[Bug 30000] New: iw4mp loader crashes because some API entries are not hotpatchable (DECLSPEC_HOTPATCH)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Feb 25 03:20:09 CST 2012 

http://bugs.winehq.org/show_bug.cgi?id=30000

             Bug #: 30000
           Summary: iw4mp loader crashes because some API entries are not
                    hotpatchable (DECLSPEC_HOTPATCH)
           Product: Wine
           Version: 1.4-rc5
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: kernel32
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net
    Classification: Unclassified


Hello,

continuation of bug 29899
After applying patch
http://www.winehq.org/pipermail/wine-patches/2012-February/111710.html the
loader still crashes.

--- snip ---
Unhandled Exception: System.Runtime.InteropServices.SEHException: External
component has thrown an exception.
   at PatchMW2()
   at Sys_RunInit()
wine: Unhandled privileged instruction at address 0x7b854cf8 (thread 0009),
starting debugger...
Unhandled exception: privileged instruction in 32-bit code (0x7b854cf8).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7b854cf8 ESP:0032fd3c EBP:0032fd3c EFLAGS:00010202(  R- --  I   - - - )
 EAX:7b854cf8 EBX:7b8a96a8 ECX:00000000 EDX:ffffffff
 ESI:00142710 EDI:0032fde8
...
Backtrace:
=>0 0x7b854cf8 GetModuleHandleA+0x5(module="kernel32.dll")
[/home/focht/projects/wine/wine-git/dlls/kernel32/module.c:562] in kernel32
(0x0032fd3c)
  1 0x200020e4 in iw4m1 (+0x20e3) (0x0032fd54)
  2 0x2000231e in iw4m1 (+0x231d) (0x0032fdd0)
  3 0x20005c89 in iw4m1 (+0x5c88) (0x0032fddc) 
--- snip ---

Code:

--- snip ---
...
200020DA  A1 AC380220   MOV EAX,DWORD PTR DS:[200238AC] ;
kernel32.GetModuleHandleA
200020DF  E8 CCFEFFFF   CALL 20001FB0
200020E4  8945 F4       MOV DWORD PTR SS:[EBP-0C],EAX
...
20001FB0  55            PUSH EBP
20001FB1  8BEC          MOV EBP,ESP
20001FB3  83C0 05       ADD EAX,5
20001FB6  50            PUSH EAX
20001FB7  C3            RETN 
--- snip ---

The loader emulates the first instructions of API entry points most likely to
counter soft breakpoints (int3).
It assumes standard Windows hotpatch entry layout (5 bytes).

KERNEL32.GetModuleHandleA:

--- snip ---
7B854CF3  55               PUSH EBP
7B854CF4  89E5             MOV EBP,ESP
7B854CF6  53               PUSH EBX
7B854CF7  83EC 24          SUB ESP,24
7B854CFA  E8 48A2FCFF      CALL __i686.get_pc_thunk.bx ;
[__i686.get_pc_thunk.bx
7B854CFF  81C3 A9490500    ADD EBX,549A9
7B854D05  8D45 F4          LEA EAX,[LOCAL.3]
7B854D08  894424 08        MOV DWORD PTR SS:[LOCAL.8],EAX
7B854D0C  8B45 08          MOV EAX,DWORD PTR SS:[ARG.1]
7B854D0F  894424 04        MOV DWORD PTR SS:[LOCAL.9],EAX
7B854D13  C70424 02000000  MOV DWORD PTR SS:[LOCAL.10],2
7B854D1A  E8 8CFDFFFF      CALL GetModuleHandleExA 
...
--- snip ---

You need to add DECLSPEC_HOTPATCH to fix the crashes.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list