[Bug 29460] Ruijie Supplicant Su1xDriver.sys crashes in driver entry due to ntoskrnl.exe IoGetCurrentProcess() being a stub

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Dec 28 06:23:24 CST 2011


http://bugs.winehq.org/show_bug.cgi?id=29460

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                URL|                            |http://115.com/file/cmr79xx
                   |                            |h
                 CC|                            |focht at gmx.net
          Component|-unknown                    |ntoskrnl
            Summary|Ruijie Supplicant crash at  |Ruijie Supplicant
                   |start                       |Su1xDriver.sys crashes in
                   |                            |driver entry due to
                   |                            |ntoskrnl.exe
                   |                            |IoGetCurrentProcess() being
                   |                            |a stub
     Ever Confirmed|0                           |1

--- Comment #1 from Anastasius Focht <focht at gmx.net> 2011-12-28 06:23:24 CST ---
Hello,

--- snip ---
0026:Call KERNEL32.LoadLibraryW(0011ab00
L"C:\\windows\\system32\\DRIVERS\\Su1xDriver.sys") ret=6819f8bd 
...
0026:Ret  KERNEL32.LoadLibraryW() retval=00540000 ret=6819f8bd 
...
0026:Call driver init 0x540b85
(obj=0x681a28e0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Su1xDriver")
0026:Call ntoskrnl.exe.IoGetCurrentProcess() ret=00540496
0026:fixme:ntoskrnl:IoGetCurrentProcess () stub
0026:Ret  ntoskrnl.exe.IoGetCurrentProcess() retval=00000000 ret=00540496
0026:trace:seh:raise_exception code=c0000005 flags=0 addr=0x78010765
ip=78010765 tid=0026
0026:trace:seh:raise_exception  info[0]=00000000
0026:trace:seh:raise_exception  info[1]=00000000
0026:trace:seh:raise_exception  eax=00000000 ebx=00000006 ecx=00000006
edx=0053ef48 esi=00000000 edi=00540480
0026:trace:seh:raise_exception  ebp=0053e5e8 esp=0053e5dc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
0026:trace:seh:call_vectored_handlers calling handler at 0x6822f416
code=c0000005 flags=0
0026:trace:seh:call_vectored_handlers handler at 0x6822f416 returned 0 
...
--- snip ---

the driver tries to access the EPROCESS structure returned by
IoGetCurrentProcess().
The process name is checked for "System" but due to IoGetCurrentProcess() being
a stub returning NULL the code crashes in driver entry.

It also peeks into low level stuff like SSDT (system service descriptor table)
and hooks ZwOpenProcess API to control userspace access to processes.

Anyway what are you trying to accomplish?

Even getting that small helper "protection" driver to work requires
considerable infrastructure - that is not going to happen in Wine in near
future.

There are NDIS protocol drivers contained in this installation that are not
going to work.
The purpose of this package seems to be to provide/allow access to restricted
networks in China and ensuring "filtering".

This "Ruijie Network Supplicant" also has a GNU/Linux project:

https://code.google.com/p/ruijieclient/

although not that maintained like Windows (guess why).

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list