[Bug 15980] Multiple applications expect security descriptors present in process object/token (Rhapsody 2, Rockstar Games Social Club v1.x)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Oct 12 13:11:02 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=15980
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Rhapsody 2 crashes on |Multiple applications
|startup (GetSecurityInfo |expect security descriptors
|returns NULL DACL for |present in process
|process object) |object/token (Rhapsody 2,
| |Rockstar Games Social Club
| |v1.x)
--- Comment #13 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
I found another victim: 'Rockstar Games Social Club' v1.x (part of their older
games)
Download: http://social-club.software.informer.com/download/?ca4ff90
Prerequisite: .NET Framework 3.5+
Managed exception:
--- snip ---
System.NullReferenceException: Object reference not set to an instance of an
object.
at
System.Workflow.Runtime.DebugEngine.DebugController.InitializeProcessSecurity()
at
System.Workflow.Runtime.WorkflowRuntime.PrivateInitialize(WorkflowRuntimeSection
settings)
at System.Workflow.Runtime.WorkflowRuntime..ctor()
at RockStartWorkflows.WorkflowManager..ctor()
at RockStartWorkflows.WorkflowManager.get_Current()
at RockStart.Program..ctor()
at RockStart.Program.a(String[] A_0)0009:Ret KERNEL32.WriteFile()
retval=00000001 ret=7a100484
--- snip ---
Relevant part of trace log:
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Rockstar Games/Rockstar Games Social
Club/1_0_0_0
$ WINEDEBUG=+tid,+seh,+relay,+advapi,+server wine ./RGSC.exe /launch:gta4
>>log.txt 2>&1
...
0025:Call advapi32.RevertToSelf() ret=0037bab3
0025: set_thread_info( handle=fffffffe, mask=4, priority=0, affinity=00000000,
token=0000 )
0025: set_thread_info() = 0
0025:Ret advapi32.RevertToSelf() retval=00000001 ret=0037bab3
...
0025:Call advapi32.OpenProcessToken(ffffffff,000f00ff,05bde2fc) ret=0037bbf0
0025: open_token( handle=ffffffff, access=000f00ff, attributes=00000000,
flags=00000000 )
0025: open_token() = 0 { token=0274 }
0025:Ret advapi32.OpenProcessToken() retval=00000001 ret=0037bbf0
...
0025:Call
advapi32.GetKernelObjectSecurity(00000274,00000004,00000000,00000000,05bde2f4)
ret=0037bcae
0025:trace:advapi:GetKernelObjectSecurity
(0x274,0x00000004,(nil),0x00000000,0x5bde2f4)
0025: get_security_object( handle=0274, security_info=00000004 )
0025: get_security_object() = 0 { sd_len=00000000, sd={} }
0025:Ret advapi32.GetKernelObjectSecurity() retval=00000000 ret=0037bcae
0025:Call KERNEL32.GetLastError() ret=0037bcb4
0025:Ret KERNEL32.GetLastError() retval=0000007a ret=0037bcb4
...
0025:Call ole32.CoTaskMemAlloc(00000014) ret=05557e81
0025:Call ntdll.RtlAllocateHeap(00110000,00000000,00000014) ret=7e49d976
0025:Ret ntdll.RtlAllocateHeap() retval=030f9ac0 ret=7e49d976
0025:Ret ole32.CoTaskMemAlloc() retval=030f9ac0 ret=05557e81
0025:Call
advapi32.GetKernelObjectSecurity(00000274,00000004,030f9ac0,00000014,05bde2f4)
ret=0037bcae
0025:trace:advapi:GetKernelObjectSecurity
(0x274,0x00000004,0x30f9ac0,0x00000014,0x5bde2f4)
0025: get_security_object( handle=0274, security_info=00000004 )
0025: get_security_object() = 0 { sd_len=00000000, sd={} }
0025:Ret advapi32.GetKernelObjectSecurity() retval=00000001 ret=0037bcae
0025:Call KERNEL32.GetLastError() ret=0037bcb4
0025:Ret KERNEL32.GetLastError() retval=0000007a ret=0037bcb4
...
0025:Call advapi32.CreateWellKnownSid(0000001a,00000000,009ea0d0,05bde2ec)
ret=0037bd7b
0025:trace:advapi:CreateWellKnownSid (26, (null), 0x9ea0d0, 0x5bde2ec)
0025:Ret advapi32.CreateWellKnownSid() retval=00000001 ret=0037bd7b
0025:Call KERNEL32.GetLastError() ret=0037bd81
0025:Ret KERNEL32.GetLastError() retval=0000007a ret=0037bd81
...
0025:trace:seh:raise_exception code=c0000005 flags=0 addr=0x555956d ip=0555956d
tid=0025
0025:trace:seh:raise_exception info[0]=00000000
0025:trace:seh:raise_exception info[1]=00000000
0025:trace:seh:raise_exception eax=0544adf0 ebx=009ea054 ecx=00000000
edx=009ea15c esi=009ea15c edi=00000000
0025:trace:seh:raise_exception ebp=05bde320 esp=05bde314 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0025:trace:seh:call_stack_handlers calling handler at 0x79edc3bc code=c0000005
flags=0
...
0025:Call msvcr80.strcmp(02e65daa "System",79e733d8 "System") ret=79e9bc7c
0025:Ret msvcr80.strcmp() retval=00000000 ret=79e9bc7c
0025:Call msvcr80.strcmp(02e66cad "NullReferenceException",79ecda8c
"NullReferenceException") ret=79e9bc94
0025:Ret msvcr80.strcmp() retval=00000000 ret=79e9bc94
...
<marshal/signal exception to other thread>
...
0009:Call KERNEL32.RaiseException(e0434f4d,00000001,00000001,0033f0e4)
ret=79eda91c
0009:trace:seh:raise_exception code=e0434f4d flags=1 addr=0x7b83af1f
ip=7b83af1f tid=0009
0009:trace:seh:raise_exception info[0]=80004003
0009:trace:seh:raise_exception eax=7b826dfd ebx=7b8be000 ecx=80004003
edx=0033f028 esi=0033f0c4 edi=0033f090
0009:trace:seh:raise_exception ebp=0033f068 esp=0033f004 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00000287
0009:trace:seh:call_stack_handlers calling handler at 0x79f908a2 code=e0434f4d
flags=1
0009:Call
msvcr80._except_handler4_common(7a3b3240,79e72037,0033f010,0033f0fc,0033eca0,0033eb7c)
ret=79f908c1
...
--- snip ---
It basically wants to do the following:
1) get DACL for process token
2) add TOKEN_QUERY permissions for the 'Administrators' group
3) set the updated DACL for process token
'GetKernelObjectSecurity' returns an empty SD which causes the exception later.
It seems Joris van der Wel has taken over that part from Erich.
https://source.winehq.org/patches/data/106589
$ sha1sum rgsc.rar
af796e8e91c7252f172fb10ce9201fec39e3162c rgsc.rar
$ du -sh rgsc.rar
212M rgsc.rar
$ wine --version
wine-1.7.28-90-ga71f25d
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list