
need to adjust", writing opcodes directly out resulting in page faults.

"StdDialogs.dll" -> contains hook code

info[1]=68585024 = API entry of SetScrollInfo(), trampoline address

--- snip ---
0043:Call PE DLL (proc=0x19f9e30,module=0x1710000
L"StdDialogs.dll",reason=PROCESS_ATTACH,res=0x1) 
...
0043:Call KERNEL32.CreateMutexA(00000000,00000001,01c57cd0
"HookApi:{7DDF4ADB-4A01-4F4B-83AA-8D91C21E99D2}:66:Lock") ret=0171884b
...
0043:Call KERNEL32.VirtualQuery(68580000,0032fb70,0000001c) ret=019229a7
0043:Ret  KERNEL32.VirtualQuery() retval=0000001c ret=019229a7
0043:Call KERNEL32.GetProcAddress(68580000,0194e2dc "SetScrollInfo")
ret=019230cb
0043:Ret  KERNEL32.GetProcAddress() retval=68585024 ret=019230cb
0043:Call KERNEL32.VirtualQuery(68585024,0032fbf4,0000001c) ret=019228fb
0043:Ret  KERNEL32.VirtualQuery() retval=0000001c ret=019228fb
0043:Call KERNEL32.VirtualQuery(68585024,0032fbf4,0000001c) ret=019228fb
0043:Ret  KERNEL32.VirtualQuery() retval=0000001c ret=019228fb
0043:trace:seh:raise_exception code=c0000005 flags=0 addr=0x194d7ca ip=0194d7ca
tid=0043
0043:trace:seh:raise_exception  info[0]=00000001
0043:trace:seh:raise_exception  info[1]=68585024
0043:trace:seh:raise_exception  eax=68585024 ebx=000000c1 ecx=00000097
edx=e4afd7e9 esi=019f96a0 edi=00000112
0043:trace:seh:raise_exception  ebp=0032fc38 esp=0032fc20 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210286
0043:trace:seh:call_vectored_handlers calling handler at 0x68fa42a0
code=c0000005 flags=0
0043:trace:seh:call_vectored_handlers handler at 0x68fa42a0 returned 0
0043:trace:seh:call_vectored_handlers calling handler at 0x68d75820
code=c0000005 flags=0
0043:trace:seh:call_vectored_handlers handler at 0x68d75820 returned 0
0043:trace:seh:call_stack_handlers calling handler at 0x194e147 code=c0000005
flags=0
0043:trace:seh:call_stack_handlers handler at 0x194e147 returned 1
0043:trace:seh:call_stack_handlers calling handler at 0x194e158 code=c0000005
flags=0
--- snip ---

Interestingly there is some kind of custom exception handling in that app that
ought to handle such situation, displaying some kind of exception/debugging
info/dialog.
This also fails, recursively eating up the stack.

--- snip ---
...
0043:Call KERNEL32.GetProcAddress(00400000,01790054
"EurekaLog_CallExceptObject") ret=01790027
0043:Ret  KERNEL32.GetProcAddress() retval=00485b18 ret=01790027
0043:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000
tid=0043
0043:trace:seh:raise_exception  info[0]=00000000
0043:trace:seh:raise_exception  info[1]=00000000
0043:trace:seh:raise_exception  eax=0032fbc8 ebx=00000000 ecx=00000000
edx=0032f8fc esi=0032f8fc edi=0032fbc8
0043:trace:seh:raise_exception  ebp=0032f74c esp=0032f738 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210246
0043:trace:seh:call_vectored_handlers calling handler at 0x68fa42a0
code=c0000005 flags=0
0043:trace:seh:call_vectored_handlers handler at 0x68fa42a0 returned 0
0043:trace:seh:call_vectored_handlers calling handler at 0x68d75820
code=c0000005 flags=0
0043:trace:seh:call_vectored_handlers handler at 0x68d75820 returned 0
0043:trace:seh:call_stack_handlers calling handler at 0x179003f code=c0000005
flags=0
0043:Call user32.LoadStringA(01710000,0000ffd7,0032e0c4,00001000) ret=01718067
0043:Ret  user32.LoadStringA() retval=00000004 ret=01718067
... 
--- snip ---

"EurekaLog_CallExceptObject" -> http://www.eurekalog.com/index_delphi.php

Regards

*** This bug has been marked as a duplicate of bug 16998 ***

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list