[Bug 35824] New: UltraISO 'ISODrive.sys' crashes in entry point (SCM doesn't start SERVICE_FILE_SYSTEM_DRIVER type services with winedevice hosting process)

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Mar 20 04:50:43 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=35824

            Bug ID: 35824
           Summary: UltraISO 'ISODrive.sys' crashes in entry point (SCM
                    doesn't start SERVICE_FILE_SYSTEM_DRIVER type services
                    with winedevice hosting process)
           Product: Wine
           Version: 1.7.14
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: programs
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net

Hello folks,

found during bug 35755

--- snip ---
$ WINEDEBUG=+tid,+seh,+relay,+winedevice,+ntoskrnl,+service wine ./uiso9_pe.exe
>>log.txt 2>&1
...
0016:Call KERNEL32.CreateNamedPipeW(00119d70
L"\\\\.\\pipe\\net\\NtControlPipe2",40000003,00000000,00000001,00000100,00000100,00002710,00000000)
ret=7eded4ac
0016:Ret  KERNEL32.CreateNamedPipeW() retval=000000d8 ret=7eded4ac
...
0016:Call KERNEL32.ExpandEnvironmentStringsW(0011a038 L"C:\\Program
Files\\UltraISO\\drivers\\ISODrive.sys",00000000,00000000) ret=7edecacd
0016:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=0000002f ret=7edecacd
...
0016:Call KERNEL32.ExpandEnvironmentStringsW(0011a038 L"C:\\Program
Files\\UltraISO\\drivers\\ISODrive.sys",00119d70,0000002f) ret=7edecb39
0016:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=0000002f ret=7edecb39
0016:Call KERNEL32.CreateProcessW(00000000,00119d70 L"C:\\Program
Files\\UltraISO\\drivers\\ISODrive.sys",00000000,00000000,00000000,00000400,00540000,00000000,0084e4c8,0084e50c)
ret=7edecd84
...
0037:Call KERNEL32.__wine_kernel_init() ret=7bc5a3aa
0016:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7edecd84 
...
0037:Starting process L"C:\\Program Files\\UltraISO\\drivers\\ISODrive.sys"
(entryproc=0x253b3f)
0037:trace:seh:raise_exception code=c0000005 flags=0 addr=0x2537a9 ip=002537a9
tid=0037
0037:trace:seh:raise_exception  info[0]=00000000
0037:trace:seh:raise_exception  info[1]=00000061
0037:trace:seh:raise_exception  eax=00000061 ebx=00000000 ecx=0000bb40
edx=7edfefe4 esi=7edd4ce0 edi=00251d4c
0037:trace:seh:raise_exception  ebp=0035fe20 esp=0035fd5c cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
...
--- snip ---

The random crashes during relay trace are the result from the driver entry
point accessing the second parameter which ought to be 'RegistryPath.
The binary is started as plain win32 process (not loaded in winedevice hosting
process) hence the driver entry point params are not setup.

The kernel driver is a file system driver service, currently not handled with
Wine's service manager.

MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450%28v=vs.85%29.aspx

--- quote ---
dwServiceType [in]

    The service type. This parameter can be one of the following values.
    Value    Meaning

    SERVICE_ADAPTER  0x00000004
    Reserved.

    SERVICE_FILE_SYSTEM_DRIVER 0x00000002
    File system driver service.

    SERVICE_KERNEL_DRIVER 0x00000001
    Driver service.

    SERVICE_RECOGNIZER_DRIVER 0x00000008
    Reserved.

    SERVICE_WIN32_OWN_PROCESS 0x00000010
    Service that runs in its own process.

    SERVICE_WIN32_SHARE_PROCESS 0x00000020
    Service that shares a process with one or more other services. For more
information, see Service Programs.
--- quote ---

Registry export of driver service:

--- snip ---
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ISODrive]
"DisplayName"="ISO DVD/CD-ROM Device Driver"
"ErrorControl"=dword:00000000
"ImagePath"="C:\\Program Files\\UltraISO\\drivers\\ISODrive.sys"
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0002bf20
"Start"=dword:00000001
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ISODrive\Parameters]
"AutoMount"=dword:00000001
"ExcludeDrives"="CDEZ"
--- snip ---

Type -> 0x2 -> SERVICE_FILE_SYSTEM_DRIVER

Source:
http://source.winehq.org/git/wine.git/blob/debd1346b003ae34013a04318e7105f88075c866:/programs/services/services.c#l606

--- snip ---
606 static DWORD service_start_process(struct service_entry *service_entry,
HANDLE *process)
607 {
...
634    
ExpandEnvironmentStringsW(service_entry->config.lpBinaryPathName,path,size);
635
636     if (service_entry->config.dwServiceType == SERVICE_KERNEL_DRIVER)
637     {
638         static const WCHAR winedeviceW[] =
{'\\','w','i','n','e','d','e','v','i','c','e','.','e','x','e',' ',0};
...
--- snip ---

$ sha1sum uiso9_pe.exe 
77d93c41f45530e58892b276a3fa92c7128b7539  uiso9_pe.exe

$ du -sh uiso9_pe.exe 
4.2M    uiso9_pe.exe

$ wine --version
wine-1.7.14-185-g5cf20ce

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list