[Bug 8277] Windows Sysinternals Process Explorer and other tools show zero thread start address (NtQueryInformationThread with ThreadQuerySetWin32StartAddress info class)

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Jul 29 16:42:21 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=8277

--- Comment #18 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

the main part is now implemented by commit
https://source.winehq.org/git/wine.git/commitdiff/845164004b4b6f2e0c64a588fe858d5a26664980

Thanks Sebastian

For reproducing older versions of Sysinternals Process Explorer are needed.
I found v16.02 from 2014 working.
Most recent one v16.05 crashes before user interface is reached (another
issue).

--- snip ---
Wine-dbg>info process

 pid      threads  executable (all id:s are in hex)
 00000021 4        'explorer.exe'
 0000000e 6        'services.exe'
>0000001a 3        \_ 'plugplay.exe'
 00000012 4        \_ 'winedevice.exe'
 00000008 2        'procexp.exe'

Wine-dbg>info thread

process  tid      prio (all id:s are in hex)
00000008 procexp.exe
    0000002a    0
    00000009    0
...
0000001a (D) C:\windows\system32\plugplay.exe
    00000020    0
    0000001f    0
    0000001b    0 <==
--- snip ---

Selecting Wine's builtin 'plugplay.exe' here as example for thread entry
points.

--- snip ---
Wine-dbg>bt 0x1b

...
16 0x7bc95c99 call_thread_func+0x32(entry=0x7b86e6de, arg=0x7ffdf000,
frame=0x33ffb8)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/signal_i386.c:2732] in
ntdll (0x0033ff98)
17 0x7bc95c3a call_thread_entry_point+0x11() in ntdll (0x0033ffb8)
18 0x7bc6a999 start_process+0x23(kernel_start=0x7b86e6de)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/loader.c:2873] in ntdll
(0x0033ffe8)
19 0xf75ef701 wine_call_on_stack+0x1c() in libwine.so.1 (0x00000000)
20 0xf75ef6df wine_switch_to_stack+0x1e(func=0x7bc6a975, arg=0x7b86e6de,
stack=0x340000) [/home/focht/projects/wine/wine.repo/src/libs/wine/port.c:59]
in libwine.so.1 (0xffe2cc18)
21 0x7bc6ac7d LdrInitializeThunk+0x2e3(kernel_start=<couldn't compute
location>, unknown2=<couldn't compute location>, unknown3=<couldn't compute
location>, unknown4=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/loader.c:2927] in ntdll
(0xffe2cc98)
22 0x7b86efef __wine_kernel_init+0x625()
[/home/focht/projects/wine/wine.repo/src/dlls/kernel32/process.c:1276] in
kernel32 (0xffe2db48)
23 0x7bc7e51e relay_call+0x39() in ntdll (0xffe2db68)
24 0x7b8321a9 in kernel32 (+0x121a8) (0xffe2dbc8)
25 0x7bc6b3ab __wine_process_init+0x139()
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/loader.c:3136] in ntdll
(0xffe2dbc8)
26 0xf75ee0b3 wine_init+0x124(argc=0x2, argv=0xffe2e0d4, error="",
error_size=0x400)
[/home/focht/projects/wine/wine.repo/src/libs/wine/loader.c:958] in
libwine.so.1 (0xffe2dc08)
27 0x7bf011aa main+0x132(argc=0x2, argv=0xffe2e0d4)
[/home/focht/projects/wine/wine.repo/src/loader/main.c:247] in <wine-loader>
(0xffe2e038)
28 0xf73e5715 __libc_start_main+0xf4() in libc.so.6 (0x00000000)
...

Wine-dbg>bt 0x1f

Backtrace:
...
  5 0x7bc95c5c call_thread_func_wrapper+0xb() in ntdll (0x0043ea28)
  6 0x7bc95c99 call_thread_func+0x32(entry=0x7ed4037a, arg=0x116a18,
frame=0x43eb28)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/signal_i386.c:2732] in
ntdll (0x0043eb08)
  7 0x7bc95c3a call_thread_entry_point+0x11() in ntdll (0x0043eb28)
  8 0x7bc9cca7 start_thread+0x108(info=0x81ffcfb8)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/thread.c:443] in ntdll
(0x0043f368)
  9 0xf759f370 start_thread+0xdf() in libpthread.so.0 (0x0043f428)
  10 0xf74c52be __clone+0x5d() in libc.so.6 (0x00000000)
...

Wine-dbg>bt 0x20

Backtrace:
...
  11 0x7bc95c5c call_thread_func_wrapper+0xb() in ntdll (0x0053ea28)
  12 0x7bc95c99 call_thread_func+0x32(entry=0x7ed3feec, arg=0x1157c0,
frame=0x53eb28)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/signal_i386.c:2732] in
ntdll (0x0053eb08)
  13 0x7bc95c3a call_thread_entry_point+0x11() in ntdll (0x0053eb28)
  14 0x7bc9cca7 start_thread+0x108(info=0x81ff8fb8)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/thread.c:443] in ntdll
(0x0053f368)
  15 0xf759f370 start_thread+0xdf() in libpthread.so.0 (0x0053f428)
  16 0xf74c52be __clone+0x5d() in libc.so.6 (0x00000000)
...
--- snip ---

Display in Process Explorer 'Threads' property page:

--- snip ---
TID   Start Address

32    shlwapi.dll+0x2feec
31    shlwapi.dll+0x3037a
27    0x0
--- snip ---

Trace log:

--- snip ---
...
0031:Call ntdll.NtOpenThread(00eeca94,00000040,00eeca9c,00eeca8c) ret=00448fa3
0031: open_thread( tid=0020, access=00000040, attributes=00000000 )
0031: open_thread() = 0 { handle=01f4 }
0031:Ret  ntdll.NtOpenThread() retval=00000000 ret=00448fa3
0031:Call
ntdll.NtQueryInformationThread(000001f4,00000009,00eecacc,00000004,00eecac4)
ret=00448ffa
0031: get_thread_info( handle=01f4, tid_in=0000 )
0031: get_thread_info() = 0 { pid=001a, tid=0020, teb=81ff8000,
entry_point=7ed3feec, affinity=0000000f, exit_code=259, priority=0, last=0 }
0031:Ret  ntdll.NtQueryInformationThread() retval=00000000 ret=00448ffa
0031:Call KERNEL32.CloseHandle(000001f4) ret=00449004
0031: close_handle( handle=01f4 )
0031: close_handle() = 0
0031:Ret  KERNEL32.CloseHandle() retval=00000001 ret=00449004 
...
0031:Call ntdll.NtOpenThread(00eeca94,00000040,00eeca9c,00eeca8c) ret=00448fa3
0031: open_thread( tid=001f, access=00000040, attributes=00000000 )
0031: open_thread() = 0 { handle=01f8 }
0031:Ret  ntdll.NtOpenThread() retval=00000000 ret=00448fa3
0031:Call
ntdll.NtQueryInformationThread(000001f8,00000009,00eecacc,00000004,00eecac4)
ret=00448ffa
0031: get_thread_info( handle=01f8, tid_in=0000 )
0031: get_thread_info() = 0 { pid=001a, tid=001f, teb=81ffc000,
entry_point=7ed4037a, affinity=0000000f, exit_code=259, priority=0, last=0 }
0031:Ret  ntdll.NtQueryInformationThread() retval=00000000 ret=00448ffa
0031:Call KERNEL32.CloseHandle(000001f8) ret=00449004
0031: close_handle( handle=01f8 )
0031: close_handle() = 0
0031:Ret  KERNEL32.CloseHandle() retval=00000001 ret=00449004 
...
0031: open_thread( tid=001b, access=00000040, attributes=00000000 )
0031: open_thread() = 0 { handle=01fc }
0031:Ret  ntdll.NtOpenThread() retval=00000000 ret=00448fa3
0031:Call
ntdll.NtQueryInformationThread(000001fc,00000009,00eecacc,00000004,00eecac4)
ret=00448ffa
0031: get_thread_info( handle=01fc, tid_in=0000 )
0031: get_thread_info() = 0 { pid=001a, tid=001b, teb=7ffd8000,
entry_point=7ffdf000, affinity=0000000f, exit_code=259, priority=0, last=0 }
0031:Ret  ntdll.NtQueryInformationThread() retval=00000000 ret=00448ffa
0031:Call KERNEL32.CloseHandle(000001fc) ret=00449004
0031: close_handle( handle=01fc )
0031: close_handle() = 0
0031:Ret  KERNEL32.CloseHandle() retval=00000001 ret=00449004 
--- snip ---

After the main thread entry point is fixed (currently still zero), the issue is
finished ;-)

The module name translation is a different issue.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list