[Bug 44907] BattlEye 'BEDaisy' kernel service crashes on unimplemented function ' fltmgr.sys.FltGetRoutineAddress'

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Apr 4 16:36:17 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=44907

--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

with the referenced patch applied, the import dependencies from 'fltmgr.sys'
seem to be satisfied for now.
It will likely crash on these later due to being generated stubs, after fixing
other bugs.

--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl wine net start BEDaisy >>log.txt 2>&1
...
0035:Call driver init 0x78d000
(obj=0x11cbf8,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\BEDaisy") 
...
0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc58 "FltRegisterFilter")
ret=007cedfe
0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a
0035:Ret  KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a
0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc58 "FltRegisterFilter")
ret=f7d9bb2d
0035:Ret  KERNEL32.GetProcAddress() retval=f7d9b858 ret=f7d9bb2d
0035:Ret  fltmgr.sys.FltGetRoutineAddress() retval=f7d9b858 ret=007cedfe
0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc44 "FltUnregisterFilter")
ret=0083c2cd
0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a
0035:Ret  KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a
0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc44 "FltUnregisterFilter")
ret=f7d9bb2d
0035:Ret  KERNEL32.GetProcAddress() retval=f7d9b888 ret=f7d9bb2d
0035:Ret  fltmgr.sys.FltGetRoutineAddress() retval=f7d9b888 ret=0083c2cd
0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc6c "FltStartFiltering")
ret=007aef7e
0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a
0035:Ret  KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a
0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc6c "FltStartFiltering")
ret=f7d9bb2d
0035:Ret  KERNEL32.GetProcAddress() retval=f7d9b870 ret=f7d9bb2d
0035:Ret  fltmgr.sys.FltGetRoutineAddress() retval=f7d9b870 ret=007aef7e
0035:Call fltmgr.sys.FltGetRoutineAddress(0065fbf8 "FltGetFileNameInformation")
ret=0085120e
0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a
0035:Ret  KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a
0035:Call KERNEL32.GetProcAddress(f7d90000,0065fbf8
"FltGetFileNameInformation") ret=f7d9bb2d
0035:Ret  KERNEL32.GetProcAddress() retval=f7d9a908 ret=f7d9bb2d
0035:Ret  fltmgr.sys.FltGetRoutineAddress() retval=f7d9a908 ret=0085120e
0035:Call fltmgr.sys.FltGetRoutineAddress(0065fbd8
"FltReleaseFileNameInformation") ret=007de5b4
0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a
0035:Ret  KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a
0035:Call KERNEL32.GetProcAddress(f7d90000,0065fbd8
"FltReleaseFileNameInformation") ret=f7d9bb2d
0035:Ret  KERNEL32.GetProcAddress() retval=f7d9b384 ret=f7d9bb2d
0035:Ret  fltmgr.sys.FltGetRoutineAddress() retval=f7d9b384 ret=007de5b4
0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc80 "FltReadFile") ret=008216b4
0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a
0035:Ret  KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a
0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc80 "FltReadFile") ret=f7d9bb2d
0035:Ret  KERNEL32.GetProcAddress() retval=f7d9b27c ret=f7d9bb2d
0035:Ret  fltmgr.sys.FltGetRoutineAddress() retval=f7d9b27c ret=008216b4
0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc14 "FltQueryInformationFile")
ret=00832168
0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a
0035:Ret  KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a
0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc14 "FltQueryInformationFile")
ret=f7d9bb2d
0035:Ret  KERNEL32.GetProcAddress() retval=f7d9b174 ret=f7d9bb2d
0035:Ret  fltmgr.sys.FltGetRoutineAddress() retval=f7d9b174 ret=00832168
0035:Call fltmgr.sys.FltGetRoutineAddress(0065fc2c "FltGetRequestorProcess")
ret=007b4344
0035:Call KERNEL32.GetModuleHandleW(f7d9cdfc L"fltmgr.sys") ret=f7d9bb1a
0035:Ret  KERNEL32.GetModuleHandleW() retval=f7d90000 ret=f7d9bb1a
0035:Call KERNEL32.GetProcAddress(f7d90000,0065fc2c "FltGetRequestorProcess")
ret=f7d9bb2d
0035:Ret  KERNEL32.GetProcAddress() retval=f7d9aa94 ret=f7d9bb2d
0035:Ret  fltmgr.sys.FltGetRoutineAddress() retval=f7d9aa94 ret=007b4344 
...
0035:Call fltmgr.sys.FltRegisterFilter(0011cbf8,0065ebd4,0078b4d0) ret=007aa9dd
0035:fixme:fltmgr:FltRegisterFilter (0x11cbf8,0x65ebd4,0x78b4d0): stub
0035:Ret  fltmgr.sys.FltRegisterFilter() retval=00000000 ret=007aa9dd
0035:Call fltmgr.sys.FltStartFiltering(deadbeaf) ret=0086d70f
0035:fixme:fltmgr:FltStartFiltering (0xdeadbeaf): stub
0035:Ret  fltmgr.sys.FltStartFiltering() retval=00000000 ret=0086d70f 
...
0035:Call fltmgr.sys.FltUnregisterFilter(deadbeaf) ret=007fd488
0035:fixme:fltmgr:FltUnregisterFilter (0xdeadbeaf): stub
0035:Ret  fltmgr.sys.FltUnregisterFilter() retval=00000039 ret=007fd488 
--- snip ---

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list