[Bug 43615] 32-bit Process Hacker 2.39.124 crashes in 64-bit WINEPREFIX ( advapi32.EnumServicesStatusEx returns garbage on Wow64)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Oct 7 12:42:27 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=43615
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
URL|http://processhacker.source |https://github.com/processh
|forge.net/downloads.php |acker/processhacker/release
| |s/download/v2.39/processhac
| |ker-2.39-bin.zip
Component|-unknown |advapi32
Fixed by SHA1| |445996d31ba5818eb9fe4e41130
| |349b6730284a1
Summary|32Bit Process Hacker |32-bit Process Hacker
|2.39.124 crashes in 64Bit |2.39.124 crashes in 64-bit
|prefix |WINEPREFIX
| |(advapi32.EnumServicesStatu
| |sEx returns garbage on
| |Wow64)
Hardware|x86 |x86-64
Resolution|--- |FIXED
CC| |focht at gmx.net
--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
this was fixed some time ago by commit
https://source.winehq.org/git/wine.git/commitdiff/445996d31ba5818eb9fe4e41130349b6730284a1
Thanks Hans
https://www.winehq.org/pipermail/wine-patches/2017-November/thread.html#166279
Reminder: Always try to report with vanilla Wine first, only use Wine-Staging
when you want to demonstrate a bug/regression in Wine-Staging.
Trace with old vanilla Wine 2.15
--- snip ---
$ WINEDEBUG=+tid,+seh,+relay,+ntdll wine ./ProcessHacker.exe >>log.txt 2>&1
...
0032:Call advapi32.OpenSCManagerW(00000000,00000000,00000005) ret=00476e5c
...
0032:Ret advapi32.OpenSCManagerW() retval=001d7038 ret=00476e5c
0032:Call ntdll.RtlAllocateHeap(00570000,00000004,00008000) ret=0049f658
0032:Ret ntdll.RtlAllocateHeap() retval=00652120 ret=0049f658
0032:Call
advapi32.EnumServicesStatusExW(001d7038,00000000,0000003b,00000003,00652120,00008000,00d2e79c,00d2e78c,00000000,00000000)
ret=0049f677
...
0032:Ret advapi32.EnumServicesStatusExW() retval=00000001 ret=0049f677
0032:Call ntdll.RtlAllocateHeap(00570000,00000004,000003d4) ret=00476ed8
0032:Ret ntdll.RtlAllocateHeap() retval=0065a128 ret=00476ed8
0032:Call ntdll.RtlUpcaseUnicodeChar(00000042) ret=00476f4d
0032:Ret ntdll.RtlUpcaseUnicodeChar() retval=00000042 ret=00476f4d
0032:Call ntdll.RtlUpcaseUnicodeChar(00000049) ret=00476f4d
0032:Ret ntdll.RtlUpcaseUnicodeChar() retval=00000049 ret=00476f4d
0032:Call ntdll.RtlUpcaseUnicodeChar(00000054) ret=00476f4d
0032:Ret ntdll.RtlUpcaseUnicodeChar() retval=00000054 ret=00476f4d
0032:Call ntdll.RtlUpcaseUnicodeChar(00000053) ret=00476f4d
0032:Ret ntdll.RtlUpcaseUnicodeChar() retval=00000053 ret=00476f4d
0032:Call ntdll.RtlUpcaseUnicodeChar(000024d8) ret=00476f4d
0032:Ret ntdll.RtlUpcaseUnicodeChar() retval=000024be ret=00476f4d
0032:Call ntdll.RtlUpcaseUnicodeChar(00000065) ret=00476f4d
0032:Ret ntdll.RtlUpcaseUnicodeChar() retval=00000045 ret=00476f4d
0032:Call ntdll.RtlUpcaseUnicodeChar(000024d8) ret=00476f4d
0032:Ret ntdll.RtlUpcaseUnicodeChar() retval=000024be ret=00476f4d
0032:Call ntdll.RtlUpcaseUnicodeChar(00000065) ret=00476f4d
0032:Ret ntdll.RtlUpcaseUnicodeChar() retval=00000045 ret=00476f4d
0032:trace:seh:raise_exception code=c0000005 flags=0 addr=0x490ad4 ip=00490ad4
tid=0032
0032:trace:seh:raise_exception info[0]=00000000
0032:trace:seh:raise_exception info[1]=ffffffff
0032:trace:seh:raise_exception eax=0065a164 ebx=006521a4 ecx=00000001
edx=00652121 esi=00652121 edi=00000000
0032:trace:seh:raise_exception ebp=00d2e79c esp=00d2e790 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210202
0032:trace:seh:call_stack_handlers calling handler at 0x7bca1a60 code=c0000005
flags=0
0032:Call KERNEL32.UnhandledExceptionFilter(00d2e2f8) ret=7bca1a89
0032:trace:seh:start_debugger Starting debugger "winedbg --auto 8 248"
--- snip ---
The first four 'ntdll.RtlUpcaseUnicodeChar()' after
'advapi32.EnumServicesStatusExW()': 0x42,0x49,0x54,0x54 -> 'BITS' service name
The fifth, 'RtlUpcaseUnicodeChar(000024d8)' already contains garbage.
That already gave some hints. Combining trace log and live debugging I found
the most probable location in the sources:
https://github.com/processhacker/processhacker/blob/v2.39/ProcessHacker/srvprv.c#L483
--- snip ---
VOID PhServiceProviderUpdate(
_In_ PVOID Object
)
{
static SC_HANDLE scManagerHandle = NULL;
static ULONG runCount = 0;
static PPH_HASH_ENTRY nameHashSet[256];
static PPHP_SERVICE_NAME_ENTRY nameEntries = NULL;
static ULONG nameEntriesCount;
static ULONG nameEntriesAllocated = 0;
LPENUM_SERVICE_STATUS_PROCESS services;
ULONG numberOfServices;
ULONG i;
PPH_HASH_ENTRY hashEntry;
...
if (!scManagerHandle)
{
scManagerHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT |
SC_MANAGER_ENUMERATE_SERVICE);
if (!scManagerHandle)
return;
}
services = PhEnumServices(scManagerHandle, 0, 0, &numberOfServices);
if (!services)
return;
// Build a hash set containing the service names.
// This has caused a massive decrease in background CPU usage, and
// is certainly much better than the quadratic-time string comparisons
// we were doing before (in the "Look for dead services" section).
nameEntriesCount = 0;
if (nameEntriesAllocated < numberOfServices)
{
nameEntriesAllocated = numberOfServices + 32;
if (nameEntries) PhFree(nameEntries);
nameEntries = PhAllocate(sizeof(PHP_SERVICE_NAME_ENTRY) *
nameEntriesAllocated);
}
PhInitializeHashSet(nameHashSet, PH_HASH_SET_SIZE(nameHashSet));
for (i = 0; i < numberOfServices; i++)
{
PPHP_SERVICE_NAME_ENTRY entry;
entry = &nameEntries[nameEntriesCount++];
PhInitializeStringRefLongHint(&entry->Name, services[i].lpServiceName);
entry->ServiceEntry = &services[i];
PhAddEntryHashSet(
nameHashSet,
PH_HASH_SET_SIZE(nameHashSet),
&entry->HashEntry,
PhpHashServiceNameEntry(entry)
);
}
...
--- snip ---
Final proof: I've cherry-picked 445996d31ba5818eb9fe4e41130349b6730284a1 on top
of Wine 2.15 (with small manual conflict resolution) and the crash went away.
--- snip ---
$ git tag -r --contains 445996d31ba5818eb9fe4e41130349b6730284a1 | sort -V |
head -1
wine-2.21
--- snip ---
https://www.winehq.org/announce/2.21
$ sha1sum processhacker-2.39-bin.zip
8e8f8423d163d922242b8b7d85427664f77edc97 processhacker-2.39-bin.zip
$ du -sh processhacker-2.39-bin.zip
3.3M processhacker-2.39-bin.zip
$ wine --version
wine-3.17-95-g726abdb388
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list