[Bug 45510] Sentinel HASP Runtime (driver) 7.8 installer fails, reports ' Error when starting the hardlock service' ( custom imports resolver fails to locate some ntoskrnl exports)
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Jul 27 06:38:45 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=45510
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Summary|Sentinel Runtime Setup |Sentinel HASP Runtime
|problem |(driver) 7.8 installer
| |fails, reports 'Error when
| |starting the hardlock
| |service' (custom imports
| |resolver fails to locate
| |some ntoskrnl exports)
Keywords| |download, hardware,
| |Installer, obfuscation
CC| |focht at gmx.net
Component|-unknown |ntoskrnl
URL| |https://supportportal.gemal
| |to.com/csm/?id=kb_article&s
| |ys_id=a459d328dba207c8fe0af
| |f3dbf9619ce
--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming. I found the Sentinel HASP driver/runtime installer package PSIM
11.x uses on the original vendor site, albeit slightly different version.
Relevant part of trace log:
--- snip ---
$ WINEDEBUG=+seh,+relay,+msi,+service,+ntoskrnl wine ./HASPUserSetup.exe
>>log.txt 2>&1
...
0009:Call KERNEL32.CreateProcessW(00000000,0018059c L"MSIEXEC.EXE /i
\"C:\\users\\focht\\Temp\\{FF7C4F7B-D751-4BF4-A3F9-8CB260F6EEE7}\\HASP_Setup.msi\"
SETUPEXEDIR=\"Z:\\home\\focht\\Downloads\\Sentinel_LDK_Run-time_setup\"
SETUPEXENAME=\"HASPUserSetup.exe\"",00000000,00000000,00000000,00000020,00000000,00000000,0033c314,0033c380)
ret=0044488b
...
002f:Call KERNEL32.__wine_kernel_init() ret=7bc6d45a
0009:Ret KERNEL32.CreateProcessW() retval=00000001 ret=0044488b
...
002f:trace:msi:ACTION_CustomAction Handling custom action
L"Action.6CF3F7DF_6AED_451D_BF8F_AD216156BF2B" (c11
L"haspds_msi.dll.6CF3F7DF_6AED_451D_BF8F_AD216156BF2B" L"HaspdsMsiInst")
...
002f:trace:msi:HANDLE_CustomType17
L"haspds_msi.dll.6CF3F7DF_6AED_451D_BF8F_AD216156BF2B" L"HaspdsMsiInst"
...
0039:Call KERNEL32.LoadLibraryW(0015c910 L"C:\\Program Files\\Common
Files\\Aladdin Shared\\HASP\\haspds_msi.dll") ret=7e919445
...
0039:Ret PE DLL (proc=0x10001bbe,module=0x10000000
L"haspds_msi.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0039:Ret KERNEL32.LoadLibraryW() retval=10000000 ret=7e919445
0039:Call KERNEL32.GetProcAddress(10000000,0015aed0 "HaspdsMsiInst")
ret=7e9194c8
0039:Ret KERNEL32.GetProcAddress() retval=10001170 ret=7e9194c8
0039:trace:msi:alloc_msi_remote_handle 1 -> 1
0039:trace:msi:__wine_msi_call_dll_function calling "HaspdsMsiInst"
...
0039:Call advapi32.CreateServiceA(00160688,0015eede "hardlock",0015eede
"hardlock",000f01ff,00000001,00000002,00000001,0056e210
"C:\\windows\\system32\\drivers\\hardlock.sys",00000000,00000000,0015f130
"",00000000,00000000) ret=006a4c54
...
0039:Ret advapi32.CreateServiceA() retval=00160b30 ret=006a4c54
...
0039:Call advapi32.StartServiceA(00160b30,00000000,00000000) ret=006a4d4b
...
003d:Call KERNEL32.CreateProcessW(00000000,0011c680
L"C:\\windows\\system32\\winedevice.exe",00000000,00000000,00000000,00000400,00450000,00000000,00bbf7ec,00bbf830)
ret=7efe4bb0
...
0044:Call KERNEL32.__wine_kernel_init() ret=7bc6d45a
003d:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7efe4bb0
...
0048:Call KERNEL32.LoadLibraryW(0011cd68
L"C:\\windows\\system32\\drivers\\hardlock.sys") ret=7effa9fa
0048:Ret KERNEL32.LoadLibraryW() retval=00780000 ret=7effa9fa
...
0048:Call driver init 0x809224
(obj=0x11cb88,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\hardlock")
...
0048:Call ntoskrnl.exe.RtlInitUnicodeString(0065fc74,007f531e
L"\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Services\\HaspNt")
ret=00797e56
0048:Call ntdll.RtlInitUnicodeString(0065fc74,007f531e
L"\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Services\\HaspNt")
ret=7bc81363
0048:Ret ntdll.RtlInitUnicodeString() retval=0065fc74 ret=7bc81363
0048:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065fc74 ret=00797e56
...
0048:Call
ntoskrnl.exe.IoCreateDevice(0011cb88,0000040c,0065fba8,00009c40,00000000,00000000,0065fc90)
ret=007984cc
0048:trace:ntoskrnl:IoCreateDevice (0x11cb88, 1036, L"\\Device\\FNT0", 40000,
0, 0, 0x65fc90)
0048:Call ntdll.RtlAllocateHeap(00110000,00000008,000004c4) ret=7e985874
0048:Ret ntdll.RtlAllocateHeap() retval=0011d348 ret=7e985874
0048:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=007984cc
...
0048:Call ntoskrnl.exe.IoCreateSymbolicLink(0065fba0,0065fba8) ret=008058a4
0048:trace:ntoskrnl:IoCreateSymbolicLink L"\\DosDevices\\FEnteDev" ->
L"\\Device\\FNT0"
0048:Call ntdll.NtCreateSymbolicLinkObject(0065fb24,000f0001,0065fb0c,0065fba8)
ret=7e985bd1
0048:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7e985bd1
0048:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=008058a4
...
0048:Call ntoskrnl.exe.RtlAppendUnicodeToString(0011e820,007f57d8
L"\\Parameters") ret=008042bf
0048:Call ntdll.RtlAppendUnicodeToString(0011e820,007f57d8 L"\\Parameters")
ret=7bc81363
0048:Ret ntdll.RtlAppendUnicodeToString() retval=00000000 ret=7bc81363
0048:Ret ntoskrnl.exe.RtlAppendUnicodeToString() retval=00000000 ret=008042bf
0048:Call
ntoskrnl.exe.RtlQueryRegistryValues(80000000,0011e828,0065fa34,00000000,00000000)
ret=007843fd
0048:Call
ntdll.RtlQueryRegistryValues(80000000,0011e828,0065fa34,00000000,00000000)
ret=7bc81363
0048:Ret ntdll.RtlQueryRegistryValues() retval=c0000034 ret=7bc81363
0048:Ret ntoskrnl.exe.RtlQueryRegistryValues() retval=c0000034 ret=007843fd
....
0048:Call ntoskrnl.exe.PsGetVersion(0065fbb4,0065fbb8,00000000,00000000)
ret=00804f70
0048:Call ntdll.RtlGetVersion(0065fa34) ret=7e9886ef
0048:Ret ntdll.RtlGetVersion() retval=00000000 ret=7e9886ef
0048:Ret ntoskrnl.exe.PsGetVersion() retval=00000001 ret=00804f70
....
0048:Call hal.HalGetBusData(00000004,00000000,00000000,0065f964,00000040)
ret=00798cf1
0048:fixme:ntoskrnl:HalGetBusData (4 0 0 0x65f964 64) stub!
0048:Ret hal.HalGetBusData() retval=00000000 ret=00798cf1
...
0048:Call
ntoskrnl.exe.ZwQuerySystemInformation(0000000b,0011e820,000008e4,0065fa74)
ret=007f00c9
0048:Call ntdll.NtQuerySystemInformation(0000000b,0011e820,000008e4,0065fa74)
ret=7bc81363
0048:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=7bc81363
0048:Ret ntoskrnl.exe.ZwQuerySystemInformation() retval=00000000 ret=007f00c9
...
0048:Call ntoskrnl.exe.IoGetConfigurationInformation() ret=0079a124
0048:fixme:ntoskrnl:IoGetConfigurationInformation partial stub
0048:Ret ntoskrnl.exe.IoGetConfigurationInformation() retval=7e9b45c0
ret=0079a124
...
0048:Call ntoskrnl.exe.RtlInitUnicodeString(0065f844,007f7020
L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion")
ret=007eff93
0048:Call ntdll.RtlInitUnicodeString(0065f844,007f7020
L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion")
ret=7bc81363
0048:Ret ntdll.RtlInitUnicodeString() retval=0065f844 ret=7bc81363
0048:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0065f844 ret=007eff93
0048:Call ntoskrnl.exe.ZwOpenKey(0065f850,02000000,0065f824) ret=007effc5
0048:Call ntdll.NtOpenKey(0065f850,02000000,0065f824) ret=7bc81363
0048:Ret ntdll.NtOpenKey() retval=00000000 ret=7bc81363
0048:Ret ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=007effc5
0048:Call
ntoskrnl.exe.ZwQueryValueKey(00000044,0065f83c,00000001,0011fa68,00000200,0065f84c)
ret=007efff3
0048:Call
ntdll.NtQueryValueKey(00000044,0065f83c,00000001,0011fa68,00000200,0065f84c)
ret=7bc81363
0048:Ret ntdll.NtQueryValueKey() retval=00000000 ret=7bc81363
0048:Ret ntoskrnl.exe.ZwQueryValueKey() retval=00000000 ret=007efff3
0048:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000
tid=0048
0048:trace:seh:raise_exception info[0]=00000000
0048:trace:seh:raise_exception info[1]=00000000
0048:trace:seh:raise_exception eax=0011fa68 ebx=7e97f2d4 ecx=00000016
edx=0011fa90 esi=0011fa60 edi=0011f850
0048:trace:seh:raise_exception ebp=0065f854 esp=0065f808 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010216
0048:trace:seh:call_vectored_handlers calling handler at 0x7e9827fd
code=c0000005 flags=0
0048:trace:seh:call_vectored_handlers handler at 0x7e9827fd returned 0
0048:trace:seh:call_stack_handlers calling handler at 0x7bcb3a34 code=c0000005
flags=0
0048:Call KERNEL32.UnhandledExceptionFilter(0065f304) ret=7bcb3a6f
wine: Unhandled page fault on read access to 0x00000000 at address (nil)
(thread 0048), starting debugger...
...
0039:Call user32.MessageBoxA(0005006c,0056e970 "Error when starting the
hardlock service with parameters 1168 1053 1.\nThis is an internal error. For
assistance, contact your administrator or the software manufacturer. Vypr\x9ael
casov\xfd limit po\x9eadavku slu\x9eby.\r\n\nStatus Code: 48 5 935
1053",100092d8 "Sentinel HASP Run-time installation",00000040) ret=100013c7
--- snip ---
'c:\\windows\\aksdrvsetup.log':
--- snip ---
[27/7/2018-13:5:19]Running on Win 7
../hhlinst.c,3903,
[27/7/2018-13:5:19]haspdinst 1 ver 7.81//7.81 started
../hhlinst.c,1551,
[27/7/2018-13:5:19]DLL InstallPath = C:\Program Files\Common Files\Aladdin
Shared\HASP\haspds_windows.dll ../hhlinst.c,1591,
[27/7/2018-13:5:20]Called hhls_ExtractFiles AKSUPACK_EXTRACTED Params:
hasp_windows.dll C:\users\focht\Temp\hasp_windows.dll 1 5695548
../hhlinst.c,3571,
[27/7/2018-13:5:20]Called hhls_ExtractFiles AKSUPACK_EXTRACTED Params:
haspdinst_x64.exe C:\users\focht\Temp\haspdinst_x64.exe 1 5695548
../hhlinst.c,3571,
[27/7/2018-13:5:20]Called hhls_ExtractFiles AKSUPACK_EXTRACTED Params:
hhl01.cab C:\users\focht\Temp\hhl01.cab 1 5695548 ../hhlinst.c,3571,
[27/7/2018-13:5:20]Unpackdone
../hhlinst.c,1637,
...
[27/7/2018-13:5:20]Install PnP Device aksusb.inf. ../instdrv.c,1248,
[27/7/2018-13:5:20]call pUpdateDriverForPlugAndPlayDevices. ../instdrv.c,1319,
[27/7/2018-13:5:20]Driver successfully updated ../instdrv.c,1348,
[27/7/2018-13:5:20]Install PnP Device aksusb.inf done. Status = 0
../instdrv.c,1644,
[27/7/2018-13:5:20]read config file
../hhlinst.c,1996,
[27/7/2018-13:5:20]read config file OK
../hhlinst.c,2015,
[27/7/2018-13:5:20]check action type
../hhlinst.c,2018,
[27/7/2018-13:5:20]read config file
../hhlinst.c,1996,
[27/7/2018-13:5:20]read config file OK
../hhlinst.c,2015,
[27/7/2018-13:5:20]check action type
../hhlinst.c,2018,
[27/7/2018-13:5:20]read config file
../hhlinst.c,1996,
[27/7/2018-13:5:20]read config file OK
../hhlinst.c,2015,
[27/7/2018-13:5:20]check action type
../hhlinst.c,2018,
[27/7/2018-13:5:20]read config file
../hhlinst.c,1996,
[27/7/2018-13:5:20]read config file OK
../hhlinst.c,2015,
[27/7/2018-13:5:20]check action type
../hhlinst.c,2018,
[27/7/2018-13:5:20]read config file
../hhlinst.c,1996,
[27/7/2018-13:5:20]read config file OK
../hhlinst.c,2015,
[27/7/2018-13:5:20]check action type
../hhlinst.c,2018,
[27/7/2018-13:5:20] hardlock.sys VER 0 ../instdrv.c,2162,
[27/7/2018-13:5:20]InstallService Hardlock. ../instdrv.c,692,
[27/7/2018-13:5:20]service Hardlock newer 0 serviceexist 0. ../instdrv.c,731,
[27/7/2018-13:5:20]start service Hardlock. ../instdrv.c,903,
[27/7/2018-13:5:20]UnInstallService hardlock. ../instdrv.c,1019,
[27/7/2018-13:5:20]UnInstallService hardlock end status 0. ../instdrv.c,1146,
[27/7/2018-13:5:23]Error when starting the hardlock service with parameters
1168 1053 1. ../instdrv.c,935,
[27/7/2018-13:5:23]Windows error 1053
../instdrv.c,935,
[27/7/2018-13:5:23]do not write instcount err 1 48
../hhlinst.c,2360,
[27/7/2018-13:5:23]end actual install
../hhlinst.c,2436,
[27/7/2018-13:5:23]Install returned 1 48
../hhlinst.c,1742,
--- snip ---
Disassembly of driver code (after decryption in memory):
--- snip ---
...
007F0001 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
007F0004 8B48 0C MOV ECX,DWORD PTR DS:[EAX+C]
007F0007 8B50 08 MOV EDX,DWORD PTR DS:[EAX+8]
007F000A 57 PUSH EDI
007F000B 51 PUSH ECX
007F000C 03D0 ADD EDX,EAX
007F000E 52 PUSH EDX
007F000F 50 PUSH EAX
007F0010 E8 4F230000 CALL hardlock.007F2364
007F0015 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
...
007F22B0 JMP DWORD PTR DS:[7F422C] ; ntoskrnl.NtOpenKey
007F22B6 JMP DWORD PTR DS:[7F4224] ; ntoskrnl.NtSetValueKey
007F22BC JMP DWORD PTR DS:[7F4220] ; ntoskrnl.MmMapIoSpace
007F22C2 JMP DWORD PTR DS:[7F421C] ; ntoskrnl.NtEnumerateValueKey
...
007F235E JMP DWORD PTR DS:[7F4074] ; ntoskrnl.KeInitializeSemaphore
007F2364 JMP DWORD PTR DS:[7F4078]
007F236A JMP DWORD PTR DS:[7F407C] ; ntoskrnl.NtQueryValueKey
007F2370 JMP DWORD PTR DS:[7F4080] ; ntoskrnl.IofCompleteRequest
007F2376 JMP DWORD PTR DS:[7F4084] ; ntoskrnl.IofCallDriver
007F237C JMP DWORD PTR DS:[7F4088] ; ntoskrnl.__wine_stub_KeReadStateEvent
007F2382 JMP DWORD PTR DS:[7F408C] ; ntoskrnl.__wine_stub_IoCancelIrp
007F2388 JMP DWORD PTR DS:[7F4090] ; ntoskrnl.KeDelayExecutionThread
007F238E JMP DWORD PTR DS:[7F4094] ; ntoskrnl.IoGetDeviceObjectPointer
007F2394 JMP DWORD PTR DS:[7F4098] ; ntoskrnl.IoBuildDeviceIoControlRequest
007F239A JMP DWORD PTR DS:[7F409C] ; ntoskrnl.ExAllocatePoolWithTag
007F23A0 JMP DWORD PTR DS:[7F40A0] ; ntoskrnl.RtlIntegerToUnicodeString
007F23A6 JMP DWORD PTR DS:[7F40A4] ; ntoskrnl.RtlAppendUnicodeStringToString
007F23AC JMP DWORD PTR DS:[7F40A8] ; ntoskrnl.IoGetConfigurationInformation
007F23B2 JMP DWORD PTR DS:[7F40AC] ; ntoskrnl.KeInitializeEvent
007F23B8 JMP DWORD PTR DS:[7F40B0] ; ntoskrnl.ObReferenceObjectByPointer
007F23BE JMP DWORD PTR DS:[7F40B8] ; ntoskrnl.RtlCompareMemory
007F23C4 JMP DWORD PTR DS:[7F40BC] ; ntoskrnl.NTOSKRNL_memset
007F23CA JMP DWORD PTR DS:[7F40C0]
...
007F23C4 JMP DWORD PTR DS:[7F40BC] ; ntoskrnl.NTOSKRNL_memset
007F23CA JMP DWORD PTR DS:[7F40C0]
007F23D0 JMP DWORD PTR DS:[7F40C4] ; ntoskrnl.NTOSKRNL_memcpy
...
007F2442 JMP DWORD PTR DS:[7F4110] ; ntoskrnl.__wine_stub_IoIsSystemThread
007F2448 JMP DWORD PTR DS:[7F4114]
007F244E JMP DWORD PTR DS:[7F411C] ; ntoskrnl.__wine_stub_IoDetachDevice
...
007F2472 JMP DWORD PTR DS:[7F4134] ; ntoskrnl.IoAllocateMdl
007F2478 JMP DWORD PTR DS:[7F4138]
007F247E JMP DWORD PTR DS:[7F413C]
007F2484 JMP DWORD PTR DS:[7F4140] ; ntoskrnl.RtlInitString
...
007F2538 JMP DWORD PTR DS:[7F41C4] ; ntoskrnl.NtWriteFile
007F253E JMP DWORD PTR DS:[7F41C8]
007F2544 JMP DWORD PTR DS:[7F41CC]
007F254A JMP DWORD PTR DS:[7F41D0] ; ntoskrnl._alldiv
...
007F2592 JMP DWORD PTR DS:[7F4204] ; ntoskrnl.NtDeviceIoControlFile
007F2598 JMP DWORD PTR DS:[<&HAL.KeGetCurrentIrql>]
007F259E JMP DWORD PTR DS:[<&HAL.READ_PORT_UCHAR>]
007F25A4 JMP DWORD PTR DS:[<&HAL.WRITE_PORT_UCHAR>]
007F25AA JMP DWORD PTR DS:[<&HAL.HalGetBusData>]
007F25B0 JMP DWORD PTR DS:[<&HAL.KfLowerIrql>]
007F25B6 JMP DWORD PTR DS:[<&HAL.KfRaiseIrql>]
007F25BC JMP DWORD PTR DS:[<&HAL.KfReleaseSpinLock>]
007F25C2 JMP DWORD PTR DS:[<&HAL.KfAcquireSpinLock>]
007F25C8 JMP DWORD PTR DS:[<&HAL.KeStallExecutionProcessor>]
007F25CE 0000 ADD BYTE PTR DS:[EAX],AL
--- snip ---
The customer imports resolver failed to locate several ntoskrnl API exports,
hence the holes. It causes NULL ptr deref whenever such an unresolved import is
called later. I could probably figure out the missing exports and have stubs
added but it won't help much. This is not going to fly. There are already
multiple bug reports for stubs/missing kernel driver infrastructure.
$ sha1sum Sentinel_LDK_Run-time_setup.zip
8f65d01803dc5297b7d7916a0f653428d0dc9b21 Sentinel_LDK_Run-time_setup.zip
$ du -sh Sentinel_LDK_Run-time_setup.zip
17M Sentinel_LDK_Run-time_setup.zip
$ wine --version
wine-3.13
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list