[Bug 33849] Tages 64-bit software protection driver crashes on access to KI_USER_SHARED_DATA range (0xfffff78000000000)
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Jun 21 15:09:47 CDT 2013
http://bugs.winehq.org/show_bug.cgi?id=33849
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Keywords| |download, obfuscation,
| |win64
URL| |http://www.tagesprotection.
| |com/5.5/TagesSetup_x64.exe
Platform|arm64 |x86-64
Component|-unknown |ntdll
CC| |focht at gmx.net
Resolution|DUPLICATE |
Ever Confirmed|0 |1
Summary|Unhandled exception: page |Tages 64-bit software
|fault on read access to |protection driver crashes
|0xfffff78000000014 in |on access to
|64-bit code |KI_USER_SHARED_DATA range
|(0x000000000048e10f). |(0xfffff78000000000)
--- Comment #5 from Anastasius Focht <focht at gmx.net> 2013-06-21 15:09:47 CDT ---
Hello folks,
just closing bugs as dupe of some metabug because of "it looks like" won't do
any good.
The problem here can be indeed treated as isolated issue.
--- snip ---
Unhandled exception: page fault on read access to 0xfffff78000000320 in 64-bit
code (0x00000000004561b0).
Register dump:
rip:00000000004561b0 rsp:000000000043ddc8 rbp:000000000043deb0 eflags:00010246
( R- -- I Z- -P- )
rax:fffff78000000320 rbx:00007fffff7ef000 rcx:0000000000452100
rdx:00002b992ddfa232
rsi:000000000043e100 rdi:00007f1fc06ea580 r8:000000000043e100
r9:00007f1fc06ea5e0 r10:0000000000000008
r11:0000003be2f7c950 r12:0000000000000000 r13:00007ffff3cd3cb0
r14:000000000043f700 r15:0000000000000000
Stack dump:
...
Backtrace:
=>0 0x00000000004561b0 in atksgt.sys (+0x161b0) (0x000000000043deb0)
1 0x00000000004561ef in atksgt.sys (+0x161ee) (0x000000000043deb0)
2 0x00007f1fc04e8167 init_driver+0x138(module=0x440000, keyname=0x43e100)
[/home/focht/projects/wine/wine-git/programs/winedevice/device.c:154] in
winedevice (0x000000000043deb0)
3 0x00007f1fc04e8929 load_driver+0x569()
[/home/focht/projects/wine/wine-git/programs/winedevice/device.c:254] in
winedevice (0x000000000043e1b0)
4 0x00007f1fc04e8cc3 ServiceMain+0x16b(argc=0x1, argv=0x118f0)
[/home/focht/projects/wine/wine-git/programs/winedevice/device.c:308] in
winedevice (0x000000000043e2e0)
5 0x00007f1fc029fe84 service_thread+0x238(arg=0x10d70)
[/home/focht/projects/wine/wine-git/dlls/advapi32/service.c:302] in advapi32
(0x000000000043e480)
6 0x00007f1fc6d84c7b call_thread_func+0x4e(entry=0x7f1fc029fc4b, arg=0x10d70,
frame=0x43e5e0)
[/home/focht/projects/wine/wine-git/dlls/ntdll/signal_x86_64.c:3230] in ntdll
(0x000000000043e5d0)
...
0x00000000004561b0: movq (%rax),%rax
Modules:
Module Address Debug info Name (28 modules)
PE 440000- 457000 Export atksgt.sys
ELF 7b800000- 7bb3e000 Deferred kernel32<elf>
\-PE 7b820000- 7bb3e000 \ kernel32
...
Threads:
process tid prio (all id:s are in hex)
...
00000012 (D) C:\windows\system32\winedevice.exe
00000019 0 <==
00000017 0
00000013 0
--- snip ---
Disassembly of relevant driver code snippet:
--- snip ---
...
00000000004561A6 mov rax, 0FFFFF78000000320h
00000000004561B0 mov rax, [rax]
00000000004561B3 xor rax, rcx
...
--- snip ---
The address lies within the range of kernel mode shadow mapping of
USER_SHARED_DATA for x64.
See:
http://www.virtualbox.org/svn/vbox/trunk/src/VBox/Debugger/DBGPlugInWinNt.cpp
--- snip ---
/** KI_USER_SHARED_DATA for i386 */
#define NTKUSERSHAREDDATA_WINNT32 UINT32_C(0xffdf0000)
/** KI_USER_SHARED_DATA for AMD64 */
#define NTKUSERSHAREDDATA_WINNT64 UINT64_C(0xfffff78000000000)
--- snip ---
Unfortunately that memory range can't be mapped in Linux user process address
space.
One way could be to handle traps specifically for this address range and
emulate member accesses (shadow data structure).
The driver seems to access only two members of KI_USER_SHARED_DATA:
KI_USER_SHARED_DATA+0x014 -> SharedSystemTime
KI_USER_SHARED_DATA+0x320 -> SharedTickCount
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list