[Bug 32907] AMMYY Admin v3.0 crashes at startup in Win7 mode ('NtSetInformationToken' needs to support 'TokenSessionId')

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Aug 8 05:51:16 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=32907

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|http://www.ammyy.com/AA_v3. |http://www.ammyy.com/AA_v3.
                   |0.exe                       |exe
                 CC|                            |focht at gmx.net
          Component|-unknown                    |ntdll
            Summary|AMMYY Admin v3.0 crashes at |AMMYY Admin v3.0 crashes at
                   |startup in Win7 mode        |startup in Win7 mode
                   |                            |('NtSetInformationToken'
                   |                            |needs to support
                   |                            |'TokenSessionId')

--- Comment #10 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

It seems my browser flags this download as spyware/malware probably due to
repeated (ab)use by shady guys ;-)

The client launches a service which fails to start up properly and then spins
forever waiting for the service.

--- snip ---
$ WINEDEBUG=+tid,+seh,+relay,+service,+msvcrt wine ./AA_v3.exe >>log.txt 2>&1
...
0009:Call advapi32.CreateServiceW(00153fa0,004d1d3c L"AmmyyAdmin_8",004d1d6c
L"AmmyyAdmin_8",000f01ff,00000010,00000002,00000001,004d1e0c
L"\"Z:\\home\\focht\\Downloads\\AA_v3.exe\" -service
-lunch",00000000,00000000,00000000,00000000,00000000) ret=0042003c
...
0009:trace:service:CreateServiceW 0x153fa0 L"AmmyyAdmin_8" L"AmmyyAdmin_8" 
...
0017:trace:service:svcctl_CreateServiceW (L"AmmyyAdmin_8", L"AmmyyAdmin_8",
0xf01ff, L"\"Z:\\home\\focht\\Downloads\\AA_v3.exe\" -service -lunch")
0017:trace:service:create_serviceW (L"AmmyyAdmin_8", L"AmmyyAdmin_8", 0xf01ff,
L"\"Z:\\home\\focht\\Downloads\\AA_v3.exe\" -service -lunch") 
...
0016:Call KERNEL32.CreateProcessW(00000000,0011a588
L"\"Z:\\home\\focht\\Downloads\\AA_v3.exe\" -service
-lunch",00000000,00000000,00000000,00000400,00540000,00000000,0084e3c4,0084e408)
ret=7ed5756f 
...
0029:Call KERNEL32.__wine_kernel_init() ret=7bc6b3cb 
...
0016:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7ed5756f 
...
0016:trace:service:service_send_start_message L"AmmyyAdmin_8" 0x11a298 2 
...
0009:Call advapi32.QueryServiceStatus(00153e30,0032f3d0) ret=00420835
0009:trace:service:QueryServiceStatus 0x153e30 0x32f3d0
0009:trace:service:QueryServiceStatusEx 0x153e30 0 0x32f318 36 0x32f314 
...
0009:Ret  advapi32.QueryServiceStatus() retval=00000001 ret=00420835 
...
<repeats forever>
--- snip ---

The failing service:

--- snip ---
...
002d:Starting thread proc 0x7ebd0fc4 (arg=0x14c468)
002d:trace:service:service_thread 0x14c468
002d:Call advapi32.RegisterServiceCtrlHandlerExA(004a10b8
"AmmyyAdmin",0041f4cb,00000021) ret=0041f339
002d:trace:service:RegisterServiceCtrlHandlerExW L"AmmyyAdmin" 0x41f4cb 0x21
002d:Ret  advapi32.RegisterServiceCtrlHandlerExA() retval=0014c5b0 ret=0041f339
002d:Call advapi32.SetServiceStatus(0014c5b0,004af9dc) ret=0041f566
002d:trace:service:SetServiceStatus 0x14c5b0 30 2 0 0 0 1 3a98 
...
002d:Ret  advapi32.SetServiceStatus() retval=00000001 ret=0041f566 
...
002d:Call advapi32.OpenProcessToken(ffffffff,000f01ff,007de8d8) ret=0041fb49
002d:Ret  advapi32.OpenProcessToken() retval=00000001 ret=0041fb49
002d:Call
advapi32.DuplicateTokenEx(00000084,02000000,00000000,00000002,00000001,007de8dc)
ret=0041fb8f
002d:Ret  advapi32.DuplicateTokenEx() retval=00000001 ret=0041fb8f
002d:Call KERNEL32.CloseHandle(00000084) ret=0041fbcf
002d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=0041fbcf
002d:Call advapi32.SetTokenInformation(00000088,0000000c,007de8e8,00000004)
ret=0041fbf1
002d:fixme:ntdll:NtSetInformationToken unimplemented class 12
002d:Ret  advapi32.SetTokenInformation() retval=00000000 ret=0041fbf1
002d:Call KERNEL32.GetLastError() ret=0041fbfb
002d:Ret  KERNEL32.GetLastError() retval=00000001 ret=0041fbfb
002d:Call KERNEL32.CloseHandle(00000088) ret=0041fc02
002d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=0041fc02 
...
002d:Call msvcrt.vsprintf(004d18bc,004a414c "ERROR: SetTokenInformation()
error=%d",007de8c0) ret=0042b972
002d:trace:msvcrt:pf_printf_a Format is: "ERROR: SetTokenInformation()
error=%d"
002d:Ret  msvcrt.vsprintf() retval=00000024 ret=0042b972
002d:Call KERNEL32.lstrlenA(004d18bc "ERROR: SetTokenInformation() error=1")
ret=0042ad86
002d:Ret  KERNEL32.lstrlenA() retval=00000024 ret=0042ad86
002d:Call msvcrt._CxxThrowException(007de8cc,0048f06c) ret=0041fc22
002d:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,007de864)
ret=7e579df5
002d:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b845d3d
ip=7b845d3d tid=002d
002d:trace:seh:raise_exception  info[0]=19930520
002d:trace:seh:raise_exception  info[1]=007de8cc
002d:trace:seh:raise_exception  info[2]=0048f06c
002d:trace:seh:raise_exception  eax=7b832afd ebx=00000000 ecx=0000000c
edx=007de7b4 esi=007de860 edi=007de820
002d:trace:seh:raise_exception  ebp=007de7f8 esp=007de794 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00200202 
...
002d:trace:msvcrt:pf_printf_a Format is: "ERROR: ERROR: Unhandled Exception
eip=7B845D3D esp=007DE794 ebp=007DE7F8"
...
002d:Call KERNEL32.CreateFileW(004afb18
L"Z:\\home\\focht\\Downloads\\AMMYY_service.log",00000002,00000003,00000000,00000004,00000080,00000000)
ret=0042830c
...
002d:Call KERNEL32.ExitProcess(00000000) ret=00425625
--- snip --

$ sha1sum AA_v3.exe
63c52b0ac68ab7464e2cd777442a5807db9b5383  AA_v3.exe

$ du -sh AA_v3.exe
756K    AA_v3.exe

$ wine --version
wine-1.7.49

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list