[Bug 45349] Multiple applications and games crash due to missing support for 64-bit syscall thunks (StreetFighter V)

Tue Jun 19 15:05:29 CDT 2018

https://bugs.winehq.org/show_bug.cgi?id=45349

Zebediah Figura <z.figura12 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |z.figura12 at gmail.com

--- Comment #1 from Zebediah Figura <z.figura12 at gmail.com> ---
Hi Anastasius,

Mind sharing a few more details? I've tried applying the Staging patches, but I
seem to get a crash in the exact same place (with the exact same RIP, even).
And yes, I've checked that the on-disk ntdll has the syscall thunks.

I'm also a little confused by your explanation. From the looks of things I'd
expect a crash executing the copied entry point (e.g. at the PINSR or ROR
instruction or the following INT3), which would then presumably take the form
of a STATUS_ACCESS_VIOLATION or STATUS_BREAKPOINT, but the crash is a
STATUS_PRIVILEGED_INSTRUCTION, several pages away from that address, and if I
dump bytes around the faulty RIP I get this:

   0:   4d 56                   rex.WRB push %r14
   2:   bb 65 d4 85 86          mov    $0x8685d465,%ebx
   7:   b9 0a 00 00 00          mov    $0xa,%ecx
   c:   66 ba 58 56             mov    $0x5658,%dx
  10:   ed                      in     (%dx),%eax        <- faulty instruction
  11:   81 fb 68 58 4d 56       cmp    $0x564d5868,%ebx
  17:   75 00                   jne    19 <foo+0x19>
  19:   48 83 c4 10             add    $0x10,%rsp
  1d:   41 5f                   pop    %r15
  1f:   41                      rex.B

which doesn't look like a corrupted ntdll entry point to me.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.