[Bug 46135] New: Microsoft ODBC tool 'odbcconf.exe' ( part of MDAC 2.x install) crashes during configuration (some 'advapi32.dll ' API entries are not hotpatchable due to PIC/GOT code at entry)
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Nov 12 12:11:47 CST 2018
https://bugs.winehq.org/show_bug.cgi?id=46135
Bug ID: 46135
Summary: Microsoft ODBC tool 'odbcconf.exe' (part of MDAC 2.x
install) crashes during configuration (some
'advapi32.dll' API entries are not hotpatchable due to
PIC/GOT code at entry)
Product: Wine
Version: 3.20
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: advapi32
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
found during investigation of other MDAC 2.x installer related issues.
Another manifestation of bug 45199 ("Many applications and games fail to
start/crash after compiling wine with gcc 8.1.0 and -O2 (GOT/PIC register load
code now emitted at function entry, missing hotpatch signatures)")
--- snip ---
$ WINEDEBUG=+seh,+relay wine ./MDAC_TYP.EXE /q /C:"setup /qnt" >>log.txt 2>&1
...
Unhandled exception: page fault on read access to 0x0104f463 in 32-bit code
(0x7e9ea2a7).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:7e9ea2a7 ESP:0033d080 EBP:0033d0d8 EFLAGS:00010202( R- -- I - - - )
EAX:00000057 EBX:80000002 ECX:00000000 EDX:0104952f
ESI:00000000 EDI:00000000
...
Backtrace:
=>0 0x7e9ea2a7 RegCreateKeyExW+0x67() in advapi32 (0x0033d0d8)
1 0x010062d3 in odbcconf (+0x62d2) (0x0033d8e8)
2 0x7e9ea58b RegCreateKeyW+0x3a()
[/home/focht/projects/wine/mainline-src/dlls/advapi32/registry.c:471] in
advapi32 (0x0033d928)
3 0x7e0c2cd1 write_registry_values+0x40(regkey="ODBC Translators",
driver="Software\ODBC\ODBCINST.INI\", path_in=0x0(nil))
[/home/focht/projects/wine/mainline-src/dlls/odbccp32/odbccp32.c:830] in
odbccp32 (0x0033e1a8)
4 0x7e0c5d5d SQLInstallTranslatorExW+0x7c(lpszTranslator=<couldn't compute
location>, lpszPathIn=<couldn't compute location>, lpszPathOut=<couldn't
compute location>, cbPathOutMax=<couldn't compute location>,
pcbPathOut=<couldn't compute location>, fRequest=<couldn't compute location>,
lpdwUsageCount=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src/dlls/odbccp32/odbccp32.c:1176] in
odbccp32 (0x0033e408)
5 0x7e0c5fb9 SQLInstallTranslatorEx+0x148(lpszTranslator=<couldn't compute
location>, lpszPathIn=<couldn't compute location>, lpszPathOut=<couldn't
compute location>, cbPathOutMax=<couldn't compute location>,
pcbPathOut=<couldn't compute location>, fRequest=<couldn't compute location>,
lpdwUsageCount=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src/dlls/odbccp32/odbccp32.c:1212] in
odbccp32 (0x0033e698)
6 0x005573b2 in odbcconf (+0x73b1) (0x0033f0e4)
7 0x005593a9 in odbcconf (+0x93a8) (0x0033f0fc)
8 0x01006b63 in odbcconf (+0x6b62) (0x0033f19c)
0x7e9ea2a7 RegCreateKeyExW+0x67 in advapi32: movl 0x5f2c(%edx,%ebx,4),%eax
Module Address Debug info Name (42 modules)
PE 550000- 572000 Export odbcconf
PE 1000000- 1013000 Export odbcconf
ELF 7b400000-7b7ee000 Deferred kernel32<elf>
\-PE 7b420000-7b7ee000 \ kernel32
ELF 7bc00000-7bd02000 Deferred ntdll<elf>
\-PE 7bc10000-7bd02000 \ ntdll
ELF 7c000000-7c004000 Deferred <wine-loader>
ELF 7e0b0000-7e0cd000 Dwarf odbccp32<elf>
\-PE 7e0c0000-7e0cd000 \ odbccp32
...
Threads:
process tid prio (all id:s are in hex)
00000008 MDAC_TYP.EXE
00000009 0
0000000e services.exe
...
0000002b setup.exe
0000002c 0
0000002d dasetup.exe
0000002f 0
0000002e 0
00000032 (D) C:\windows\system32\odbcconf.exe
00000033 0 <==
--- snip ---
There is a module (dll) of same name 'odbcconf' mapped which does hooking of
several registry APIs.
Example original API entry 'RegCreateKeyExW' with GOT/PIC register load code
emitted at function entry, missing hotpatch signatures:
--- snip ---
7E9EA240 E8 C494FEFF CALL 7E9D3709 ; PIC
7E9EA245 81C2 BB3D0400 ADD EDX,43DBB
7E9EA24B 8D4C24 04 LEA ECX,[ESP+4]
7E9EA24F 83E4 F0 AND ESP,FFFFFFF0 ; align 16-bytes
...
7E9D3709 8B1424 MOV EDX,DWORD PTR SS:[ARG.RETADDR]
7E9D370C C3 RETN
--- snip ---
Patched by app:
--- snip ---
7E9EA240 E9 59C06182 JMP 0100629E
7E9EA245 81C2 BB3D0400 ADD EDX,43DBB
7E9EA24B 8D4C24 04 LEA ECX,[ESP+4]
7E9EA24F 83E4 F0 AND ESP,FFFFFFF0
7E9EA252 FF71 FC PUSH DWORD PTR DS:[ECX-4]
7E9EA255 55 PUSH EBP
7E9EA256 89E5 MOV EBP,ESP
7E9EA258 57 PUSH EDI
7E9EA259 56 PUSH ESI
7E9EA25A 53 PUSH EBX
7E9EA25B 51 PUSH ECX
7E9EA25C 83EC 48 SUB ESP,48
7E9EA25F 8B41 04 MOV EAX,DWORD PTR DS:[ECX+4]
--- snip ---
--- snip ---
0100576F E8 95DF9C7D CALL 7E9D3709 ; can't work, PC (EIP) not in org module
01005774 E9 CC4A9E7D JMP 7E9EA245 ; back to org API
01005779 90 NOP
...
0100629E 55 PUSH EBP
0100629F 8BEC MOV EBP,ESP
010062A1 81EC D4070000 SUB ESP,7D4
010062A7 53 PUSH EBX
010062A8 56 PUSH ESI
010062A9 57 PUSH EDI
010062AA FF75 28 PUSH DWORD PTR SS:[ARG.9]
010062AD 8B7D 0C MOV EDI,DWORD PTR SS:[ARG.2]
010062B0 FF75 24 PUSH DWORD PTR SS:[ARG.8]
010062B3 A1 58F00001 MOV EAX,DWORD PTR DS:[100F058]
010062B8 FF75 20 PUSH DWORD PTR SS:[ARG.7]
010062BB 8945 FC MOV DWORD PTR SS:[LOCAL.1],EAX
010062BE FF75 1C PUSH DWORD PTR SS:[ARG.6]
010062C1 FF75 18 PUSH DWORD PTR SS:[ARG.5]
010062C4 FF75 14 PUSH DWORD PTR SS:[ARG.4]
010062C7 FF75 10 PUSH DWORD PTR SS:[ARG.3]
010062CA 57 PUSH EDI
010062CB FF75 08 PUSH DWORD PTR SS:[ARG.1]
010062CE E8 9CF4FFFF CALL 0100576F
010062D3 85FF TEST EDI,EDI
...
010063A6 CALL 01006C39
010063AB POP EDI
010063AC POP ESI
010063AD POP EBX
010063AE LEAVE
010063AF RETN 24
--- snip ---
Using 'search all for all intermodular calls in advapi32' in debugger:
--- snip ---
Address = 7E9EE482
Command = CALL RegOpenKeyExA
Dest = 01005E18
Dest name = odbcconf.01005E18
Address = 7EA00A43
Command = CALL RegOpenKeyExW
Dest = 01005EF1
Dest name = odbcconf.01005EF1
Address = 7E9EE436
Command = CALL RegQueryValueExA
Dest = 01006074
Dest name = odbcconf.01006074
Address = 7EA00A7F
Command = CALL RegQueryValueExW
Dest = 010060FF
Dest name = odbcconf.010060FF
Address = 7E9EA5D6
Command = CALL RegCreateKeyExA
Dest = 010061C0
Dest name = odbcconf.010061C0
Address = 7E9D8AA6
Command = CALL RegCreateKeyExW
Dest = 0100629E
Dest name = odbcconf.0100629E
Address = 7E9EC2A1
Command = CALL RegSetValueExA
Dest = 010063B2
Dest name = odbcconf.010063B2
Address = 7E9D8A75
Command = CALL RegSetValueExW
Dest = 01006436
Dest name = odbcconf.01006436
Address = 7E9ECD8F
Command = CALL RegCloseKey
Dest = 010064F0
Dest name = odbcconf.010064F0
--- snip ---
* RegOpenKeyExA -> DECLSPEC_HOTPATCH = ok
* RegOpenKeyExW -> no hotpatch (!)
* RegQueryValueExA -> DECLSPEC_HOTPATCH = ok
* RegQueryValueExW -> no hotpatch (!)
* RegCreateKeyExA -> no hotpatch (!)
* RegCreateKeyExW -> no hotpatch (!)
* RegSetValueExA -> no hotpatch (!)
* RegSetValueExW -> no hotpatch (!)
* RegCloseKey -> DECLSPEC_HOTPATCH = ok
Example of one that is already ok -> 'RegOpenKeyExA':
Org:
--- snip ---
7E9EA920 8BFF MOV EDI,EDI
7E9EA922 55 PUSH EBP
7E9EA923 8BEC MOV EBP,ESP
7E9EA925 E8 5816FFFF CALL 7E9DBF82
7E9EA92A 05 D6360400 ADD EAX,436D6
7E9EA92F 5D POP EBP
7E9EA930 8D4C24 04 LEA ECX,[ESP+4]
7E9EA934 83E4 F0 AND ESP,FFFFFFF0
--- snip ---
Patched (ok):
--- snip ---
7E9EA920 E9 F3B46182 JMP 01005E18
7E9EA925 E8 5816FFFF CALL 7E9DBF82
7E9EA92A 05 D6360400 ADD EAX,436D6
7E9EA92F 5D POP EBP
7E9EA930 8D4C24 04 LEA ECX,[ESP+4]
7E9EA934 83E4 F0 AND ESP,FFFFFFF0
7E9EA937 FF71 FC PUSH DWORD PTR DS:[ECX-4]
7E9EA93A 55 PUSH EBP
--- snip ---
$ sha1sum MDAC_TYP.EXE
4fbc272c79da59e38818924d8575accb0af776fb MDAC_TYP.EXE
$ du -sh MDAC_TYP.EXE
5.9M MDAC_TYP.EXE
$ wine --version
wine-3.20
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list