[Bug 31396] FreeOTFE reports missing administrator rights (kernel drivers crash on startup due to 'IoCsqInitialize' being a stub)

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Jan 12 14:49:22 CST 2015


https://bugs.winehq.org/show_bug.cgi?id=31396

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|http://www.freeotfe.org/dow |http://sourceforge.net/proj
                   |nload.html                  |ects/freeotfe.mirror/files/
                   |                            |FreeOTFE_5_21.exe/download
                 CC|                            |focht at gmx.net
            Summary|freeOTFE requires           |FreeOTFE reports missing
                   |administrator rights        |administrator rights
                   |                            |(kernel drivers crash on
                   |                            |startup due to
                   |                            |'IoCsqInitialize' being a
                   |                            |stub)

--- Comment #13 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

Relevant part of trace log:

--- snip ---
...
00c0:Ret  advapi32.CreateServiceA() retval=00000000 ret=00517fa2 
...
00c0:Call gdi32.GetTextExtentPoint32A(0004002a,007339e8 "Starting:
FreeOTFEHashWhirlpool.sys...",00000026,0033f56c) ret=0042f4e7 
...
00c0:Ret  user32.PeekMessageA() retval=00000000 ret=0047f065
00c0:Call
advapi32.EnumServicesStatusA(0015ef48,0000000b,00000001,00000000,00000000,0033fc38,0033fc34,0033fc30)
ret=0051718d
00c0:trace:service:EnumServicesStatusA 0x15ef48 0xb 0x1 (nil) 0 0x33fc38
0x33fc34 0x33fc30
00c0:trace:service:EnumServicesStatusW 0x15ef48 0xb 0x1 0x15e9f0 36 0x33fc38
0x33fc34 0x33fc30
00c0:fixme:service:EnumServicesStatusW resume handle not supported 
...
00c0:Call advapi32.CreateServiceA(0015ef48,00743a88
"FreeOTFEHashWhirlpool",00743a88
"FreeOTFEHashWhirlpool",000f01ff,00000001,00000003,00000001,0071e088
"C:\\Program
Files\\FreeOTFE\\\\x86\\FreeOTFEHashWhirlpool.sys",00000000,00000000,00000000,00000000,00000000)
ret=00517fa2
00c0:trace:service:CreateServiceA 0x15ef48 "FreeOTFEHashWhirlpool"
"FreeOTFEHashWhirlpool"
00c0:trace:service:CreateServiceW 0x15ef48 L"FreeOTFEHashWhirlpool"
L"FreeOTFEHashWhirlpool" 
...
00c0:Ret  advapi32.CreateServiceA() retval=00000000 ret=00517fa2 
...
00c0:Call KERNEL32.WideCharToMultiByte(000004e4,00000000,001a4c54 L"One or more
of your portable FreeOTFE drivers could not be installed/started.\r\n\r\nYou
need administrator privileges in order to carry out this
operation.\r\n\r\nPlease select \"File | Drivers...\" to check which drivers
are currently operating.",000000ed,0033ed30,00000fff,00000000,00000000)
ret=004052db 
...
--- snip ---

The reason for the error message is that all kernel drivers are crashing when
being started as service.

--- snip ---
$ egrep "(service:load_service_config.*\\\\Free)" log.txt  | cut -d "=" -f2
 L"C:\\windows\\system32\\FreeOTFE.sys"
 L"C:\\windows\\system32\\FreeOTFECypherAES_ltc.sys"
 L"C:\\windows\\system32\\FreeOTFECypherBlowfish.sys"
 L"C:\\windows\\system32\\FreeOTFECypherCAST5.sys"
 L"C:\\windows\\system32\\FreeOTFECypherCAST6_Gladman.sys"
 L"C:\\windows\\system32\\FreeOTFECypherDES.sys"
 L"C:\\windows\\system32\\FreeOTFECypherMARS_Gladman.sys"
 L"C:\\windows\\system32\\FreeOTFECypherRC6_ltc.sys"
 L"C:\\windows\\system32\\FreeOTFECypherSerpent_Gladman.sys"
 L"C:\\windows\\system32\\FreeOTFECypherTwofish_ltc.sys"
 L"C:\\windows\\system32\\FreeOTFEHashMD.sys"
 L"C:\\windows\\system32\\FreeOTFEHashRIPEMD.sys"
 L"C:\\windows\\system32\\FreeOTFEHashSHA.sys"
 L"C:\\windows\\system32\\FreeOTFEHashTiger.sys"
 L"C:\\windows\\system32\\FreeOTFEHashWhirlpool.sys"
--- snip ---

Example tracing of one kernel driver startup (applies to all other):

--- snip ---
...
001b:Starting thread proc 0x543f78 (arg=0x11eb90)
001b:Call ntoskrnl.exe.KeGetCurrentThread() ret=00543f88
001b:fixme:ntoskrnl:KeGetCurrentThread () stub
001b:Ret  ntoskrnl.exe.KeGetCurrentThread() retval=00000000 ret=00543f88
001b:Call ntoskrnl.exe.KeSetPriorityThread(00000000,00000010) ret=00543f8f
001b:fixme:ntoskrnl:KeSetPriorityThread ((nil) 16)
001b:Ret  ntoskrnl.exe.KeSetPriorityThread() retval=00000010 ret=00543f8f
001b:Call
ntoskrnl.exe.KeWaitForSingleObject(0011f13c,00000000,00000000,00000000,00000000)
ret=00543fa8
001b:fixme:ntoskrnl:KeWaitForSingleObject stub: 0x11f13c, 0, 0, 0, (nil)
001b:Ret  ntoskrnl.exe.KeWaitForSingleObject() retval=c0000002 ret=00543fa8
001b:Call ntoskrnl.exe.PsTerminateSystemThread(00000000) ret=005440a7
001b:fixme:ntoskrnl:PsTerminateSystemThread stub: 0
001b:Ret  ntoskrnl.exe.PsTerminateSystemThread() retval=c0000002 ret=005440a7
001b:Call PE DLL (proc=0xf71cea58,module=0xf7160000
L"msvcrt.dll",reason=THREAD_DETACH,res=(nil))
001b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=f7196af8
001b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=f7196af8
001b:Ret  PE DLL (proc=0xf71cea58,module=0xf7160000
L"msvcrt.dll",reason=THREAD_DETACH,res=(nil)) retval=1
001b:Call PE DLL (proc=0xf7372e84,module=0xf7320000
L"rpcrt4.dll",reason=THREAD_DETACH,res=(nil))
001b:Ret  PE DLL (proc=0xf7372e84,module=0xf7320000
L"rpcrt4.dll",reason=THREAD_DETACH,res=(nil)) retval=1
001b:Call PE DLL (proc=0xf72f9e84,module=0xf72a0000
L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
001b:Ret  PE DLL (proc=0xf72f9e84,module=0xf72a0000
L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
001b:Call PE DLL (proc=0xf70cea58,module=0xf7060000
L"msvcrt.dll",reason=THREAD_ATTACH,res=(nil))
001b:Ret  PE DLL (proc=0xf70cea58,module=0xf7060000
L"msvcrt.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
001b:Starting thread proc 0x541194 (arg=0x11ec80)
001b:Call ntoskrnl.exe.KeGetCurrentThread() ret=005411a3
001b:fixme:ntoskrnl:KeGetCurrentThread () stub
001b:Ret  ntoskrnl.exe.KeGetCurrentThread() retval=00000000 ret=005411a3
001b:Call ntoskrnl.exe.KeSetPriorityThread(00000000,00000010) ret=005411aa
001b:fixme:ntoskrnl:KeSetPriorityThread ((nil) 16)
001b:Ret  ntoskrnl.exe.KeSetPriorityThread() retval=00000010 ret=005411aa
001b:Call
ntoskrnl.exe.KeWaitForSingleObject(0011eeb8,00000000,00000000,00000000,00000000)
ret=005411c3
001b:fixme:ntoskrnl:KeWaitForSingleObject stub: 0x11eeb8, 0, 0, 0, (nil)
001b:Ret  ntoskrnl.exe.KeWaitForSingleObject() retval=c0000002 ret=005411c3
001b:trace:ntdll:NtQueryInformationProcess
(0xffffffff,0x00000022,0x75e6c8,0x00000004,(nil))
001b:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000
tid=001b
001b:trace:seh:raise_exception  info[0]=00000000
001b:trace:seh:raise_exception  info[1]=00000000
001b:trace:seh:raise_exception  eax=0075ea44 ebx=00000000 ecx=eabc3be3
edx=0075ef8c esi=0011ee98 edi=0011ed38
001b:trace:seh:raise_exception  ebp=0075ea3c esp=0075ea28 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
001b:trace:seh:call_vectored_handlers calling handler at 0x7ecf78d8
code=c0000005 flags=0
001b:trace:seh:call_vectored_handlers handler at 0x7ecf78d8 returned 0
001b:trace:seh:call_stack_handlers calling handler at 0x7bc9ed1b code=c0000005
flags=0 
--- snip ---

There is lots of stuff going wrong here.

For example, the KeWaitXXX family of wait functions does nothing, returning
immediately instead of executing a potentially blocking wait.

This leads to driver threads immediately exiting as seen by calls to
'PsTerminateSystemThread' and 'THREAD_DETACH' notifications.

The crash itself is caused by 'IoCsqInitialize' being a stub, not initializing
'IO_CSQ' structure at all.

MSDN:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff549054%28v=vs.85%29.aspx

Driver-defined CsqXXXIrp functions are never "wired" up to be called later.

$ sha1sum FreeOTFE_5_21.exe 
736f42d4f2ed216ff8fbb883c44055242599e812  FreeOTFE_5_21.exe

$ du -sh FreeOTFE_5_21.exe 
2.9M    FreeOTFE_5_21.exe

$ wine --version
wine-1.7.34

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.



More information about the wine-bugs mailing list