[Bug 35924] EvoSvc (Evolve Service, .NET 4.0 app) fails on startup (broken apps pass non-NULL terminated ServiceTable to StartServiceCtrlDispatcherA/W)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Apr 5 07:13:33 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=35924

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |dotnet
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht at gmx.net
          Component|-unknown                    |advapi32
            Summary|EvoSvc (Evolve Service)     |EvoSvc (Evolve Service,
                   |Fails To Start              |.NET 4.0 app) fails on
                   |                            |startup (broken apps pass
                   |                            |non-NULL terminated
                   |                            |ServiceTable to
                   |                            |StartServiceCtrlDispatcherA
                   |                            |/W)
     Ever confirmed|0                           |1

--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

Prerequisite:

'winetricks -q dotnet40'
'winetricks -q corefonts' (client)

The bootstrapper also installs msxml6 package on the first run.

Trace log:

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Echobit/Evolve

$ WINEDEBUG=+tid,+seh,+relay,+service wine ./EvolveClient.exe >>log.txt 2>&1
...
000f:trace:service:scmdatabase_load_services Loading service L"EvoSvc" 
...
000f:trace:service:load_service_config Image path           = L"\"C:\\Program
Files\\Echobit\\Evolve\\EvoSvc.exe\" -service -logfile
\"C:\\users\\Public\\Application Data\\Echobit\\Evolve\\EvoSvc.log\""
000f:trace:service:load_service_config Group                = (null)
000f:trace:service:load_service_config Service account name = L"LocalSystem"
000f:trace:service:load_service_config Display name         = L"Evolve Service"
000f:trace:service:load_service_config Service dependencies : (none)
000f:trace:service:load_service_config Group dependencies   : (none) 
...
0044:Call KERNEL32.CreateProcessW(00000000,0011b6d0 L"\"C:\\Program
Files\\Echobit\\Evolve\\EvoSvc.exe\" -service -logfile
\"C:\\users\\Public\\Application
Data\\Echobit\\Evolve\\EvoSvc.log\"",00000000,00000000,00000000,00000400,00540000,00000000,00b4e4c8,00b4e50c)
ret=7edecd84
0046:Call KERNEL32.__wine_kernel_init() ret=7bc5a402
0044:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7edecd84
...
0044:trace:service:service_send_start_message L"EvoSvc" (nil) 0 
...
0046:Call
msvcp100.?sputn@?$basic_streambuf at DU?$char_traits at D@std@@@std@@QAE_JPBD_J at Z(7e59bd40,00593128
"2014-Apr-05 11:53:06.756833 - EvoSvc.exe, version 1.8.3.\n",00000039,00000000)
ret=00405b06 
...
0046:Call advapi32.StartServiceCtrlDispatcherW(0033fd74) ret=0042d7e1
0046:trace:service:StartServiceCtrlDispatcherW 0x33fd74
0046:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7ed9c6ca
ip=7ed9c6ca tid=0046
0046:trace:seh:raise_exception  info[0]=00000000
0046:trace:seh:raise_exception  info[1]=00000003
0046:trace:seh:raise_exception  eax=00000003 ebx=7edc5000 ecx=0051810a
edx=00000008 esi=0033fd30 edi=0033fd34
0046:trace:seh:raise_exception  ebp=0033fca8 esp=0033fc98 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0046:trace:seh:call_stack_handlers calling handler at 0x50bbf0 code=c0000005
flags=0
0046:Call KERNEL32.GetLastError() ret=78ab0706
0046:Ret  KERNEL32.GetLastError() retval=000000b7 ret=78ab0706
0046:trace:seh:call_stack_handlers handler at 0x50bbf0 returned 1
0046:trace:seh:call_stack_handlers calling handler at 0x4a1269 code=c0000005
flags=0 
--- snip ---

App log:

--- snip ---
2014-Apr-05 12:03:53.948536 - System: Microsoft Windows NT 5.1.2600 Service
Pack 3
2014-Apr-05 12:03:53.997721 - Running version 1.8.3.
2014-Apr-05 12:03:54.005080 - Running against production backend.
2014-Apr-05 12:04:56.705018 - Testing connection to service...
2014-Apr-05 12:04:56.719949 - StartEvolveService: Attempting to start service:
EvoSvc.
2014-Apr-05 12:04:57.534009 - StartEvolveService: StartService() failed with
1053.
2014-Apr-05 12:04:57.556110 - Client initialization failed. Could not connect
to service.
--- snip ---

Some 'genius' forgot to NULL terminate the (stack based) service table passed
to StartServiceCtrlDispatcherW() so anything following after first valid entry
gets interpreted too (more or less random function prolog stack values).

--- snip ---
0033FD74  005180FC  UNICODE "EvoSvc"
0033FD78  0042CF30  EvoSvc.0042CF30
0033FD7C  FFFFFFFE
0033FD80  00000003
...
--- snip ---

MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms686324%28v=vs.85%29.aspx

--- quote ---
lpServiceTable [in]

    A pointer to an array of SERVICE_TABLE_ENTRY structures containing one
entry for each service that can execute in the calling process. The members of
the last entry in the table must have NULL values to designate the end of the
table.
--- quote ---

Windows probably implements a workaround to cope with such broken apps
(assuming Evolve Service starts on Windows).

I worked around by wrapping line 634 in SEH and a call to
'strlenW(servent[nb_services].lpServiceName)' to trigger a page fault on
invalid pointers/strings.
Within __EXCEPT_PAGE_FAULT clause I printed a warning to inform about invalid
entry and then stopped walking entries further, only taking entries up to that
point.

This method is not 100% foolproof but it was enough to have the service start
successfully.

Source:
http://source.winehq.org/git/wine.git/blob/929d9fb9f79b9ba0b7392215e51a152ec709d62c:/dlls/advapi32/service.c#l622

--- snip ---
622 BOOL WINAPI StartServiceCtrlDispatcherW( const SERVICE_TABLE_ENTRYW
*servent )
623 {
624     service_data *info;
625     unsigned int i;
626
627     TRACE("%p\n", servent);
628
629     if (nb_services)
630     {
631         SetLastError( ERROR_SERVICE_ALREADY_RUNNING );
632         return FALSE;
633     }
634     while (servent[nb_services].lpServiceName) nb_services++;
...
--- snip ---

NOTE: StartServiceCtrlDispatcherA() is potentially affected too.

After that the client still fails - but that's another bug.

--- snip ---
2014-Apr-05 13:20:03.096433 - System: Microsoft Windows NT 5.1.2600 Service
Pack 3
2014-Apr-05 13:20:03.157636 - Running version 1.8.3.
2014-Apr-05 13:20:03.167763 - Running against production backend.
2014-Apr-05 13:21:06.224593 - Testing connection to service...
2014-Apr-05 13:21:06.238976 - StartEvolveService: Attempting to start service:
EvoSvc.
2014-Apr-05 13:21:06.826358 - StartEvolveService: Service EvoSvc started.
2014-Apr-05 13:21:06.828895 - Successfully verified connection to service.
2014-Apr-05 13:21:06.871927 - Successfully started crash watchdog.
2014-Apr-05 13:21:06.875978 - Caught exception when attempting to register
video codecs with Windows Media Player: [EvoSvcClientClrThunk.RpcExceptionClr:
Exception of type 'EvoSvcClientClrThunk.RpcExceptionClr' was thrown.]
2014-Apr-05 13:21:06.876932 - Client is running with admin privileges.
2014-Apr-05 13:21:06.880133 - Initializing overlay handler...
2014-Apr-05 13:21:06.889358 - Refreshing games database...
2014-Apr-05 13:21:06.899273 - Could not load games database (0x00000001).
2014-Apr-05 13:21:06.899585 - Desktop resolution is set to [1920, 1080]
2014-Apr-05 13:21:06.903365 - Starting game tracker...
2014-Apr-05 13:21:06.903496 - Successfully initialized 32-bit game tracker.
2014-Apr-05 13:21:06.935402 - Successfully initialized overlay handler.
2014-Apr-05 13:21:42.718116 - Uninitializing client...
2014-Apr-05 13:21:42.728848 - Uninitializing overlay handler...
2014-Apr-05 13:21:42.729716 - Stopped game tracker successfully.
2014-Apr-05 13:21:42.731422 - Could not accept connection with new client.
Error: 0x2a4 (676)
2014-Apr-05 13:21:42.734517 - Successfully uninitialized overlay handler.
2014-Apr-05 13:21:42.752460 - Performing native cleanup...
--- snip ---

$ sha1sum EvolveSetup.exe 
0c9f92f1ed5f97bced68c1185525dfe78900f795  EvolveSetup.exe

$ du -sh EvolveSetup.exe 
3.2M    EvolveSetup.exe

$ wine --version
wine-1.7.16

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list