[Bug 45980] Cisco Packet Tracer 7.2 crashes on startup ( secur32.LsaGetLogonSessionData is a stub)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Oct 13 04:10:54 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=45980

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
            Summary|Cisco packet tracer crashes |Cisco Packet Tracer 7.2
                   |(secur32.LsaGetLogonSession |crashes on startup
                   |Data is a stub)             |(secur32.LsaGetLogonSession
                   |                            |Data is a stub)

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello Louis,

confirming, looks like some bugged application.

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files (x86)/Cisco Packet Tracer 7.2/bin

$ WINEDEBUG=+seh,+relay wine ./PacketTracer7.exe >>log.txt 2>&1
...
002a:Call advapi32.OpenProcessToken(ffffffff,00000008,0033fad4) ret=01a9dfdf
002a:Ret  advapi32.OpenProcessToken() retval=00000001 ret=01a9dfdf
002a:Call
advapi32.GetTokenInformation(00000130,0000000a,0033fad8,00000038,0033facc)
ret=01a9e002
002a:Ret  advapi32.GetTokenInformation() retval=00000001 ret=01a9e002
002a:Call KERNEL32.CloseHandle(00000130) ret=01a9e03f
002a:Ret  KERNEL32.CloseHandle() retval=00000001 ret=01a9e03f
002a:Call secur32.LsaGetLogonSessionData(0033fb48,0033fb5c) ret=01a9e08c
002a:fixme:secur32:LsaGetLogonSessionData 0x33fb48 0x33fb5c stub
002a:Ret  secur32.LsaGetLogonSessionData() retval=c0000002 ret=01a9e08c
002a:Call KERNEL32.FileTimeToLocalFileTime(00000030,0033fb50) ret=01a9e09d
002a:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7b47caa8
ip=7b47caa8 tid=002a
002a:trace:seh:raise_exception  info[0]=00000000
002a:trace:seh:raise_exception  info[1]=00000034
002a:trace:seh:raise_exception  eax=00000030 ebx=0033fb50 ecx=0033fb00
edx=00000008 esi=0033fb38 edi=0033fb08
002a:trace:seh:raise_exception  ebp=0033fae8 esp=0033fab8 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
002a:trace:seh:call_stack_handlers calling handler at 0x1f8dccd code=c0000005
flags=0
002a:trace:seh:call_stack_handlers handler at 0x1f8dccd returned 1
002a:trace:seh:call_stack_handlers calling handler at 0x1f8effb code=c0000005
flags=0
002a:trace:seh:call_stack_handlers handler at 0x1f8effb returned 1
002a:trace:seh:call_stack_handlers calling handler at 0x1b2b6ab code=c0000005
flags=0 
...
002a:Call user32.MessageBoxW(00000000,06de1fb8 L"Packet Tracer has stopped
working unexpectedly. Please save a diagnostic (dmp) file, report a bug on
Packet Tracer's issue tracking system (http://ptbugs.netacad.net) with detailed
information and steps to reproduce, and attach the saved diagnostic file and
log file to the reported bug.\n\nYour defau"...,0298c2a4 L"Cisco Packet
Tracer",00000010) ret=018a9ea8 
--- snip ---

Disassembly:

--- snip ---
01A9E07F  LEA EAX,[EBP-14]
01A9E082  PUSH EAX                                 ; ppLogonSessionData
01A9E083  LEA EAX,[EBP-28]
01A9E086  PUSH EAX                                 ; LogonId
01A9E087  CALL <JMP.&Secur32.LsaGetLogonSessionData>
01A9E08C  LEA EAX,[EBP-20]
01A9E08F  PUSH EAX
01A9E090  MOV EAX,DWORD PTR SS:[EBP-14]
01A9E093  ADD EAX,30                               ; offset LogonTime
01A9E096  PUSH EAX                                 ; FileTime
01A9E097  CALL DWORD PTR DS:[<&KERNEL32.FileTimeToLocalFileTime>]
--- snip ---

Not checking NTSTATUS value before accessing out parameter(!) values is a big
no-no.

https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/ns-ntsecapi-_security_logon_session_data

--- snip ---
typedef struct _SECURITY_LOGON_SESSION_DATA {
  ULONG                     Size;
  LUID                      LogonId;
  LSA_UNICODE_STRING        UserName;
  LSA_UNICODE_STRING        LogonDomain;
  LSA_UNICODE_STRING        AuthenticationPackage;
  ULONG                     LogonType;
  ULONG                     Session;
  PSID                      Sid;
  LARGE_INTEGER             LogonTime;
...
--- snip ---

Tidbit: while debugging one gets to see this lovely piece of code:

--- snip ---
...
; UNICODE
"%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
01A9EFB5  PUSH OFFSET 0298C1D8
01A9EFBA  CALL DWORD PTR DS:[<&KERNEL32.OutputDebugStringW>]
01A9EFC0  XOR EBX,EBX
01A9EFC2  MOV ESI,DWORD PTR DS:[<&USER32.FindWindowW>]
01A9EFC8  PUSH EBX
01A9EFC9  PUSH OFFSET 0298A54C                ; UNICODE "OLLYDBG"
01A9EFCE  CALL ESI
01A9EFD0  PUSH EBX
01A9EFD1  TEST EAX,EAX
01A9EFD3  JE SHORT 01A9EFDB
01A9EFD5  CALL DWORD PTR DS:[<&KERNEL32.ExitProcess>]
01A9EFDB  PUSH OFFSET 0298A55C                ; UNICODE "WinDbgFrameClass"
01A9EFE0  CALL ESI
01A9EFE2  TEST EAX,EAX
01A9EFE4  JE SHORT 01A9EFE9
01A9EFE6  PUSH EBX
01A9EFE7  JMP SHORT 01A9EFD5
--- snip ---

Seriously? Poor man's anti-debug, to be defeated in a millisecond.
Instead of focusing on code robustness/quality they put that crap in.

BTW there are sources for various apps/tools available on Github that make use
of 'LsaGetLogonSessionData'. Might be useful later as testsuite/testcases.

https://www.google.com/search?&q=github+LsaGetLogonSessionData+LogonTime

Wine source:

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/secur32/lsa.c#l152

--- snip ---
 152 NTSTATUS WINAPI LsaGetLogonSessionData(PLUID LogonId,
 153         PSECURITY_LOGON_SESSION_DATA* ppLogonSessionData)
 154 {
 155     FIXME("%p %p stub\n", LogonId, ppLogonSessionData);
 156     *ppLogonSessionData = NULL;
 157     return STATUS_NOT_IMPLEMENTED;
 158 }
--- snip ---

$ wine --version
wine-3.18

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list