[Bug 37867] Rapid Typing 5 crashes on startup (support for keyboard layout files missing)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Jan 9 13:21:25 CST 2015 

https://bugs.winehq.org/show_bug.cgi?id=37867

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
            Version|unspecified                 |1.7.33
                URL|                            |http://www.rapidtyping.com/
                   |                            |downloads/typing-tutor/beta
                   |                            |/RapidTyping_Setup_5.0.98.e
                   |                            |xe
           Keywords|                            |download
          Component|-unknown                    |user32
                 CC|                            |focht at gmx.net
     Ever confirmed|0                           |1
            Summary|rapid typing   doesn't      |Rapid Typing 5 crashes on
                   |start                       |startup (support for
                   |                            |keyboard layout files
                   |                            |missing)

--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

The trace log doesn't reveal it, the crash on startup is just a manifestation
of a problem which happens much earlier.

--- snip ---
...
0023:Call user32.CopyRect(0033f0e4,0033f11c) ret=00432126
0023:Ret  user32.CopyRect() retval=00000001 ret=00432126
0023:Call ntdll.RtlAllocateHeap(02100000,00000000,00000030) ret=0050d12c
0023:Ret  ntdll.RtlAllocateHeap() retval=021aeb48 ret=0050d12c
0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x43215f ip=0043215f
tid=0023
0023:trace:seh:raise_exception  info[0]=00000000
0023:trace:seh:raise_exception  info[1]=00000040
0023:trace:seh:raise_exception  eax=00000000 ebx=00000000 ecx=02103670
edx=00000000 esi=021ae080 edi=021ae758
0023:trace:seh:raise_exception  ebp=0033f160 esp=0033f0fc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210246
0023:trace:seh:call_stack_handlers calling handler at 0x531888 code=c0000005
flags=0 
--- snip ---

--- snip ---
...
0043211E  51             PUSH ECX
0043211F  50             PUSH EAX
00432120  FF15 90635300  CALL DWORD PTR DS:[<&USER32.CopyRect>]
00432126  68 CCC25300    PUSH RapidTyp.0053C2CC         ; "PanelButSound.bmp"
0043212B  E8 00160A00    CALL RapidTyp.004D3730
00432130  3BFB           CMP EDI,EBX
00432132  74 06          JE SHORT RapidTyp.0043213A
00432134  89BE 10060000  MOV DWORD PTR DS:[ESI+610],EDI
0043213A  8B0D 44BF5700  MOV ECX,DWORD PTR DS:[57BF44]
00432140  8B81 740C0000  MOV EAX,DWORD PTR DS:[ECX+C74] ; EAX == NULL ptr
00432146  3BC3           CMP EAX,EBX
00432148  75 04          JNZ SHORT RapidTyp.0043214E
...
00432153  3999 C8090000  CMP DWORD PTR DS:[ECX+9C8],EBX
00432159  8986 88010000  MOV DWORD PTR DS:[ESI+188],EAX
0043215F  8B40 40        MOV EAX,DWORD PTR DS:[EAX+40]  ;  *boom*
00432162  0F95C2         SETNE DL
...
--- snip ---

The class instance data resides in dynamically allocated heap chunk,
initialized during main window creation.

The actual point of class member initialization '[ECX+C74]' ought to happen a
bit later.

--- snip ---
...
0023:Call user32.CreateWindowExW(00000000,005437ac L"RAPIDTYPING",0053abc4
L"RapidTyping",00cf0000,00000000,00000000,00000316,0000024e,00000000,00000000,00400000,00000000)
ret=004c9398 
...
0023:Call advapi32.RegOpenKeyExW(80000002,0210bea0
L"SYSTEM\\CurrentControlSet\\Control\\Keyboard
Layouts\\00000409",00000000,00000001,0033f054) ret=004f4b52
0023:Ret  advapi32.RegOpenKeyExW() retval=00000002 ret=004f4b52
...
--- snip ---

It seems the app wants to load a keyboard layout (descriptor) using registry
looked up keyboard mapping file.

After putting in registry data and providing US keyboard layout file
(http://www.dlldump.com/download-dll-files_new.php/dllfiles/K/kbdus.dll/5.1.2600.0/download.html),
the app is happy and shows the main user interface.

There is a large onscreen keyboard shown for an interactive typing tutorial.

--- snip ---
REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409]
"Layout File"="kbdus.dll"
"Layout Text"="US"
--- snip ---

Also mentioned here: https://bugs.winehq.org/show_bug.cgi?id=28170#c1 

Bug 28170 talks about unimplemented 'USER32.dll.LoadKeyboardLayoutEx' - the API
implementation most likely relies on the keyboard layout files.

Trace log, showing successful access:

--- snip ---
...
0023:Call advapi32.RegOpenKeyExW(80000002,021699d0
L"SYSTEM\\CurrentControlSet\\Control\\Keyboard
Layouts\\00000409",00000000,00000001,0033ece4) ret=004f4b52
0023:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=004f4b52
0023:Call advapi32.RegQueryValueExW(000000a4,02169bb0 L"Layout
File",00000000,00000000,00000000,0033ece8) ret=004f4b88
0023:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=004f4b88
...
0023:Call advapi32.RegQueryValueExW(000000a4,02169bb0 L"Layout
File",00000000,0033ecec,02168458,0033ece8) ret=004f4bd4
0023:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=004f4bd4
...
0023:Call advapi32.RegCloseKey(000000a4) ret=004f4c09
0023:Ret  advapi32.RegCloseKey() retval=00000000 ret=004f4c09
...
0023:Call KERNEL32.GetSystemDirectoryW(0033edd8,00000104) ret=004c82c5
0023:Ret  KERNEL32.GetSystemDirectoryW() retval=00000013 ret=004c82c5
...
0023:Call KERNEL32.LoadLibraryW(02154ad8 L"C:\\windows\\system32\\kbdus.dll")
ret=004c8336
0023:Ret  KERNEL32.LoadLibraryW() retval=5fff0000 ret=004c8336
0023:Call KERNEL32.GetProcAddress(5fff0000,0054ab5c "KbdLayerDescriptor")
ret=004c8344
0023:Ret  KERNEL32.GetProcAddress() retval=5fff1a5a ret=004c8344
0023:Call KERNEL32.GetModuleHandleW(00550d48 L"kernel32") ret=004f49fa
0023:Ret  KERNEL32.GetModuleHandleW() retval=7b810000 ret=004f49fa
0023:Call KERNEL32.GetProcAddress(7b810000,00550d38 "IsWow64Process")
ret=004f4a01
0023:Ret  KERNEL32.GetProcAddress() retval=7b824364 ret=004f4a01
0023:Call KERNEL32.IsWow64Process(ffffffff,0033ed64) ret=004f4a15
0023:Ret  KERNEL32.IsWow64Process() retval=00000001 ret=004f4a15
0023:Call KERNEL32.FreeLibrary(5fff0000) ret=004c83bc
0023:Ret  KERNEL32.FreeLibrary() retval=00000001 ret=004c83bc
--- snip ---

Useful information:

https://stackoverflow.com/questions/11747532/kbdlayerdescriptor-pvktowchartable-returns-null-on-win64

http://www.codeproject.com/Questions/211107/RegQueryValueEx-programcrash-on-64-Bit

https://code.msdn.microsoft.com/windowshardware/Keyboard-Layout-Sample-b142d9e3

http://msdn.microsoft.com/en-us/goglobal/bb964665 (The Microsoft Keyboard
Layout Creator)

$ sha1sum RapidTyping_Setup_5.0.98.exe 
a3c0df7b10c9bf6c27f74eed001cc715f156f825  RapidTyping_Setup_5.0.98.exe

$ du -sh RapidTyping_Setup_5.0.98.exe 
16M    RapidTyping_Setup_5.0.98.exe

$ wine --version
wine-1.7.33-191-ge899bd8

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list