[Bug 45349] Multiple applications and games crash due to missing support for 64-bit syscall thunks (StreetFighter V)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Jun 20 14:34:32 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=45349
--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello Zebediah,
I made trace logs some time ago and accidentally put the wrong snippet here
(had multiple logs from different runs with patches applied).
The 64-bit syscall thunk one is this one here:
--- snip ---
...
0030:Call KERNEL32.GetModuleHandleA(143fd1b80 "Kernel32.dll") ret=143fd20a7
0030:Ret KERNEL32.GetModuleHandleA() retval=7b460000 ret=143fd20a7
0030:Call KERNEL32.GetProcAddress(7b460000,143fd2690 "VirtualFree")
ret=143fd21ae
0030:Ret KERNEL32.GetProcAddress() retval=7b473eb8 ret=143fd21ae
0030:Call KERNEL32.VirtualFree(00610000,00000000,00008000) ret=143fd21d4
0030:Ret KERNEL32.VirtualFree() retval=00000001 ret=143fd21d4
0030:trace:seh:NtRaiseException code=c000001d flags=0 addr=0x143fcfaa8
ip=143fcfaa8 tid=0030
0030:trace:seh:NtRaiseException rax=0000000000000000 rbx=ffffffffffffffff
rcx=00000001440efe20 rdx=00000000000900cc
0030:trace:seh:NtRaiseException rsi=000000000060fd88 rdi=000000000060fd00
rbp=000000000060fdc0 rsp=000000000060fc88
0030:trace:seh:NtRaiseException r8=000000000060fce0 r9=0000000000000008
r10=0000000000000000 r11=000000000060fce0
0030:trace:seh:NtRaiseException r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
0030:warn:seh:call_stack_handlers exception data not found in
L"StreetFighterV.exe"
0030:warn:seh:call_stack_handlers exception data not found in
L"StreetFighterV.exe"
0030:warn:seh:call_stack_handlers exception data not found in
L"StreetFighterV.exe"
0030:warn:seh:call_stack_handlers exception data not found in
L"StreetFighterV.exe"
0030:warn:seh:call_stack_handlers exception data not found in
L"StreetFighterV.exe"
...
0030:trace:seh:dwarf_virtual_unwind next function rip=0000000000000000
0030:trace:seh:dwarf_virtual_unwind rax=0000000000000000 rbx=ffffffffffffffff
rcx=00000001440efe20 rdx=00000000000900cc
0030:trace:seh:dwarf_virtual_unwind rsi=0000000000000000 rdi=0000000000000000
rbp=0000000000000000 rsp=000000000060ffe0
0030:trace:seh:dwarf_virtual_unwind r8=000000000060fce0 r9=0000000000000008
r10=0000000000000000 r11=000000000060fce0
0030:trace:seh:dwarf_virtual_unwind r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
0030:trace:seh:call_stack_handlers found wine frame 0x60fdf0 rsp 60ffe0 handler
0x7b5121f3
0030:trace:seh:call_teb_handler calling TEB handler 0x7b5121f3 (rec=0x60fb40,
frame=0x60fdf0 context=0x60ede0, dispatch=0x60f2b0)
wine: Unhandled illegal instruction at address 0x143fcfaa8 (thread 0030),
starting debugger...
0030:trace:seh:start_debugger Starting debugger "winedbg --auto 47 28"
0030:trace:seh:call_teb_handler handler at 0x7b5121f3 returned 1
0030:warn:seh:call_stack_handlers exception data not found in
L"StreetFighterV.exe"
Unhandled exception: illegal instruction in 64-bit code (0x0000000143fcfaa8).
winedbg: Internal crash at 0x7f9e448a6b09
--- snip ---
rip = 0x143fcfaa8 (compare with my disassembly from initial comment).
The disassembly snippet you posted in commment #1 which matches my initial
trace log snippet is a harmless and gracefully handled VMWare backdoor check:
--- snip ---
0000000143FCA918 | 54 | push rsp
0000000143FCA919 | 50 | push rax
0000000143FCA91A | 51 | push rcx
0000000143FCA91B | 52 | push rdx
0000000143FCA91C | 53 | push rbx
0000000143FCA91D | 55 | push rbp
0000000143FCA91E | 56 | push rsi
0000000143FCA91F | 57 | push rdi
0000000143FCA920 | 41 50 | push r8
0000000143FCA922 | 41 51 | push r9
0000000143FCA924 | 41 52 | push r10
0000000143FCA926 | 41 53 | push r11
0000000143FCA928 | 41 54 | push r12
0000000143FCA92A | 41 55 | push r13
0000000143FCA92C | 41 56 | push r14
0000000143FCA92E | 41 57 | push r15
0000000143FCA930 | 48 8B EC | mov rbp, rsp
0000000143FCA933 | 51 | push rcx
0000000143FCA934 | E8 00 00 00 00 | call streetfighterv.143FCA939
0000000143FCA939 | 48 B9 8D FB A2 19.| mov rcx, 19A2FB8D
0000000143FCA943 | 48 01 0C 24 | add qword ptr ss:[rsp], rcx
0000000143FCA947 | 48 B9 55 FB A2 19.| mov rcx, 19A2FB55
0000000143FCA951 | 48 29 0C 24 | sub qword ptr ss:[rsp], rcx
0000000143FCA955 | B8 68 58 4D 56 | mov eax, 564D5868
0000000143FCA95A | BB 65 D4 85 86 | mov ebx, 8685D465
0000000143FCA95F | B9 0A 00 00 00 | mov ecx, A
0000000143FCA964 | 66 BA 58 56 | mov dx, 5658
0000000143FCA968 | ED | in eax, dx
0000000143FCA969 | 81 FB 68 58 4D 56 | cmp ebx, 564D5868
0000000143FCA96F | 75 00 | jne streetfighterv.143FCA971
0000000143FCA971 | 48 83 C4 10 | add rsp, 10
0000000143FCA975 | 41 5F | pop r15
0000000143FCA977 | 41 5E | pop r14
0000000143FCA979 | 41 5D | pop r13
0000000143FCA97B | 41 5C | pop r12
0000000143FCA97D | 41 5B | pop r11
0000000143FCA97F | 41 5A | pop r10
0000000143FCA981 | 41 59 | pop r9
0000000143FCA983 | 41 58 | pop r8
0000000143FCA985 | 5F | pop rdi
0000000143FCA986 | 5E | pop rsi
0000000143FCA987 | 5D | pop rbp
0000000143FCA988 | 5B | pop rbx
0000000143FCA989 | 5A | pop rdx
0000000143FCA98A | 59 | pop rcx
0000000143FCA98B | 58 | pop rax
0000000143FCA98C | 48 83 C4 08 | add rsp, 8
0000000143FCA990 | C3 | ret
--- snip ---
One can find this sequence in various commercial protection/DRM systems as they
try to figure out if they are running in a virtualized environment.
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list