[Bug 33849] Multiple 64-bit kernel drivers crash on access to KI_USER_SHARED_DATA range (0xfffff78000000000) (Tages DRM, Comodo Backup)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Jun 19 15:00:59 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=33849

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Fixed by SHA1|                            |9c789f2949faa14dc98df6a42b7
                   |                            |e04b2af3e9ded
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #16 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

this is fixed by commits:

https://source.winehq.org/git/wine.git/commitdiff/0b06d4c4a36e34b314c1886a30423aa9faa3faa2
("ntoskrnl: Add initial code to emulate memory access to USER_SHARED_DATA on
x86_64.")

https://source.winehq.org/git/wine.git/commitdiff/411cdebaede4274d43e1ad4d1b3ada15321b1f6f
("ntoskrnl: Add emulation for 'mov Ob, AL' and 'mov Ovqp, rAX' instruction.")

https://source.winehq.org/git/wine.git/commitdiff/9c789f2949faa14dc98df6a42b7e04b2af3e9ded
("ntoskrnl: Add emulation for 'movzx {Eb,Ew}, Gv' instruction.")

Thanks Sebastian.

--- snip ---
...
000f:Call KERNEL32.CreateProcessW(00000000,000206a0
L"C:\\windows\\system32\\winedevice.exe
bdisk",00000000,00000000,00000000,00000400,00440000,00000000,0023f980,0023f9f0)
ret=7f02b884d82c 
...
0013:Call KERNEL32.__wine_kernel_init() ret=7f0a05072709
000f:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7f02b884d82c 
...
0018:Call advapi32.RegisterServiceCtrlHandlerExW(0001967e
L"bdisk",7f09fe2ca27b,00000000) ret=7f09fe2ca635
0018:Ret  advapi32.RegisterServiceCtrlHandlerExW() retval=00023e00
ret=7f09fe2ca635 
...
0018:Call KERNEL32.LoadLibraryW(00024850 L"system32\\drivers\\bdisk.sys")
ret=7f09fe2c916f 
...
0018:Ret  KERNEL32.LoadLibraryW() retval=00440000 ret=7f09fe2c916f 
...
0018:Call driver init 0x455064
(obj=0x7f09fe4cc5a0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\bdisk")
0018:trace:seh:raise_exception code=c0000005 flags=0 addr=0x455034 ip=455034
tid=0018
0018:trace:seh:raise_exception  info[0]=0000000000000000
0018:trace:seh:raise_exception  info[1]=fffff78000000320
0018:trace:seh:raise_exception  rax=fffff78000000320 rbx=00007f09fe4cc5a0
rcx=0000000000453100 rdx=00002b992ddfa232
0018:trace:seh:raise_exception  rsi=000000000043eb9b rdi=000000000043eb20
rbp=000000000043dfd0 rsp=000000000043dee8
0018:trace:seh:raise_exception   r8=000000000043e220  r9=00007f09fe4cc5a0
r10=6b736964625c5c73 r11=0000003f72b8cd30
0018:trace:seh:raise_exception  r12=000000000033ddff r13=000000000043f700
r14=0000000000000000 r15=0000000000000000
0018:trace:seh:call_vectored_handlers calling handler at 0x7f09fddbe0d5
code=c0000005 flags=0
0018:trace:int:vectored_handler next instruction rip=455037
0018:trace:int:vectored_handler   rax=0000000000000050 rbx=00007f09fe4cc5a0
rcx=0000000000453100 rdx=00002b992ddfa232
0018:trace:int:vectored_handler   rsi=000000000043eb9b rdi=000000000043eb20
rbp=000000000043dfd0 rsp=000000000043dee8
0018:trace:int:vectored_handler    r8=000000000043e220  r9=00007f09fe4cc5a0
r10=6b736964625c5c73 r11=0000003f72b8cd30
0018:trace:int:vectored_handler   r12=000000000033ddff r13=000000000043f700
r14=0000000000000000 r15=0000000000000000
0018:trace:seh:call_vectored_handlers handler at 0x7f09fddbe0d5 returned
ffffffff
0018:Call ntdll.RtlInitUnicodeString(0043def0,00448250 L"\\Device\\BDisk")
ret=00445455
0018:Ret  ntdll.RtlInitUnicodeString() retval=0043def0 ret=00445455
0018:Call
ntoskrnl.exe.IoCreateDevice(7f09fe4cc5a0,00000400,0043def0,00000022,00000100,7f0a0536a600,0043df30)
ret=00445488
0018:trace:ntoskrnl:IoCreateDevice (0x7f09fe4cc5a0, 1024, L"\\Device\\BDisk",
34, 100, 0, 0x43df30)
0018:Call ntdll.RtlAllocateHeap(00010000,00000008,00000548) ret=7f09fddc12d0
0018:Ret  ntdll.RtlAllocateHeap() retval=0002a940 ret=7f09fddc12d0
0018:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=00445488
0018:Call ntdll.RtlInitUnicodeString(0043df00,00448290 L"\\DosDevices\\BDisk")
ret=004454b4
0018:Ret  ntdll.RtlInitUnicodeString() retval=0043df00 ret=004454b4
0018:Call ntoskrnl.exe.IoCreateSymbolicLink(0043df00,0043def0) ret=004454c4
0018:trace:ntoskrnl:IoCreateSymbolicLink L"\\DosDevices\\BDisk" ->
L"\\Device\\BDisk"
0018:Call ntdll.NtCreateSymbolicLinkObject(0043dd48,000f0001,0043dd10,0043def0)
ret=7f09fddc18e6
0018:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f09fddc18e6
0018:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=004454c4
0018:trace:seh:raise_exception code=c0000005 flags=0 addr=0x441e97 ip=441e97
tid=0018
0018:trace:seh:raise_exception  info[0]=0000000000000000
0018:trace:seh:raise_exception  info[1]=fffff78000000014
0018:trace:seh:raise_exception  rax=fffff78000000014 rbx=000000000000016d
rcx=000000000043de10 rdx=000000000043de10
0018:trace:seh:raise_exception  rsi=0000000000448330 rdi=00007f09fe4cc6e8
rbp=000000000043dfd0 rsp=000000000043dd90
0018:trace:seh:raise_exception   r8=00000000004482f0  r9=000000000043ded0
r10=0000000000000008 r11=000000000043de78
0018:trace:seh:raise_exception  r12=00000000004482f0 r13=000000000043ded0
r14=0000000000000000 r15=0000000000000000
0018:trace:seh:call_vectored_handlers calling handler at 0x7f09fddbe0d5
code=c0000005 flags=0
0018:trace:int:vectored_handler next instruction rip=441e9a
0018:trace:int:vectored_handler   rax=01d0aac9a737e5d6 rbx=000000000000016d
rcx=000000000043de10 rdx=000000000043de10
0018:trace:int:vectored_handler   rsi=0000000000448330 rdi=00007f09fe4cc6e8
rbp=000000000043dfd0 rsp=000000000043dd90
0018:trace:int:vectored_handler    r8=00000000004482f0  r9=000000000043ded0
r10=0000000000000008 r11=000000000043de78
0018:trace:int:vectored_handler   r12=00000000004482f0 r13=000000000043ded0
r14=0000000000000000 r15=0000000000000000
0018:trace:seh:call_vectored_handlers handler at 0x7f09fddbe0d5 returned
ffffffff
0018:Call ntdll.RtlSystemTimeToLocalTime(0043de10,0043de10) ret=00441ea4
0018:Ret  ntdll.RtlSystemTimeToLocalTime() retval=00000000 ret=00441ea4
0018:Call
ntdll.ZwQueryInformationThread(fffffffffffffffe,00000000,0043de28,00000030,0043de20)
ret=00441ee9
0018:Ret  ntdll.ZwQueryInformationThread() retval=00000000 ret=00441ee9 
...
0018:Call msvcrt._vsnprintf(00024850,0000004d,004482f0 "BDisk Driver Started!
Compilation date %s Compilation time %s\n",0043ded0) ret=00442040
0018:Ret  msvcrt._vsnprintf() retval=0000004d ret=00442040 
...
0018:Ret  driver init 0x455064
(obj=0x7f09fe4cc5a0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\bdisk")
retval=00000000
0018:Call advapi32.SetServiceStatus(00023e00,0043e300) ret=7f09fe2ca715 
--- snip ---

$ wine --version
wine-1.7.45-147-gba00762

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list