[Bug 27668] SecuROM 4.x/5.x: SpellForce won' t recognize original CD during install/play ('IoGetDeviceObjectPointer' needs to return real device/driver object for '\\Device\\CdRom0')

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Jun 2 15:46:18 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=27668

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|SecuROM 4.X: SpellForce     |SecuROM 4.x/5.x: SpellForce
                   |won't recognize original CD |won't recognize original CD
                   |during install/play         |during install/play
                   |                            |('IoGetDeviceObjectPointer'
                   |                            |needs to return real
                   |                            |device/driver object for
                   |                            |'\\Device\\CdRom0')
                 CC|                            |focht at gmx.net
          Component|ntdll                       |ntoskrnl
           Keywords|Abandoned?                  |
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1

--- Comment #7 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming, still present.

Bought the original media myself for a few bucks.

Content of CD:

--- snip ---
$ iso-info -f /dev/cdrom 
iso-info version 2.0.0 x86_64-redhat-linux-gnu
Copyright (c) 2003-2005, 2007-2008, 2011-2015, 2017 R. Bernstein
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
__________________________________
ISO 9660 image: /dev/cdrom
Application : JOWOOD
Volume      : SF_CD1
Joliet Level: 3
__________________________________
ISO-9660 Information
  1327104 /Autorun.exe
     3638 /Autorun.ico
       47 /Autorun.inf
    15855 /ReadMe.rtf
     2048 /Shfolder
731136000 /SpellForce-Setup.exe
  1327104 /Shfolder/1.bin
  1327104 /Shfolder/2.bin
      726 /Shfolder/ReadMe.Txt
   117288 /Shfolder/ShFolder.Exe
--- snip ---

ProtectionID scan of installer and temps:

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> D:\SpellForce-Setup.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 731136000 (02B944000h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT)
[TimeStamp] 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT) | PE Header | - |
Offset: 0x000000D8 | VA: 0x004000D8 | -
[TimeStamp] 0x3BD86C3F -> Thu 25th Oct 2001 19:47:11 (GMT) | Export | - |
Offset: 0x00002D14 | VA: 0x00404714 | -
-> File has 731121152 (02B940600h) bytes of appended data starting at offset
03A00h
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001001100000100000100 (0x0004C104)
[Entrypoint Section Entropy] : 6.28 (section #0) ".text   " | Size : 0x2126
(8486) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 4 (0x4) | ImageSize 0x7000 (28672) byte(s)
[Export] 100% of function(s) (2 of 2) are in file | 0 are forwarded | 2 code |
0 data | 0 uninit data | 0 unknown | 
[VersionInfo] Company Name : JoWooD
[VersionInfo] File Description : SpellForce - The Order of Dawn
[VersionInfo] File Version : 1.0
[VersionInfo] Legal Copyrights : 2003
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll |
ADVAPI32.dll
[-= Installer =-] Wise Installation Wizard Module !
- Scan Took : 0.809 Second(s) [000000329h (809) tick(s)] [566 of 580 scan(s)
done]

...

-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> C:\users\focht\Temp\CmdLineExt03.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 43520 (0AA00h) Byte(s)
| Machine: 0x14C (I386)
Compilation TimeStamp : 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT)
[TimeStamp] 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT) | PE Header | - |
Offset: 0x00000138 | VA: 0x10000138 | -
[TimeStamp] 0x3FA25B05 -> Fri 31st Oct 2003 12:52:21 (GMT) | Export | - |
Offset: 0x00001BF0 | VA: 0x100187F0 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123)
[Entrypoint Section Entropy] : 6.45 (section #3) ".petite " | Size : 0x1893
(6291) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 5 (0x5) | ImageSize 0x1A000 (106496) byte(s)
[Export] 100% of function(s) (4 of 4) are in file | 0 are forwarded | 4 code |
0 data | 0 uninit data | 0 unknown | 
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | ADVAPI32.dll |
SHELL32.dll | ole32.dll | OLEAUT32.dll
[!] Petite v2.2 compressed !
- Scan Took : 0.283 Second(s) [00000011Bh (283) tick(s)] [246 of 580 scan(s)
done]

Scanning -> C:\users\focht\Temp\pfsvgae.sys
File Type : 32-Bit Driver (good checksum) (Subsystem : Native / 1), Size :
18944 (04A00h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x3FA25AD8 -> Fri 31st Oct 2003 12:51:36 (GMT)
[TimeStamp] 0x3FA25AD8 -> Fri 31st Oct 2003 12:51:36 (GMT) | PE Header | - |
Offset: 0x000000C8 | VA: 0x000100C8 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001001100000000000000 (0x0004C000)
[Entrypoint Section Entropy] : 6.32 (section #0) ".text   " | Size : 0x358E
(13710) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 5 (0x5) | ImageSize 0x9000 (36864) byte(s)
[ModuleReport] [IAT] Modules -> ntoskrnl.exe | HAL.dll
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.218 Second(s) [0000000DAh (218) tick(s)] [135 of 580 scan(s)
done]

Scanning -> C:\users\focht\Temp\SIntf32.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 20020 (04E34h) Byte(s)
| Machine: 0x14C (I386)
Compilation TimeStamp : 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT)
[TimeStamp] 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT) | PE Header | - |
Offset: 0x00000120 | VA: 0x30000120 | -
[TimeStamp] 0x3FA25AEC -> Fri 31st Oct 2003 12:51:56 (GMT) | Export | - |
Offset: 0x00001B20 | VA: 0x3000B720 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123)
[Entrypoint Section Entropy] : 6.42 (section #1) ".petite " | Size : 0x18D5
(6357) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 3 (0x3) | ImageSize 0xD000 (53248) byte(s)
[Export] 57% of function(s) (19 of 33) are in file | 0 are forwarded | 20 code
| 0 data | 0 uninit data | 0 unknown | 
[ModuleReport] [IAT] Modules -> KERNEL32.dll | user32.dll
[!] SecuROM 5 or lower sintf32.dll module
[!] Petite v2.2 compressed !
- Scan Took : 0.226 Second(s) [0000000E2h (226) tick(s)] [246 of 580 scan(s)
done]

Scanning -> C:\users\focht\Temp\SIntfNT.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 24740 (060A4h) Byte(s)
| Machine: 0x14C (I386)
Compilation TimeStamp : 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT)
[TimeStamp] 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT) | PE Header | - |
Offset: 0x00000108 | VA: 0x20000108 | -
[TimeStamp] 0x3FA25AED -> Fri 31st Oct 2003 12:51:57 (GMT) | Export | - |
Offset: 0x00001B20 | VA: 0x2000D720 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001011100000100100011 (0x0005C123)
[Entrypoint Section Entropy] : 6.44 (section #1) ".petite " | Size : 0x1863
(6243) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 3 (0x3) | ImageSize 0xF000 (61440) byte(s)
[Export] 100% of function(s) (17 of 17) are in file | 0 are forwarded | 17 code
| 0 data | 0 uninit data | 0 unknown | 
[ModuleReport] [IAT] Modules -> KERNEL32.dll | user32.dll
[!] SecuROM 5 or lower cms32_nt.dll module
[!] Petite v2.2 compressed !
- Scan Took : 0.236 Second(s) [0000000ECh (236) tick(s)] [246 of 580 scan(s)
done] 
--- snip ---

Relevant part of trace log:

--- snip ---
$ pwd
/run/media/focht/SF_CD1

$ WINEDEBUG=+seh,+relay,+ntoskrnl wine ./SpellForce-Setup.exe >> ~/log.txt 2>&1
...
0032:Call KERNEL32.CreateFileA(0033ce8c
"C:\\users\\focht\\Temp\\pfsvgae.sys",40000000,00000000,00000000,00000002,00000000,00000000)
ret=0047be84
0032:Ret  KERNEL32.CreateFileA() retval=00000080 ret=0047be84
0032:Call KERNEL32.WriteFile(00000080,0053e0cc,00004a00,0033ca54,00000000)
ret=0047beaf
0032:Ret  KERNEL32.WriteFile() retval=00000001 ret=0047beaf
0032:Call KERNEL32.CloseHandle(00000080) ret=0047beb9
0032:Ret  KERNEL32.CloseHandle() retval=00000001 ret=0047beb9 
...
0032:Call advapi32.CreateServiceA(001d3ef8,0033d08c "pfsvgae",0033d08c
"pfsvgae",000f01ff,00000001,00000003,00000001,0033ce8c
"C:\\users\\focht\\Temp\\pfsvgae.sys",00000000,00000000,00000000,00000000,00000000)
ret=0047d73e 
...
0032:Ret  advapi32.CreateServiceA() retval=001c4f28 ret=0047d73e
0032:Call advapi32.StartServiceA(001c4f28,00000000,00000000) ret=0047d79e 
...
0034:Call KERNEL32.CreateProcessW(00000000,0011c918
L"C:\\windows\\system32\\winedevice.exe",00000000,00000000,00000000,00000400,00450000,00000000,00ccf7ec,00ccf830)
ret=7efe4bda
...
0037:Call KERNEL32.__wine_kernel_init() ret=7bc6cfaa
0034:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7efe4bda 
...
003c:Call KERNEL32.LoadLibraryW(0011ce10
L"C:\\users\\focht\\Temp\\pfsvgae.sys") ret=7effaa36 
...
003c:Ret  KERNEL32.LoadLibraryW() retval=00780000 ret=7effaa36 
...
003c:Call driver init 0x781650
(obj=0x11cc58,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\pfsvgae")
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f894,0065f89c
L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\pfsvgae")
ret=007816a9
003c:Call ntdll.RtlInitUnicodeString(0065f894,0065f89c
L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\pfsvgae")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f894 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f894 ret=007816a9
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f534,0078608c
L"\\SystemRoot\\System32\\Drivers\\") ret=00781d09
003c:Call ntdll.RtlInitUnicodeString(0065f534,0078608c
L"\\SystemRoot\\System32\\Drivers\\") ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f534 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f534 ret=00781d09
003c:Call ntoskrnl.exe.ZwOpenKey(0065f4d8,00000000,0065f4f8) ret=00781b90
003c:Call ntdll.NtOpenKey(0065f4d8,00000000,0065f4f8) ret=7bc80343
003c:Ret  ntdll.NtOpenKey() retval=00000000 ret=7bc80343
003c:Ret  ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=00781b90
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f4dc,0065f4e4 L"ImagePath")
ret=00781bb9
003c:Call ntdll.RtlInitUnicodeString(0065f4dc,0065f4e4 L"ImagePath")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f4dc ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f4dc ret=00781bb9
003c:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000000,00000218,206b6444)
ret=00781bca
003c:Call ntdll.RtlAllocateHeap(00110000,00000000,00000218) ret=7e988a9a
003c:Ret  ntdll.RtlAllocateHeap() retval=00120c00 ret=7e988a9a
003c:trace:ntoskrnl:ExAllocatePoolWithTag 536 pool 0 -> 0x120c00
003c:Ret  ntoskrnl.exe.ExAllocatePoolWithTag() retval=00120c00 ret=00781bca
003c:Call
ntoskrnl.exe.ZwQueryValueKey(00000044,0065f4dc,00000001,00120c00,00000218,0065f51c)
ret=00781bf9
003c:Call
ntdll.NtQueryValueKey(00000044,0065f4dc,00000001,00120c00,00000218,0065f51c)
ret=7bc80343
003c:Ret  ntdll.NtQueryValueKey() retval=c0000022 ret=7bc80343
003c:Ret  ntoskrnl.exe.ZwQueryValueKey() retval=c0000022 ret=00781bf9
003c:Call ntoskrnl.exe.ZwClose(00000044) ret=00781cb3
003c:Call ntdll.NtClose(00000044) ret=7bc80343
003c:Ret  ntdll.NtClose() retval=00000000 ret=7bc80343
003c:Ret  ntoskrnl.exe.ZwClose() retval=00000000 ret=00781cb3
003c:Call ntoskrnl.exe.RtlAppendUnicodeToString(0065f534,0065f578
L"pfsvgae.sys") ret=00781d5a
003c:Call ntdll.RtlAppendUnicodeToString(0065f534,0065f578 L"pfsvgae.sys")
ret=7bc80343
003c:Ret  ntdll.RtlAppendUnicodeToString() retval=00000000 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlAppendUnicodeToString() retval=00000000 ret=00781d5a
003c:Call ntoskrnl.exe.RtlInitUnicodeString(007862a8,007862b0
L"\\SystemRoot\\System32\\Drivers\\pfsvgae.sys") ret=00781a30
003c:Call ntdll.RtlInitUnicodeString(007862a8,007862b0
L"\\SystemRoot\\System32\\Drivers\\pfsvgae.sys") ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=007862a8 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=007862a8 ret=00781a30
003c:Call
ntoskrnl.exe.ZwCreateFile(0065f850,80000000,0065f85c,0065f854,00000000,00000080,00000000,00000001,00000004,00000000,00000000)
ret=00781e0b
003c:Call
ntdll.NtCreateFile(0065f850,80000000,0065f85c,0065f854,00000000,00000080,00000000,00000001,00000004,00000000,00000000)
ret=7bc80343
003c:Ret  ntdll.NtCreateFile() retval=c000003a ret=7bc80343
003c:Ret  ntoskrnl.exe.ZwCreateFile() retval=c000003a ret=00781e0b
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f7f0,0065f7f8
L"\\Device\\pfsvgae") ret=00781809
003c:Call ntdll.RtlInitUnicodeString(0065f7f0,0065f7f8 L"\\Device\\pfsvgae")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f7f0 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f7f0 ret=00781809
003c:Call
ntoskrnl.exe.IoCreateDevice(0011cc58,00000040,0065f7f0,00000022,00000000,00000001,0065f7ec)
ret=00781829
003c:trace:ntoskrnl:IoCreateDevice (0x11cc58, 64, L"\\Device\\pfsvgae", 34, 0,
1, 0x65f7ec)
003c:Call ntdll.RtlAllocateHeap(00110000,00000008,000000f8) ret=7e9876cf
003c:Ret  ntdll.RtlAllocateHeap() retval=0011ce10 ret=7e9876cf
003c:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=00781829
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f84c,0065f854
L"\\Device\\CdRom0") ret=00781439
003c:Call ntdll.RtlInitUnicodeString(0065f84c,0065f854 L"\\Device\\CdRom0")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f84c ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f84c ret=00781439
003c:Call
ntoskrnl.exe.IoGetDeviceObjectPointer(0065f84c,00000000,0065f844,0065f848)
ret=0078144f
003c:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\\Device\\CdRom0" 0
0x65f844 0x65f848
003c:Ret  ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=0078144f
003c:trace:ntoskrnl:ObDereferenceObject ((nil)): stub
003c:Call ntoskrnl.exe.RtlInitUnicodeString(0065f840,0065f854
L"\\Device\\CdRom0") ret=007814a0
003c:Call ntdll.RtlInitUnicodeString(0065f840,0065f854 L"\\Device\\CdRom0")
ret=7bc80343
003c:Ret  ntdll.RtlInitUnicodeString() retval=0065f840 ret=7bc80343
003c:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0065f840 ret=007814a0
003c:Call
ntoskrnl.exe.IoGetDeviceObjectPointer(0065f840,00000000,0065f83c,0065f838)
ret=007814b7
003c:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\\Device\\CdRom0" 0
0x65f83c 0x65f838
003c:Ret  ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=007814b7
003c:Call ntoskrnl.exe.KeInitializeEvent(0065f808,00000000,00000000)
ret=00781933
003c:fixme:ntoskrnl:KeInitializeEvent stub: 0x65f808 0 0
003c:Ret  ntoskrnl.exe.KeInitializeEvent() retval=00000039 ret=00781933
003c:Call
ntoskrnl.exe.IoBuildSynchronousFsdRequest(0000001b,7e9b6600,00000000,00000000,00000000,0065f808,0065f800)
ret=00781950
003c:trace:ntoskrnl:IoBuildSynchronousFsdRequest (27 0x7e9b6600 (nil) 0 (nil)
0x65f808 0x65f800)
003c:trace:ntoskrnl:IoAllocateIrp -128, 0
003c:Call ntdll.RtlAllocateHeap(00110000,00000000,00000190) ret=7e988a9a
003c:Ret  ntdll.RtlAllocateHeap() retval=00120e20 ret=7e988a9a
003c:trace:ntoskrnl:ExAllocatePoolWithTag 400 pool 0 -> 0x120e20
003c:trace:ntoskrnl:IoInitializeIrp 0x120e20, 400, -128
003c:Ret  ntoskrnl.exe.IoBuildSynchronousFsdRequest() retval=00120e20
ret=00781950
003c:trace:ntoskrnl:__regs_IofCallDriver 0x7e9b6600 0x120e20
003c:Call driver dispatch (nil) (device=0x7e9b6600,irp=0x120e20)
003c:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000
tid=003c
003c:trace:seh:raise_exception  info[0]=00000000
003c:trace:seh:raise_exception  info[1]=00000000
003c:trace:seh:raise_exception  eax=00000000 ebx=0065f7c0 ecx=00000000
edx=00662f44 esi=7e9b6600 edi=0078601a
003c:trace:seh:raise_exception  ebp=0065f7a8 esp=0065f76c cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010216
003c:trace:seh:call_vectored_handlers calling handler at 0x7e984625
code=c0000005 flags=0
003c:trace:seh:call_vectored_handlers handler at 0x7e984625 returned 0
003c:trace:seh:call_stack_handlers calling handler at 0x7bcb2a96 code=c0000005
flags=0
003c:Call KERNEL32.UnhandledExceptionFilter(0065f264) ret=7bcb2ad1
wine: Unhandled page fault on read access to 0x00000000 at address (nil)
(thread 003c), starting debugger... 
...
0032:Call user32.MessageBoxA(00000000,00561240 "Incompatible system
configuration.",00497bd8 "SpellForce - The Order of Dawn",00010010)
ret=004823ac 
--- snip ---

Disassembly:

--- snip ---
00781920   83EC 18          SUB ESP,18
00781923   8D4424 08        LEA EAX,DWORD PTR SS:[ESP+8]
00781927   56               PUSH ESI
00781928   6A 00            PUSH 0
0078192A   6A 00            PUSH 0
0078192C   50               PUSH EAX
0078192D   FF15 48507800    CALL DWORD PTR DS:[<&ntoskrnl.KeInitializeEvent>]
00781933   8D4C24 04        LEA ECX,DWORD PTR SS:[ESP+4]
00781937   8D5424 0C        LEA EDX,DWORD PTR SS:[ESP+C]
0078193B   8B7424 20        MOV ESI,DWORD PTR SS:[ESP+20]
0078193F   51               PUSH ECX
00781940   52               PUSH EDX
00781941   6A 00            PUSH 0
00781943   6A 00            PUSH 0
00781945   6A 00            PUSH 0
00781947   56               PUSH ESI
00781948   6A 1B            PUSH 1B
0078194A   FF15 44507800    CALL DWORD PTR
DS:[<&ntoskrnl.IoBuildSynchronousFsdRequest>]    ; 
00781950   85C0             TEST EAX,EAX
00781952   75 0C            JNZ SHORT pfsvgae.00781960
00781954   B8 9A0000C0      MOV EAX,C000009A
00781959   5E               POP ESI
0078195A   83C4 18          ADD ESP,18
0078195D   C2 0800          RETN 8
00781960   8B48 60          MOV ECX,DWORD PTR DS:[EAX+60]
00781963   C641 DD 07       MOV BYTE PTR DS:[ECX-23],7
00781967   83E9 24          SUB ECX,24
0078196A   8BD0             MOV EDX,EAX
0078196C   C741 04 04000000 MOV DWORD PTR DS:[ECX+4],4
00781973   8BCE             MOV ECX,ESI
00781975   C740 18 BB0000C0 MOV DWORD PTR DS:[EAX+18],C00000BB
0078197C   FF15 40507800    CALL DWORD PTR DS:[<&ntoskrnl.IofCallDriver>]
00781982   8BF0             MOV ESI,EAX
00781984   81FE 03010000    CMP ESI,103
0078198A   75 17            JNZ SHORT pfsvgae.007819A3
...
--- snip ---

Currently 'IoGetDeviceObjectPointer()' returns a stub device and driver.
The driver fields (dispatch table) are empty, hence the crash.

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl.c#l1211

--- snip ---
1211 NTSTATUS  WINAPI IoGetDeviceObjectPointer( UNICODE_STRING *name,
ACCESS_MASK access, PFILE_OBJECT *file, PDEVICE_OBJECT *device )
1212 {
1213     static DEVICE_OBJECT stub_device;
1214     static DRIVER_OBJECT stub_driver;
1215 
1216     FIXME( "stub: %s %x %p %p\n", debugstr_us(name), access, file, device
);
1217 
1218     stub_device.StackSize = 0x80; /* minimum value to appease SecuROM 5.x
*/
1219     stub_device.DriverObject = &stub_driver;
1220 
1221     *file  = NULL;
1222     *device = &stub_device;
1223 
1224     return STATUS_SUCCESS;
1225 }
--- snip ---

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl.c#l1317

--- snip ---
1317 NTSTATUS WINAPI IoCallDriver( DEVICE_OBJECT *device, IRP *irp )
1318 {
1319     PDRIVER_DISPATCH dispatch;
1320     IO_STACK_LOCATION *irpsp;
1321     NTSTATUS status;
1322 
1323     --irp->CurrentLocation;
1324     irpsp = --irp->Tail.Overlay.s.u2.CurrentStackLocation;
1325     dispatch = device->DriverObject->MajorFunction[irpsp->MajorFunction];
1326 
1327     TRACE_(relay)( "\1Call driver dispatch %p (device=%p,irp=%p)\n",
dispatch, device, irp );
1328 
1329     status = dispatch( device, irp );
1330 
1331     TRACE_(relay)( "\1Ret  driver dispatch %p (device=%p,irp=%p)
retval=%08x\n",
1332                    dispatch, device, irp, status );
1333 
1334     return status;
1335 }
--- snip ---

On could argue there should be a NULL ptr check before calling the dispatch
function. In a real driver setup this wouldn't be necessary though.

Anway, a real device/driver instance has to be returned for '\\Device\\CdRom0'
because the driver issues ioctls via 'IoBuildSynchronousFsdRequest()' +
'IoCallDriver()' and expects them to succeed (return data).

$ wine --version
wine-3.9-149-ge3648c7a61

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list