[Bug 43358] EVE Online crashes on startup in Win7+ mode (XAudio 2.7 ' IXAudio2SourceVoice::GetState' called with 'Flags' parameter, causing %ESI or %EDI register corruption)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Oct 31 20:04:15 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=43358
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |https://www.eveonline.com/d
| |ownload
Keywords| |download
CC| |focht at gmx.net
Summary|xaudio crashes in EVE |EVE Online crashes on
|Online during launch |startup in Win7+ mode
|(OnVoiceProcessingPassStart |(XAudio 2.7
|corrupts %esi register?) |'IXAudio2SourceVoice::GetSt
| |ate' called with 'Flags'
| |parameter, causing %ESI or
| |%EDI register corruption)
--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming, it's essentially the same problem as analysed in bug 42520
("Multiple Wargaming.net games crash on startup in Win7+ mode (XAudio 2.7
'IXAudio2SourceVoice::GetState' called with 'Flags' parameter, causing register
corruption) (World of {Tanks, Warships})")
--- snip ---
Unhandled exception: page fault on read access to 0x00000f70 in 32-bit code
(0xf5cbe795).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:f5cbe795 ESP:0fd1fd14 EBP:0fd1fe68 EFLAGS:00010202( R- -- I - - - )
EAX:0fd1fd48 EBX:00000000 ECX:00000000 EDX:00000008
ESI:f5cce000 EDI:00000000
Stack dump:
0x0fd1fd14: 00001016 0fd1fd48 00000000 00000000
0x0fd1fd24: 00010007 00000000 00000000 00000000
0x0fd1fd34: 00000000 00000000 00000000 0000027f
0x0fd1fd44: 00000000 00000000 00000000 00000000
0x0fd1fd54: 00000000 00000000 00000000 00000000
0x0fd1fd64: 00000000 0fd1fd90 f5cce000 0fd1fd90
Backtrace:
=>0 0xf5cbe795 update_source_state+0x25(src=(nil))
[/home/focht/projects/wine/mainline-src/dlls/xaudio2_7/xaudio_dll.c:2308] in
xaudio2_7 (0x0fd1fe68)
1 0xf5cbee95 engine_threadproc+0x1b4(arg=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src/dlls/xaudio2_7/xaudio_dll.c:2451] in
xaudio2_7 (0x0fd1fed8)
2 0x7bc82f24 call_thread_func_wrapper+0xb() in ntdll (0x0fd1feec)
3 0x7bc862f0 call_thread_func+0xcf()
[/home/focht/projects/wine/mainline-src/dlls/ntdll/signal_i386.c:2654] in ntdll
(0x0fd1ffdc)
4 0x7bc82f16 call_thread_entry+0x9() in ntdll (0x0fd1ffec)
0xf5cbe795 update_source_state+0x25
[/home/focht/projects/wine/mainline-src/dlls/xaudio2_7/xaudio_dll.c:2308] in
xaudio2_7: pushl 0xf70(%edi)
2308 alGetSourcei(src->al_src, AL_BUFFERS_PROCESSED, &processed);
Modules:
Module Address Debug info Name (241 modules)
PE 340000- 376000 Deferred _yaml.pyd
PE 3d0000- 3e9000 Deferred cairo-script
PE 400000- 489000 Deferred exefile
PE 3420000- 3517000 Deferred _ssl.pyd
PE 3630000- 36d7000 Deferred d3dinfo.pyd
PE 36e0000- 3806000 Deferred cairo
PE 3810000- 385d000 Deferred tbb
PE 3860000- 387e000 Deferred gfsdk_aftermath_lib.x86
PE 38a0000- 38e0000 Deferred _evelocalization
PE 38e0000- 3912000 Deferred geo2
PE 3920000- 39e4000 Deferred pyfsd
PE 39f0000- 39fd000 Deferred character_colorlocationsloader.pyd
PE 3a00000- 471f000 Deferred _trinity_dx11_deploy
PE 4720000- 472d000 Deferred character_colornamesloader.pyd
PE 4730000- 473d000 Deferred
character_modifierlocationsloader.pyd
PE 4740000- 474d000 Deferred character_resourcesloader.pyd
PE 4750000- 475d000 Deferred
character_sculptinglocationsloader.pyd
PE 4760000- 4783000 Deferred pyexpat.pyd
PE 4790000- 47a3000 Deferred graphicidsloader.pyd
PE 47b0000- 47be000 Deferred graphicmaterialsetsloader.pyd
PE 47c0000- 484d000 Deferred _destiny
PE 4850000- 4863000 Deferred explosionbucketidsloader.pyd
PE 4870000- 487d000 Deferred explosionidsloader.pyd
PE 4880000- 488e000 Deferred iconidsloader.pyd
PE 4890000- 489c000 Deferred soundidsloader.pyd
PE 48a0000- 48b2000 Deferred graphiclocationsloader.pyd
PE 48c0000- 48cf000 Deferred activitynodesloader.pyd
PE 48d0000- 48e2000 Deferred pychartdir27.pyd
PE 48f0000- 4903000 Deferred dynamicitemattributesloader.pyd
PE 49b0000- 49c4000 Deferred _ime
PE 4a20000- 4a32000 Deferred groupgraphicsloader.pyd
PE 4a40000- 4c1e000 Deferred _audio2
PE 4d30000- 4d5e000 Deferred _planetresources
PE 4d60000- 4d73000 Deferred effectsequencesloader.pyd
PE 50c0000- 5274000 Deferred _videoplayer
PE 5280000- 532b000 Deferred unicodedata.pyd
PE 5330000- 53d9000 Deferred pyevepathfinder
PE 53e0000- 53ef000 Deferred effectsloader.pyd
PE 53f0000- 5401000 Deferred loginrewardsloader.pyd
PE 5da0000- 5fd6000 Deferred chartdir
PE 10000000-103f0000 Deferred blue
PE 1d1a0000-1d1b7000 Deferred _ctypes.pyd
PE 1e000000-1e3c2000 Deferred python27
ELF 7a800000-7a940000 Deferred opengl32<elf>
\-PE 7a820000-7a940000 \ opengl32
ELF 7b400000-7b7ee000 Deferred kernel32<elf>
\-PE 7b420000-7b7ee000 \ kernel32
ELF 7bc00000-7bd02000 Dwarf ntdll<elf>
\-PE 7bc10000-7bd02000 \ ntdll
ELF 7c000000-7c004000 Deferred <wine-loader>
...
ELF f5ca7000-f5ccf000 Dwarf xaudio2_7<elf>
\-PE f5cb0000-f5ccf000 \ xaudio2_7
...
ELF f7fee000-f7ff0000 Deferred [vdso].so
Threads:
process tid prio (all id:s are in hex)
...
000001b0 evelauncher.exe
0000011c 0
...
000001e0 QtWebEngineProcess.exe
0000018f 0
...
00000118 LogLite.exe
00000141 0
00000119 0
0000011a (D) C:\EVE\SharedCache\tq\bin\exefile.exe
00000188 0
00000172 0
00000171 2
000000db 15
00000170 0 <==
...
--- snip ---
Disassembly of 'update_source_state' (crash site):
--- snip ---
F6136770 55 PUSH EBP
F6136771 89E5 MOV EBP,ESP
F6136773 57 PUSH EDI
F6136774 89C7 MOV EDI,EAX
F6136776 56 PUSH ESI
F6136777 8D85 E0FEFFFF LEA EAX,DWORD PTR SS:[EBP-120]
F613677D E8 0CE8FFFF CALL xaudio2_.__x86.get_pc_thunk.si
F6136782 81C6 7EF80000 ADD ESI,0F87E
F6136788 53 PUSH EBX
F6136789 81EC 40010000 SUB ESP,140
F613678F 50 PUSH EAX
F6136790 68 16100000 PUSH 1016
F6136795 FFB7 700F0000 PUSH DWORD PTR DS:[EDI+F70] ; EDI == NULL -> *boom*
F613679B 89F3 MOV EBX,ESI
F613679D 89B5 D4FEFFFF MOV DWORD PTR SS:[EBP-12C],ESI
F61367A3 E8 28A8FFFF CALL xaudio2_.F6130FD0
F61367A8 8B85 E0FEFFFF MOV EAX,DWORD PTR SS:[EBP-120]
F61367AE 83C4 10 ADD ESP,10
F61367B1 85C0 TEST EAX,EAX
F61367B3 0F8F 3F030000 JG xaudio2_.F6136AF8
F61367B9 8B77 40 MOV ESI,DWORD PTR DS:[EDI+40]
F61367BC 85F6 TEST ESI,ESI
F61367BE 75 10 JNZ SHORT xaudio2_.F61367D0
F61367C0 8D65 F4 LEA ESP,DWORD PTR SS:[EBP-C]
F61367C3 5B POP EBX
F61367C4 5E POP ESI
F61367C5 5F POP EDI
F61367C6 5D POP EBP
F61367C7 C3 RETN
--- snip ----
Disassembly of EVE Online client
'XAudio2VoiceCallback::OnVoiceProcessingPassStart' callback (in '_audio2.dll'):
--- snip ---
04B83DF0 55 PUSH EBP
04B83DF1 8BEC MOV EBP,ESP
04B83DF3 83EC 34 SUB ESP,34
04B83DF6 56 PUSH ESI
04B83DF7 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
04B83DFA 8B46 18 MOV EAX,DWORD PTR DS:[ESI+18]
04B83DFD 8B08 MOV ECX,DWORD PTR DS:[EAX]
04B83DFF 57 PUSH EDI ; caller local 'src' reg val
04B83E00 6A 00 PUSH 0 ; flags -> problem!
04B83E02 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
04B83E05 52 PUSH EDX ; pVoiceState
04B83E06 50 PUSH EAX ; iface
04B83E07 8B41 64 MOV EAX,DWORD PTR DS:[ECX+64]
; xaudio2_.XA27SRC_GetState -> compat wrapper!
04B83E0A FFD0 CALL EAX
04B83E0C 0FB74E 48 MOVZX ECX,WORD PTR DS:[ESI+48]
04B83E10 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
04B83E13 33D2 XOR EDX,EDX
04B83E15 F7F1 DIV ECX
04B83E17 8B56 44 MOV EDX,DWORD PTR DS:[ESI+44]
04B83E1A 33FF XOR EDI,EDI
04B83E1C 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
04B83E1F 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
04B83E22 2BD0 SUB EDX,EAX
04B83E24 74 77 JE SHORT _audio2.04B83E9D
04B83E26 EB 08 JMP SHORT _audio2.04B83E30
04B83E28 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP]
04B83E2F 90 NOP
04B83E30 0FB70D D8C4BF04 MOVZX ECX,WORD PTR DS:[4BFC4D8]
04B83E37 33C0 XOR EAX,EAX
04B83E39 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX
04B83E3C 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX
04B83E3F 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX
04B83E42 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
04B83E45 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
04B83E48 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
04B83E4B 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
04B83E4E 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
04B83E51 0FB746 48 MOVZX EAX,WORD PTR DS:[ESI+48]
04B83E55 0FAFC1 IMUL EAX,ECX
04B83E58 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX
04B83E5B 0FB746 22 MOVZX EAX,WORD PTR DS:[ESI+22]
04B83E5F C745 CC 00000000 MOV DWORD PTR SS:[EBP-34],0
04B83E66 8B4C86 24 MOV ECX,DWORD PTR DS:[ESI+EAX*4+24]
04B83E6A 40 INC EAX
04B83E6B 894D D4 MOV DWORD PTR SS:[EBP-2C],ECX
04B83E6E 66:8946 22 MOV WORD PTR DS:[ESI+22],AX
04B83E72 66:83F8 08 CMP AX,8
04B83E76 75 06 JNZ SHORT _audio2.04B83E7E
04B83E78 33D2 XOR EDX,EDX
04B83E7A 66:8956 22 MOV WORD PTR DS:[ESI+22],DX
04B83E7E 8B46 18 MOV EAX,DWORD PTR DS:[ESI+18]
04B83E81 8B08 MOV ECX,DWORD PTR DS:[EAX]
04B83E83 6A 00 PUSH 0
04B83E85 8D55 CC LEA EDX,DWORD PTR SS:[EBP-34]
04B83E88 52 PUSH EDX
04B83E89 50 PUSH EAX
04B83E8A 8B41 54 MOV EAX,DWORD PTR DS:[ECX+54]
; xaudio2_.XA27SRC_SubmitSourceBuffer
04B83E8D FFD0 CALL EAX
04B83E8F FF45 F4 INC DWORD PTR SS:[EBP-C]
04B83E92 8B4E 44 MOV ECX,DWORD PTR DS:[ESI+44]
04B83E95 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
04B83E98 47 INC EDI
04B83E99 2BC8 SUB ECX,EAX
04B83E9B 75 93 JNZ SHORT _audio2.04B83E30
04B83E9D 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
04B83EA0 0B55 FC OR EDX,DWORD PTR SS:[EBP-4]
04B83EA3 74 13 JE SHORT _audio2.04B83EB8
04B83EA5 0FB70D D8C4BF04 MOVZX ECX,WORD PTR DS:[4BFC4D8]
04B83EAC 0FAFCF IMUL ECX,EDI
04B83EAF 3B4D 08 CMP ECX,DWORD PTR SS:[EBP+8]
04B83EB2 73 04 JNB SHORT _audio2.04B83EB8
04B83EB4 C646 4A 01 MOV BYTE PTR DS:[ESI+4A],1
04B83EB8 0FB715 B064C004 MOVZX EDX,WORD PTR DS:[4C064B0]
04B83EBF 5F POP EDI ; caller EDI -> NULL
04B83EC0 5E POP ESI
04B83EC1 3BC2 CMP EAX,EDX
04B83EC3 73 0E JNB SHORT _audio2.04B83ED3
04B83EC5 8B0D A45FC004 MOV ECX,DWORD PTR DS:[4C05FA4]
04B83ECB 83C1 4C ADD ECX,4C
04B83ECE E8 FD5AF9FF CALL _audio2.04B199D0
04B83ED3 8BE5 MOV ESP,EBP
04B83ED5 5D POP EBP
04B83ED6 C2 0800 RETN 8
--- snip ---
Pretty much the same as in https://bugs.winehq.org/show_bug.cgi?id=42520#c17
In my case %EDI gets corrupted but that's likely due to different GCC
version/settings used for building Wine. The assembly wrapper saves both, %ESI
and %ESI so most Wine builds should be fine.
I don't see a problem with the Wine-Staging patch being upstreamed as it fixes
some major titles with default WINEPREFIX WinVer setting (Windows 7).
ProtectionID scan of CCP Audio Engine for documentation:
--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> C:\EVE\SharedCache\duality\bin\_audio2.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 1944456 (01DAB88h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x5BD2AFFB -> Fri 26th Oct 2018 06:11:07 (GMT)
[TimeStamp] 0x5BD2AFFB -> Fri 26th Oct 2018 06:11:07 (GMT) | PE Header | - |
Offset: 0x00000128 | VA: 0x10000128 | -
[TimeStamp] 0x5BD2AFF9 -> Fri 26th Oct 2018 06:11:05 (GMT) | Export | - |
Offset: 0x001B54C4 | VA: 0x101B60C4 | -
[TimeStamp] 0x5BD2AFFB -> Fri 26th Oct 2018 06:11:07 (GMT) | DebugDirectory | -
| Offset: 0x00171C94 | VA: 0x10172894 | -
-> File Appears to be Digitally Signed @ Offset 01D9400h, size : 01788h / 06024
byte(s)
[LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64)
[!] Executable uses SEH Tables (/SAFESEH) (467 calculated 467 recorded... 0
invalid addresses)
[LoadConfig] CodeIntegrity -> Flags 0x1 | Catalog 0x0 (0) | Catalog Offset
0x425C3A43 | Reserved 0x646C6975
[LoadConfig] GuardAddressTakenIatEntryTable 0x6E656741 | Count 0x6F775C74
(1870093428)
[LoadConfig] GuardLongJumpTargetTable 0x355C6B72 | Count 0x32356466 (842359910)
[LoadConfig] HybridMetadataPointer 0x30353437 | DynamicValueRelocTable
0x65396364
[LoadConfig] FailFastIndirectProc 0x5C613466 | FailFastPointer 0x5C657665
[LoadConfig] UnknownZero1 0x67617473
[File Heuristics] -> Flag #1 : 00000100000001001001000100000100 (0x04049104)
[Entrypoint Section Entropy] : 6.44 (section #0) ".text " | Size : 0x170FA1
(1511329) byte(s)
[DllCharacteristics] -> Flag : (0x0140) -> ASLR | DEP
[SectionCount] 5 (0x5) | ImageSize 0x1DE000 (1957888) byte(s)
[Export] 98% of function(s) (299 of 305) are in file | 0 are forwarded | 296
code | 9 data | 0 uninit data | 0 unknown |
[VersionInfo] Company Name : CCP hf.
[VersionInfo] Product Name : EVE Online
[VersionInfo] Product Version : 2018.10
[VersionInfo] File Description : CCP Audio Engine
[VersionInfo] File Version : 2018.10.140.1189
[VersionInfo] Original FileName : _audio2.dll
[VersionInfo] Internal Name : _audio2
[VersionInfo] Legal Copyrights : © 2018 CCP hf. All rights reserved.
[ModuleReport] [IAT] Modules -> blue.dll | python27.dll | KERNEL32.dll |
USER32.dll | ole32.dll | MSVCP100.dll | MSVCR100.dll | SETUPAPI.dll
[Debug Info] (record 1 of 1) (file offset 0x171C90)
Characteristics : 0x0 | TimeDateStamp : 0x5BD2AFFB (Fri 26th Oct 2018 06:11:07
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x89 (137)
AddressOfRawData : 0x1A8728 | PointerToRawData : 0x1A7B28
CvSig : 0x53445352 | SigGuid C04E1781-FFEE-4A52-BA76922A43FF4345
Age : 0x1 (1) | Pdb :
C:\BuildAgent\work\5fd527450dc9ef4a\eve\staging\2018-IRPA\carbon\autobuild\audio2\exefile\Win32\v100\_audio2.pdb
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.535 Second(s) [000000217h (535) tick(s)] [246 of 580 scan(s)
done]
--- snip ---
$ sha1sum EveLauncher-1381807.exe
a96c21d62b4789c90fc10606a2a8bc144c7d5e50 EveLauncher-1381807.exe
$ du -sh EveLauncher-1381807.exe
63M EveLauncher-1381807.exe
$ wine --version
wine-3.19-77-g78b3848261
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list