[Bug 45800] New: Symantec Eraser Control Driver 'eeCtrl64.sys' (Norton 360 ) crashes on unimplemented function ntoskrnl.exe.ExReleaseResourceLite

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Sep 9 05:06:30 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=45800

            Bug ID: 45800
           Summary: Symantec Eraser Control Driver 'eeCtrl64.sys' (Norton
                    360) crashes on unimplemented function
                    ntoskrnl.exe.ExReleaseResourceLite
           Product: Wine
           Version: 3.15
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntoskrnl
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

as it says.

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files (x86)/Norton 360/Engine/21.1.0.18

$ WINEDEBUG=+seh,+relay,+ntoskrnl wineboot >>log.txt 2>&1
...
0016:trace:ntoskrnl:IoCreateDriver (L"\\Driver\\eeCtrl", 0x7fe1f23e121c) 
...
0016:trace:ntoskrnl:load_driver loading driver L"C:\\Program Files
(x86)\\Common Files\\Symantec Shared\\EENGINE\\eeCtrl64.sys"
0016:Call KERNEL32.LoadLibraryW(00026fe0 L"C:\\Program Files (x86)\\Common
Files\\Symantec Shared\\EENGINE\\eeCtrl64.sys") ret=7fe1f23e06cb 
...
0016:trace:ntoskrnl:load_driver_module L"C:\\Program Files (x86)\\Common
Files\\Symantec Shared\\EENGINE\\eeCtrl64.sys": relocating from 0x10000 to
0x460000 
...
0016:Call driver init 0x4c6118
(obj=0x26da0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\eeCtrl")
0016:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x4c60e8 ip=4c60e8
tid=0016
0016:trace:seh:NtRaiseException  info[0]=0000000000000000
0016:trace:seh:NtRaiseException  info[1]=fffff78000000320
0016:trace:seh:NtRaiseException  rax=fffff78000000320 rbx=0000000000000000
rcx=00000000004bd100 rdx=00002b992ddfa232
0016:trace:seh:NtRaiseException  rsi=0000000000342b45 rdi=0000000000342ad0
rbp=000000000033f740 rsp=000000000033f5a8
0016:trace:seh:NtRaiseException   r8=0000000000026f08  r9=0000000000026da0
r10=0000000000000000 r11=0000000000000000
0016:trace:seh:NtRaiseException  r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
0016:trace:seh:call_vectored_handlers calling handler at 0x7fe1f23cf031
code=c0000005 flags=0
0016:trace:seh:call_vectored_handlers handler at 0x7fe1f23cf031 returned
ffffffff
0016:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000001,00001548,41644343)
ret=004c6054
0016:Call ntdll.RtlAllocateHeap(00010000,00000000,00001548) ret=7fe1f23d874f
0016:Ret  ntdll.RtlAllocateHeap() retval=0002d390 ret=7fe1f23d874f
0016:trace:ntoskrnl:ExAllocatePoolWithTag 5448 pool 1 -> 0x2d390 
...
0016:Call ntoskrnl.exe.KeEnterCriticalRegion() ret=00480d84
0016:fixme:ntoskrnl:KeEnterCriticalRegion : stub
0016:Ret  ntoskrnl.exe.KeEnterCriticalRegion() retval=00000031 ret=00480d84
0016:Call ntoskrnl.exe.ExAcquireResourceExclusiveLite(000270d8,00342a01)
ret=00480d95
0016:fixme:ntoskrnl:ExAcquireResourceExclusiveLite :0x270d8 1 stub
0016:Ret  ntoskrnl.exe.ExAcquireResourceExclusiveLite() retval=00000001
ret=00480d95
0016:Call KERNEL32.RaiseException(80000100,00000001,00000002,0033f4a0)
ret=7fe1f23e4898
0016:trace:seh:NtRaiseException code=80000100 flags=1 addr=0x7b4949ed
ip=7b4949ed tid=0016
0016:trace:seh:NtRaiseException  info[0]=00007fe1f23e48c0
0016:trace:seh:NtRaiseException  info[1]=00007fe1f23e4999
wine: Call from 0x7b4949ed to unimplemented function
ntoskrnl.exe.ExReleaseResourceLite, aborting 
...
--- snip ---

ProtectionID scan:

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> C:\Program Files (x86)\Common Files\Symantec
Shared\EENGINE\eeCtrl64.sys
File Type : 64-Bit Driver (good checksum) (Subsystem : Native / 1), Size :
484952 (076658h) Byte(s) | Machine: 0x8664 (AMD64)
Compilation TimeStamp : 0x521532E2 -> Wed 21st Aug 2013 21:36:34 (GMT)
[TimeStamp] 0x521532E2 -> Wed 21st Aug 2013 21:36:34 (GMT) | PE Header | - |
Offset: 0x00000000:00000110 | VA: 0x00000000:00010110 | -
[TimeStamp] 0x521532E2 -> Wed 21st Aug 2013 21:36:34 (GMT) | DebugDirectory | -
| Offset: 0x00000000:00000B34 | VA: 0x00000000:00012334 | -
-> File Appears to be Digitally Signed @ Offset 074A00h, size : 01C58h / 07256
byte(s)
[LoadConfig] CodeIntegrity -> Flags 0xAA60 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46AB40
[LoadConfig] GuardAddressTakenIatEntryTable 0x46AC88:02000011 | Count
0x46AE9C02000011 (463222033554449)
[LoadConfig] GuardLongJumpTargetTable 0x46AF38:08000011 | Count
0x46AFE008000011 (4632544134217745)
[LoadConfig] HybridMetadataPointer 0x46A66C:08000011 | DynamicValueRelocTable
0x8000011:0046B0A8
[LoadConfig] FailFastIndirectProc 0x8000011:0046B264 | FailFastPointer
0x8000011:0046B2FC
[LoadConfig] UnknownZero1 0x8000011  46B448
[File Heuristics] -> Flag #1 : 00000100000001001100000000010111 (0x0404C017)
[Entrypoint Section Entropy] : 5.38 (section #6) "INIT    " | Size : 0xD4C
(3404) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 9 (0x9) | ImageSize 0x7A000 (499712) byte(s)
[VersionInfo] Company Name : Symantec Corporation
[VersionInfo] Product Name : ERASER ENGINE
[VersionInfo] Product Version : 113.1.1.1
[VersionInfo] File Description : Symantec Eraser Control Driver
[VersionInfo] File Version : 113.1.1.1
[VersionInfo] Original FileName : eeCtrl64.sys
[VersionInfo] Internal Name : eeCtrl
[VersionInfo] Legal Copyrights : Copyright (c) 2000-2013 Symantec Corporation.
All rights reserved.
[ModuleReport] [IAT] Modules -> ntoskrnl.exe
[Debug Info] (record 1 of 1) (file offset 0xB30)
Characteristics : 0x0 | TimeDateStamp : 0x521532E2 (Wed 21st Aug 2013 21:36:34
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x57 (87) 
AddressOfRawData : 0x6FA0 | PointerToRawData : 0x57A0
CvSig : 0x53445352 | SigGuid A8C2DA92-6D6F-4708-81D9A01E0C1E0547
Age : 0x1 (1) | Pdb :
C:\bld_area\EraserTrunk\src\bin\x64.Release\amd64\eeCtrl64.pdb
[Raw/Hidden Debug Record] (File Offset 0x63A2C)
CvSig : 0x53445352 | SigGuid 1B199A45-1CAA-4523-B2D64E66FE6A62EF
Age : 0x1 (1) | Pdb :
e:\msln\trunk\src\dev\test\objfre_wnet_amd64\amd64\driver.pdb
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.315 Second(s) [00000013Bh (315) tick(s)] [134 of 580 scan(s)
done]
--- snip ---

$ sha1sum N360-TW-21.1.0-EN.exe 
aa05ccf9668e166ef28923d451f1c2ecad6f75f1  N360-TW-21.1.0-EN.exe

$ du -sh N360-TW-21.1.0-EN.exe 
202M    N360-TW-21.1.0-EN.exe

$ wine --version
wine-3.15-94-gbfe8510ec0

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list