[Bug 39384] Tencent QQ 7.6 frame manager kernel driver 'QQFrmMgr.sys' crashes on unimplemented function ntoskrnl.exe.CmRegisterCallback

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Oct 24 05:13:46 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=39384

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht at gmx.net
          Component|-unknown                    |ntoskrnl
            Summary|QQ 7.6 can't be started     |Tencent QQ 7.6 frame
                   |after the installer first   |manager kernel driver
                   |start it                    |'QQFrmMgr.sys' crashes on
                   |                            |unimplemented function
                   |                            |ntoskrnl.exe.CmRegisterCall
                   |                            |back
     Ever confirmed|0                           |1

--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

--- snip ---
000f:trace:service:scmdatabase_load_services Loading service L"QQFrmMgr" 
...
000f:trace:service:load_service_config Image path           =
L"C:\\windows\\system32\\drivers\\QQFrmMgr.sys"
000f:trace:service:load_service_config Group                = L"Filter"
000f:trace:service:load_service_config Service account name = L"LocalSystem"
000f:trace:service:load_service_config Display name         = L"QQFrmMgr"
000f:trace:service:load_service_config Service dependencies : (none)
000f:trace:service:load_service_config Group dependencies   : (none)
...
000f:trace:service:scmdatabase_load_services Loading service L"QQProtect" 
...
000f:trace:service:load_service_config Image path           = (null)
000f:trace:service:load_service_config Group                = (null)
000f:trace:service:load_service_config Service account name = (null)
000f:trace:service:load_service_config Display name         = (null)
000f:trace:service:load_service_config Service dependencies : (none)
000f:trace:service:load_service_config Group dependencies   : (none)
...
000f:trace:service:scmdatabase_load_services Even the service type not set for
service L"QQProtect" - skipping
...
0026:Call KERNEL32.LoadLibraryW(0011b250
L"C:\\windows\\system32\\drivers\\QQFrmMgr.sys") ret=7effbdfd 
...
0026:Ret  KERNEL32.LoadLibraryW() retval=00540000 ret=7effbdfd 
...
0026:Call driver init 0x5539be
(obj=0x7efff4a0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\QQFrmMgr") 
...
0026:fixme:ntoskrnl:MmGetSystemRoutineAddress
L"PsGetCurrentProcessWin32Process" not found 
...
0026:fixme:ntoskrnl:MmGetSystemRoutineAddress L"PsGetCurrentThreadWin32Thread"
not found 
...
0026:Call
ntoskrnl.exe.IoCreateDevice(7efff4a0,00000434,0053e5fc,00000022,00000000,00000001,0053e608)
ret=00543b44
0026:trace:ntoskrnl:IoCreateDevice (0x7efff4a0, 1076, L"\\Device\\QQFrmMgr",
34, 0, 1, 0x53e608) 
...
0026:fixme:ntoskrnl:MmGetSystemRoutineAddress L"ObUnRegisterCallbacks" not
found
...
0026:fixme:ntoskrnl:PsSetCreateProcessNotifyRoutine stub: 0x54e120 0
...
0026:fixme:ntoskrnl:PsSetCreateThreadNotifyRoutine stub: 0x54e20a
...
0026:fixme:ntoskrnl:PsSetLoadImageNotifyRoutine (0x54e248) stub
...
0026:Call KERNEL32.RaiseException(80000100,00000001,00000002,0053e5c0)
ret=7ecd09c1
0026:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b845f21
ip=7b845f21 tid=0026
0026:trace:seh:raise_exception  info[0]=7ecd09e0
0026:trace:seh:raise_exception  info[1]=7ecd1187
wine: Call from 0x7b845f21 to unimplemented function
ntoskrnl.exe.CmRegisterCallback, aborting
0026:trace:seh:call_vectored_handlers calling handler at 0x7eccb1cb
code=80000100 flags=1
0026:trace:seh:call_vectored_handlers handler at 0x7eccb1cb returned 0
0026:trace:seh:call_stack_handlers calling handler at 0x7bcb49a3 code=80000100
flags=1
0026:Call KERNEL32.UnhandledExceptionFilter(0053dfd4) ret=7bcb49dd
wine: Unimplemented function ntoskrnl.exe.CmRegisterCallback called at address
0x7b845f21 (thread 0026), starting debugger..
--- snip ---

MSDN:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff545879%28v=vs.85%29.aspx
("Filtering Registry Calls")

$ sha1sum QQ7.6.exe 
51a8c392951b6bb04196bd5403332a8ea49dc5f6  QQ7.6.exe

$ du -sh QQ7.6.exe 
55M    QQ7.6.exe

$ wine --version
wine-1.7.53-156-gf8d78b0

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list