[Bug 44880] 64-bit Mod Organizer 2.1.2 dev6-Silarn-prerelease fails to load ' usvfs_x64.dll', needs ' ntdll.RtlDosPathNameToRelativeNtPathName_U_WithStatus'

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Apr 1 15:37:19 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=44880

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|-unknown                    |ntdll
           Keywords|                            |win64
                 CC|                            |focht at gmx.net
            Summary|Latest dev build of Mod     |64-bit Mod Organizer 2.1.2
                   |Organizer 2 fails to        |dev6-Silarn-prerelease
                   |initialize dlls             |fails to load
                   |                            |'usvfs_x64.dll', needs
                   |                            |'ntdll.RtlDosPathNameToRela
                   |                            |tiveNtPathName_U_WithStatus
                   |                            |'

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming too.

--- snip ---
$ WINEDEBUG=+seh,+relay,+module wine ./ModOrganizer.exe >>log.txt 2>&1
...
0030:Call PE DLL (proc=0xd4b068,module=0xc80000
L"usvfs_x64.dll",reason=PROCESS_ATTACH,res=0x23fb00)
0030:Call KERNEL32.LoadLibraryExW(00dcd320
L"api-ms-win-core-synch-l1-2-0",00000000,00000800) ret=00d6ab15 
...
0030:Call KERNEL32.GetModuleHandleW(00dbea90 L"ntdll.dll") ret=00d07f73
0030:trace:module:LdrGetDllHandle L"ntdll.dll" -> 0x7bc80000 (load path
L"Z:\\home\\focht\\Downloads;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem")
0030:Ret  KERNEL32.GetModuleHandleW() retval=7bc80000 ret=00d07f73
0030:Call KERNEL32.GetProcAddress(7bc80000,00db8ba8 "NtQueryDirectoryFile")
ret=00d07f86
0030:Ret  KERNEL32.GetProcAddress() retval=7bc8a2dc ret=00d07f86
0030:Call KERNEL32.GetProcAddress(7bc80000,00db8bc0 "NtQueryDirectoryFileEx")
ret=00d07f9d
0030:Ret  KERNEL32.GetProcAddress() retval=00000000 ret=00d07f9d
0030:Call KERNEL32.GetProcAddress(7bc80000,00db8b70
"NtQueryFullAttributesFile") ret=00d07fb4
0030:Ret  KERNEL32.GetProcAddress() retval=7bc8a36c ret=00d07fb4
0030:Call KERNEL32.GetProcAddress(7bc80000,00db8b90 "NtQueryAttributesFile")
ret=00d07fcb
0030:Ret  KERNEL32.GetProcAddress() retval=7bc8a28c ret=00d07fcb
0030:Call KERNEL32.GetProcAddress(7bc80000,00db8bd8 "NtCreateFile")
ret=00d07fe2
0030:Ret  KERNEL32.GetProcAddress() retval=7bc898e0 ret=00d07fe2
0030:Call KERNEL32.GetProcAddress(7bc80000,00db7828 "NtOpenFile") ret=00d07ff9
0030:Ret  KERNEL32.GetProcAddress() retval=7bc89f84 ret=00d07ff9
0030:Call KERNEL32.GetProcAddress(7bc80000,00db7838 "NtClose") ret=00d08010
0030:Ret  KERNEL32.GetProcAddress() retval=7bc89848 ret=00d08010
0030:Call KERNEL32.GetProcAddress(7bc80000,00dbeaa8 "RtlDoesFileExists_U")
ret=00d08027
0030:Ret  KERNEL32.GetProcAddress() retval=7bc8bb04 ret=00d08027
0030:Call KERNEL32.GetProcAddress(7bc80000,00dbeac0
"RtlDosPathNameToRelativeNtPathName_U_WithStatus") ret=00d0803e
0030:Ret  KERNEL32.GetProcAddress() retval=00000000 ret=00d0803e
0030:Call KERNEL32.GetProcAddress(7bc80000,00dbeaf0 "RtlReleaseRelativeName")
ret=00d08055
0030:Ret  KERNEL32.GetProcAddress() retval=00000000 ret=00d08055
0030:Call KERNEL32.GetProcAddress(7bc80000,00dbeb08 "RtlGetVersion")
ret=00d0806c
0030:Ret  KERNEL32.GetProcAddress() retval=7bc8c3c8 ret=00d0806c
0030:Call KERNEL32.GetProcAddress(7bc80000,00db8be8 "NtTerminateProcess")
ret=00d08083
0030:Ret  KERNEL32.GetProcAddress() retval=7bc8ad98 ret=00d08083
0030:trace:seh:NtRaiseException code=c0000005 flags=0 addr=(nil) ip=0 tid=0030
0030:trace:seh:NtRaiseException  info[0]=0000000000000008
0030:trace:seh:NtRaiseException  info[1]=0000000000000000
0030:trace:seh:NtRaiseException  rax=0000000000000000 rbx=0000000000e425b0
rcx=0000000000dbb170 rdx=000000000023e538
0030:trace:seh:NtRaiseException  rsi=0000000000e425a0 rdi=0000000000e425a8
rbp=0000000000000000 rsp=000000000023e508
0030:trace:seh:NtRaiseException   r8=0000000000000000  r9=000000000023e548
r10=0000000000000002 r11=0000000000000246
0030:trace:seh:NtRaiseException  r12=000000007c000a70 r13=00007fff0d184bc0
r14=0000000000c80000 r15=0000000000000000
...
0030:exception in PE entry point
(proc=0xd4b068,module=0xc80000,reason=PROCESS_ATTACH,res=0x23fb00)
0030:Ret  PE DLL (proc=0xd4b068,module=0xc80000
L"usvfs_x64.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=0
0030:Call TLS callback
(proc=0xd43030,module=0xc80000,reason=PROCESS_DETACH,reserved=0)
0030:Ret  TLS callback
(proc=0xd43030,module=0xc80000,reason=PROCESS_DETACH,reserved=0)
0030:Call PE DLL (proc=0xd4b068,module=0xc80000
L"usvfs_x64.dll",reason=PROCESS_DETACH,res=0x23fb00)
0030:Ret  PE DLL (proc=0xd4b068,module=0xc80000
L"usvfs_x64.dll",reason=PROCESS_DETACH,res=0x23fb00) retval=0
0030:warn:module:process_attach Initialization of L"usvfs_x64.dll" failed
0030:trace:module:process_attach (L"usvfs_x64.dll",0x23fb00) - END
0030:trace:module:process_attach (L"ModOrganizer.exe",0x23fb00) - END
0030:err:module:attach_dlls "usvfs_x64.dll" failed to initialize, aborting
0030:err:module:attach_dlls Initializing dlls for
L"Z:\\home\\focht\\Downloads\\ModOrganizer.exe" failed, status c0000005  
--- snip ---

ProtectionID scan of 'usvfs_x64.dll':

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> Z:\home\focht\Downloads\usvfs_x64.dll
File Type : 64-Bit Dll (Subsystem : Win GUI / 2), Size : 1905664 (01D1400h)
Byte(s) | Machine: 0x8664 (AMD64)
Compilation TimeStamp : 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT)
[TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | PE Header | - |
Offset: 0x00000000:00000120 | VA: 0x00000001:80000120 | -
[TimeStamp] 0xFFFFFFFF -> Sun 07th Feb 2106 06:28:15 (GMT) | Export | - |
Offset: 0x00000000:0019AF54 | VA: 0x00000001:8019C954 | -
[TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | DebugDirectory | -
| Offset: 0x00000000:001659E4 | VA: 0x00000001:801673E4 | -
[TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | DebugDirectory | -
| Offset: 0x00000000:00165A00 | VA: 0x00000001:80167400 | -
[TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | DebugDirectory | -
| Offset: 0x00000000:00165A1C | VA: 0x00000001:8016741C | -
[TimeStamp] 0x5ABEC65C -> Fri 30th Mar 2018 23:21:00 (GMT) | DebugDirectory | -
| Offset: 0x00000000:00165A38 | VA: 0x00000001:80167438 | -
[!] Executable uses TLS callbacks (1 total... 0 invalid addresses)
[LoadConfig] Struct determined as v8 (Expected size 232 | Actual size 256)
[LoadConfig] CFG (/Guard) - Handler @ 0x1:80132708
[LoadConfig] CFG Table @ 0x0:00000000 | 0x00 (00) entries
[LoadConfig] CFG Flags : 0x100
[LoadConfig] CodeIntegrity -> Flags 0x0 | Catalog 0x0 (0) | Catalog Offset 0x0
| Reserved 0x0
[LoadConfig] GuardAddressTakenIatEntryTable 0x0:00000000 | Count 0x000000000
(00)
[LoadConfig] GuardLongJumpTargetTable 0x0:00000000 | Count 0x000000000 (00)
[LoadConfig] HybridMetadataPointer 0x1:00000000 | DynamicValueRelocTable
0x0:00000000
[LoadConfig] FailFastIndirectProc 0x0:00000000 | FailFastPointer 0x0:00000000
[LoadConfig] UnknownZero1 0x0       0
[LoadConfig] CFG Data Present, yet setting is not present in the
DllCharacteristics.. patched out?
[File Heuristics] -> Flag #1 : 00000100000001001101000100010000 (0x0404D110)
[Entrypoint Section Entropy] : 6.41 (section #0) ".text   " | Size : 0x13013C
(1245500) byte(s)
[DllCharacteristics] -> Flag : (0x0160) -> HEVA | ASLR | DEP
[SectionCount] 6 (0x6) | ImageSize 0x1DA000 (1941504) byte(s)
[Export] 100% of function(s) (63 of 63) are in file | 0 are forwarded | 63 code
| 0 data | 0 uninit data | 0 unknown | 
[VersionInfo] Company Name : Community Edition
[VersionInfo] Product Name : USVFS
[VersionInfo] Product Version : 0.3.1.0-beta5
[VersionInfo] File Description : Windows OverlayFS
[VersionInfo] File Version : 0.3.1.0-beta5
[VersionInfo] Original FileName : usvfs_x64.dll
[ModuleReport] [IAT] Modules -> SHLWAPI.dll | KERNEL32.dll | USER32.dll |
ADVAPI32.dll | SHELL32.dll
[Debug Info] (record 1 of 4) (file offset 0x1659E0)
Characteristics : 0x0 | TimeDateStamp : 0x5ABEC65C (Fri 30th Mar 2018 23:21:00
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x3D (61) 
AddressOfRawData : 0x17336C | PointerToRawData : 0x17196C
CvSig : 0x53445352 | SigGuid EDA278F0-B278-4BB2-988DBC49DBC556F3
Age : 0x12 (18) | Pdb : D:\MOB\build\usvfs\lib\usvfs_x64.pdb
[Debug Info] (record 2 of 4) (file offset 0x1659FC)
Characteristics : 0x0 | TimeDateStamp : 0x5ABEC65C (Fri 30th Mar 2018 23:21:00
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 12 (0xC) -> Undocumented | Size : 0x14 (20) 
AddressOfRawData : 0x1733AC | PointerToRawData : 0x1719AC
[Debug Info] (record 3 of 4) (file offset 0x165A18)
Characteristics : 0x0 | TimeDateStamp : 0x5ABEC65C (Fri 30th Mar 2018 23:21:00
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 13 (0xD) -> Undocumented | Size : 0x3D8 (984) 
AddressOfRawData : 0x1733C0 | PointerToRawData : 0x1719C0
[Debug Info] (record 4 of 4) (file offset 0x165A34)
Characteristics : 0x0 | TimeDateStamp : 0x5ABEC65C (Fri 30th Mar 2018 23:21:00
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 14 (0xE) -> Undocumented | Size : 0x0 (0) 
AddressOfRawData : 0x0 | PointerToRawData : 0x0
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.524 Second(s) [00000020Ch (524) tick(s)] [162 of 580 scan(s)
done]
--- snip ---

-> Windows OverlayFS 0.3.1.0-beta5

It might be originating from this project:

https://github.com/TanninOne/usvfs

After some further digging I found this one:

https://github.com/TanninOne/usvfs/pull/10

which goes to:

https://github.com/LePresidente/usvfs

But even that one didn't have some of the native API hooked:

https://github.com/LePresidente/usvfs/blob/master/src/usvfs_dll/hookmanager.cpp#L214

Further going down the Github fork chain for this project:

https://github.com/LePresidente/usvfs/network/members

This one looks suspicious (more recent activity), also with mentioning of 'Mod
Organizer 2' (obvious):

https://github.com/Modorganizer2/usvfs

https://github.com/Modorganizer2/usvfs/blob/Develop/src/usvfs_dll/hookmanager.cpp#L216

Still no code change related to the missing native API.
I might be that the code for this dll isn't on Github but a private fork.

Anyway, the dll in question here doesn't have error handling on its manual
imports hence the crash in the entry point.

https://www.geoffchappell.com/studies/windows/win32/ntdll/api/index.htm

--- quote ---
RtlDosPathNameToRelativeNtPathName_U_WithStatus     5.2 from Windows Server
2003 SP1, and higher 
--- quote ---

Wine also misses 'ntdll.RtlReleaseRelativeName' (see trace log) which will
likely cause a follow-up crash too.

$ sha1sum MO2-2.1.2dev6-Silarn-prerelease.7z 
f4ff6d1739fbe9da8f7ea6a45728702067a15153  MO2-2.1.2dev6-Silarn-prerelease.7z

$ du -sh MO2-2.1.2dev6-Silarn-prerelease.7z 
57M    MO2-2.1.2dev6-Silarn-prerelease.7z

$ wine --version
wine-3.5-5-g03ece22480

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list