[Bug 46089] New: TopoEdit tool from Windows 10 SDK (10.0.17763.x) crashes in ntdll.LdrResolveDelayLoadedAPI during resolver failure ( NULL dll failure hook)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Nov 4 13:48:51 CST 2018
https://bugs.winehq.org/show_bug.cgi?id=46089
Bug ID: 46089
Summary: TopoEdit tool from Windows 10 SDK (10.0.17763.x)
crashes in ntdll.LdrResolveDelayLoadedAPI during
resolver failure (NULL dll failure hook)
Product: Wine
Version: 3.19
Hardware: aarch64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntdll
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says.
Encountered while playing with some 64-bit ARM apps from Win10 SDK (running in
qemuarm64 machine). Most likely present with x86_64 Wine too.
Trace log:
--- snip ---
$ WINEDEBUG=+seh,+relay,+loaddll,+process,+module,+ntdll wine64 ./topoedit.exe
>>log.txt 2>&1
...
002b:Ret PE DLL (proc=0x180035d70,module=0x180000000
L"tedutil.dll",reason=PROCESS_ATTACH,res=0x22fc48) retval=1
002b:trace:module:process_attach (L"tedutil.dll",0x22fc48) - END
002b:trace:module:process_attach (L"topoedit.exe",0x22fc48) - END
002b:Starting process
L"Z:\\home\\focht\\Downloads\\win10sdk_arm64\\arm64\\topoedit.exe"
(entryproc=0x14001ddb0)
...
002b:Call KERNEL32.LoadLibraryExW(140020a08 L"TEDUTIL.dll",00000000,00000000)
ret=140012c64
...
002b:Ret KERNEL32.LoadLibraryExW() retval=180000000 ret=140012c64
002b:Call
ntdll.LdrResolveDelayLoadedAPI(140000000,140022588,00000000,7b43da8c,140027010,00000000)
ret=14001e8fc
002b:fixme:module:LdrResolveDelayLoadedAPI (0x140000000, 0x140022588, (nil),
0x7b43da8c, 0x140027010, 0x00000000), partial stub
002b:trace:module:load_dll looking for
L"ext-ms-win-shell-comctl32-init-l1-1-0.dll" in
L"Z:\\home\\focht\\Downloads\\win10sdk_arm64\\arm64;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem"
...
002b:trace:module:get_load_order looking for
L"ext-ms-win-shell-comctl32-init-l1-1-0.dll"
002b:trace:module:get_load_order got hardcoded default for
L"ext-ms-win-shell-comctl32-init-l1-1-0.dll"
002b:trace:module:load_builtin_dll Trying built-in
L"ext-ms-win-shell-comctl32-init-l1-1-0.dll"
002b:warn:module:load_builtin_dll cannot open .so lib for builtin
L"ext-ms-win-shell-comctl32-init-l1-1-0.dll":
/home/focht/projects/wine/mainline-install-aarch64/bin/../lib64/wine/ext-ms-win-shell-comctl32-init-l1-1-0.dll.so:
cannot open shared object file: No such file or directory
002b:warn:module:load_dll Failed to load module
L"ext-ms-win-shell-comctl32-init-l1-1-0.dll"; status=c0000135
002b:trace:seh:raise_exception info[0]=0000000000000000
002b:trace:seh:raise_exception info[1]=0000000000000000
002b:trace:seh:call_stack_handlers calling handler at 0x7b4d6330 code=c0000005
flags=0
002b:Call ntdll.NtCurrentTeb() ret=7b466c40
002b:Ret ntdll.NtCurrentTeb() retval=7ffd8000 ret=7b466c40
002b:Call ntdll.NtCreateEvent(0022edf0,001f0003,0022edf8,00000000,00000000)
ret=7b466f00
002b:Ret ntdll.NtCreateEvent() retval=00000000 ret=7b466f00
002b:Call ntdll.NtCurrentTeb() ret=7b4c5924
002b:Ret ntdll.NtCurrentTeb() retval=7ffd8000 ret=7b4c5924
wine: Unhandled page fault on read access to 0x00000000 at address (nil)
(thread 002b), starting debugger...
...
System information:
Wine build: wine-3.19-117-g4852130c82
Platform: arm64
Version: Windows 8.1
Host system: Linux
Host version: 4.14.67-yocto-standard
--- snip ---
Running with debugger:
--- snip ---
Unhandled exception: page fault on read access to 0x00000000 in 64-bit code
(0x0000000000000000).
Register dump:
ARM64 EL0t Mode
Pc:0000000000000000 Sp:000000000023f5d0 Lr:000000007bc891b4
Cpsr:60000000(-ZC-)
x0: 0000000000000004 x1: 000000000023f6a0 x2: 0000000000000010 x3:
000000007bd0c200 x4: 000000000023f6a0
x5: 0246490a4d1b1d40 x6: 401d1b4d0a494602 x7: 6e652e646c6e672e x8:
000000000023f6a0 x9: 0000000000000000
x10:00000000c0000135 x11:000000000000267c x12:000000000000267c
x13:000000000002267c x14:0000000000000000
x15:0000000000000008 ip0:000000000002267c ip1:0000000000000000
x18:000000007ffd8000 x19:0000000140000000
x20:0000000000000001 x21:00000000002519be x22:0000000000000000
x23:000000014001f6f8 x24:0000000140025000
x25:0000000140025000 x26:000000007b4eaf38 x27:000000007b4ee926
x28:000000007b4a2b60 Fp:000000000023f740
...
Backtrace:
=>0 0x0000000000000000 (0x000000000023f740)
1 0x000000007bc891b4 LdrResolveDelayLoadedAPI+0x3c7(base=0x140000000,
desc=0x140022588, dllhook=(nil), syshook=0x7b494fa8, addr=0x140027010, flags=0)
[/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:2995] in ntdll
(0x000000000023f740)
2 0x000000007bc891b4 LdrResolveDelayLoadedAPI+0x3c7(base=0x7b4a2b60,
desc=0x7b8252b8, dllhook=0x140000000, syshook=0x140022588, addr=(nil), flags=0)
[/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:2995] in ntdll
(0x000000000023f750)
3 0x000000014001e8fc in topoedit (+0x1e8fb) (0x000000000023f820)
4 0x0000000140012c90 in topoedit (+0x12c8f) (0x000000000023f820)
0x0000000000000000: -- no code accessible --
Wine-dbg>frame 1
2995 return dllhook(4, &delayinfo);
Wine-dbg>info locals
0x000000007bc891b3 LdrResolveDelayLoadedAPI+0x3c7: (0023f740)
void* base=0x140000000 (parameter [fp-32])
IMAGE_DELAYLOAD_DESCRIPTOR* desc=0x140022588 (parameter [fp-40])
PDELAYLOAD_FAILURE_DLL_CALLBACK dllhook=(nil) (parameter [fp-48])
void* syshook=0x7b494fa8 (parameter [fp-56])
IMAGE_THUNK_DATA* addr=0x140027010 (parameter [fp-64])
ULONG flags=0 (parameter [fp-68])
IMAGE_THUNK_DATA* pIAT=0x140027010 (local [fp-80])
IMAGE_THUNK_DATA* pINT=0x1400225d8 (local [fp-88])
DELAYLOAD_INFO delayinfo={Size=0x48, DelayloadDescriptor=0x140022588,
ThunkAddress=0x140027010,
TargetDllName="ext-ms-win-shell-comctl32-init-l1-1-0.dll",
TargetApiDescriptor={ImportDescribedByName=0x1, Description={Name=*** invalid
address 0x267c ***, Ordinal=0x267c}}, TargetModuleBase=0x0(nil),
Unused=0x0(nil), LastError=0xc0000135} (local [fp-160])
UNICODE_STRING mod={Length=0, MaximumLength=0, Buffer=0x0(nil)} (local
[fp-176])
CHAR* name="ext-ms-win-shell-comctl32-init-l1-1-0.dll" (local [sp+184])
HMODULE* phmod=0x140025858 (local [sp+176])
NTSTATUS nts=0xc0000135 (local [sp+172])
FARPROC fp=0x7bd0915d (local [sp+160])
DWORD id=0 (local [sp+156])
--- snip ---
'ext-ms-win-shell-comctl32-init-l1-1-0.dll' doesn't exist as stub dll in Wine
hence the delay load failure. Wine's 'LdrResolveDelayLoadedAPI' implementation
unconditionally calls the dll provided failure hook without checking for NULL
pointer.
The system failure hook parameter is actually valid:
--- snip ---
Wine-dbg>disas 0x7b494fa8
0x000000007b494fa8 DelayLoadFailureHook
[/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:1220] in
kernel32: be_arm64_disasm_one_insn: not done
--- snip ---
I guess this one could be called in case the dll failure hook is not provided.
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntdll/loader.c#l2936
--- snip ---
2936 void* WINAPI LdrResolveDelayLoadedAPI( void* base, const
IMAGE_DELAYLOAD_DESCRIPTOR* desc,
2937 PDELAYLOAD_FAILURE_DLL_CALLBACK
dllhook, void* syshook,
2938 IMAGE_THUNK_DATA* addr, ULONG flags
)
2939 {
2940 IMAGE_THUNK_DATA *pIAT, *pINT;
2941 DELAYLOAD_INFO delayinfo;
2942 UNICODE_STRING mod;
2943 const CHAR* name;
2944 HMODULE *phmod;
2945 NTSTATUS nts;
2946 FARPROC fp;
2947 DWORD id;
2948
2949 FIXME("(%p, %p, %p, %p, %p, 0x%08x), partial stub\n", base, desc,
dllhook, syshook, addr, flags);
2950
2951 phmod = get_rva(base, desc->ModuleHandleRVA);
2952 pIAT = get_rva(base, desc->ImportAddressTableRVA);
2953 pINT = get_rva(base, desc->ImportNameTableRVA);
2954 name = get_rva(base, desc->DllNameRVA);
2955 id = addr - pIAT;
2956
2957 if (!*phmod)
2958 {
2959 if (!RtlCreateUnicodeStringFromAsciiz(&mod, name))
2960 {
2961 nts = STATUS_NO_MEMORY;
2962 goto fail;
2963 }
2964 nts = LdrLoadDll(NULL, 0, &mod, phmod);
2965 RtlFreeUnicodeString(&mod);
2966 if (nts) goto fail;
2967 }
2968
2969 if (IMAGE_SNAP_BY_ORDINAL(pINT[id].u1.Ordinal))
2970 nts = LdrGetProcedureAddress(*phmod, NULL,
LOWORD(pINT[id].u1.Ordinal), (void**)&fp);
2971 else
2972 {
2973 const IMAGE_IMPORT_BY_NAME* iibn = get_rva(base,
pINT[id].u1.AddressOfData);
2974 ANSI_STRING fnc;
2975
2976 RtlInitAnsiString(&fnc, (char*)iibn->Name);
2977 nts = LdrGetProcedureAddress(*phmod, &fnc, 0, (void**)&fp);
2978 }
2979 if (!nts)
2980 {
2981 pIAT[id].u1.Function = (ULONG_PTR)fp;
2982 return fp;
2983 }
2984
2985 fail:
2986 delayinfo.Size = sizeof(delayinfo);
2987 delayinfo.DelayloadDescriptor = desc;
2988 delayinfo.ThunkAddress = addr;
2989 delayinfo.TargetDllName = name;
2990 delayinfo.TargetApiDescriptor.ImportDescribedByName =
!IMAGE_SNAP_BY_ORDINAL(pINT[id].u1.Ordinal);
2991 delayinfo.TargetApiDescriptor.Description.Ordinal =
LOWORD(pINT[id].u1.Ordinal);
2992 delayinfo.TargetModuleBase = *phmod;
2993 delayinfo.Unused = NULL;
2994 delayinfo.LastError = nts;
2995 return dllhook(4, &delayinfo);
2996 }
--- snip ---
$ sha1sum 17763.1.180914-1434.rs5_release_WindowsSDK.iso
e702b5e5f2597d01eaee1eb1be7a34b0da0b6211
17763.1.180914-1434.rs5_release_WindowsSDK.iso
$ du -sh 17763.1.180914-1434.rs5_release_WindowsSDK.iso
815M 17763.1.180914-1434.rs5_release_WindowsSDK.iso
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list