[Bug 28140] Theatre of War 3: Korea demo 1.2.0 crashes on startup ( hook engine can't cope with GOT/PIC register load code at API entry, needs DECLSPEC_HOTPATCH for kernel32.SizeofResource)

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Apr 2 02:43:34 CDT 2019 

https://bugs.winehq.org/show_bug.cgi?id=28140

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
          Component|richedit                    |comctl32
            Summary|Theatre of War 3: Korea     |Theatre of War 3: Korea
                   |demo 1.2.0 crashes on       |demo 1.2.0 crashes on
                   |startup                     |startup (hook engine can't
                   |                            |cope with GOT/PIC register
                   |                            |load code at API entry,
                   |                            |needs DECLSPEC_HOTPATCH for
                   |                            |kernel32.SizeofResource)
         Resolution|FIXED                       |---

--- Comment #13 from Anastasius Focht <focht at gmx.net> ---
Hello joaopa,

since your backtrace kinda matches the original one, re-opening here.

All the other issues deserved their own bugs, but that's kinda pointless now as
they were fixed during the years.

It's another manifestation of bug 37540 ("Multiple games and applications
wrapped with Enigma v4 and GG DRM schemes crash on startup (incompatible with
use of position independent code (PIC) in Wine dlls)"). Since I never use
'-fPIC' builds for Wine the problem was not visible for me.

The game hooks several Windows API and copies opcode bytes from entry to
trampoline which can't work with PIC code.

--- snip ---

Wine-gdb> bt
#0  0x7ff758d3 in ?? ()
#1  0x00a798a1 in ?? ()
#2  0x7e8447b8 in CURSORICON_Load (hInstance=0x7e820000
<__wine_spec_pe_header+31645>, name=0x7f00, width=0, height=0, depth=32,
fCursor=1, loadflags=32832)
    at /home/focht/projects/wine/mainline-src/dlls/user32/cursoricon.c:1817
#3  0x7e847a17 in LoadImageW (hinst=0x0, name=0x7f00, type=2, desiredx=0,
desiredy=0, loadflags=32832) at
/home/focht/projects/wine/mainline-src/dlls/user32/cursoricon.c:3063
#4  0x00a7a752 in ?? ()
#5  0x7e845884 in LoadCursorW (hInstance=0x0, name=0x7f00) at
/home/focht/projects/wine/mainline-src/dlls/user32/cursoricon.c:2246
#6  0x00a7a496 in ?? ()
#7  0x7beac69f in ANIMATE_Register () at
/home/focht/projects/wine/mainline-src/dlls/comctl32/animate.c:974
#8  0x7bebdea6 in DllMain (hinstDLL=0x7bea0000 <__wine_spec_pe_header+44625>,
fdwReason=1, lpvReserved=0x0) at
/home/focht/projects/wine/mainline-src/dlls/comctl32/commctrl.c:188
#9  0x7bf68111 in __wine_spec_dll_entry (inst=0x7bea0000
<__wine_spec_pe_header+44625>, reason=1, reserved=0x0) at
/home/focht/projects/wine/mainline-src/dlls/winecrt0/dll_entry.c:40
#10 0x7bc59546 in call_dll_entry_point () at
/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:160
#11 0x7bc5becd in MODULE_InitDLL (wm=0x142070, reason=1, lpReserved=0x0) at
/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:1223
#12 0x7bc5c2d9 in process_attach (wm=0x142070, lpReserved=0x0) at
/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:1317
#13 0x7bc5f53f in LdrLoadDll (path_name=0x1b8698, flags=0, libname=0x32e960,
hModule=0x32e918) at
/home/focht/projects/wine/mainline-src/dlls/ntdll/loader.c:2618
#14 0x7b461041 in load_library (libname=0x32e960, flags=0) at
/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:975
#15 0x7b4611c5 in LoadLibraryExW (libnameW=0x7ffd8c00, hfile=0x0, flags=0) at
/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:1035
#16 0x00a7fcd7 in ?? ()
#17 0x7b461122 in LoadLibraryExA (libname=0xd4c1a8 "COMCTL32.DLL", hfile=0x0,
flags=0) at /home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:1015
#18 0x00a80968 in ?? ()
#19 0x7b46129f in LoadLibraryA (libname=0xd4c1a8 "COMCTL32.DLL") at
/home/focht/projects/wine/mainline-src/dlls/kernel32/module.c:1067
#20 0x00a7ffe6 in ?? ()
#21 0x00a7f678 in ?? ()
#22 0x00a80ac3 in ?? ()
#23 0x00a68a63 in ?? ()
#24 0x00a6862b in ?? ()
#25 0x00a68d0f in ?? ()
#26 0x00a7e28b in ?? ()
#27 0x00a7e8f7 in ?? ()
#28 0x00a969f2 in ?? ()
#29 0x00a9ca48 in ?? ()
#30 0x00a9d10d in ?? ()
#31 0x00a9d363 in ?? ()
#32 0x0040127d in ?? ()
#33 0x7b46af9a in call_process_entry () at
/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:1189
#34 0x7b46b10e in start_process (entry=0x4025c8, peb=0x7ffdf000) at
/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:1256
#35 0x7b46afa6 in start_process_wrapper () at
/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:1189
#36 0x00000000 in ?? ()

Wine-gdb> x/10x $esp
0x32ddd4:    0x7ffc0968    0x0032ddf4    0x00a798a1    0x7e820000
0x32dde4:    0x7e92537c    0x00d4bf00    0x0032e0cc    0x7e91a000
0x32ddf4:    0x0032de58    0x7e8447b8
--- snip ---

Trampoline continuation, jumping into middle of opcode:

--- snip ---
Wine-gdb> x/10i 0x7ffc0968
   0x7ffc0968:    jmp    0x7b47a0bd <SizeofResource+8>
   0x7ffc096d:    lods   %ds:(%esi),%eax
   0x7ffc096e:    fiadds (%edi)
   0x7ffc0970:    add    %cl,0x68f82444(%edi)
   0x7ffc0976:    mov    0x8300d4bd,%al
   0x7ffc097b:    in     (%dx),%al
   0x7ffc097c:    add    $0xe9,%al
   0x7ffc097e:    mov    %al,0x8d80ab8f
   0x7ffc0983:    dec    %esp
   0x7ffc0984:    and    $0x4,%al
--- snip ---

Hooked API entry:

--- snip ---
Wine-gdb> disas SizeofResource
Dump of assembler code for function SizeofResource:
   0x7b47a0b5 <+0>:    jmp    0x7ffc094f
   0x7b47a0ba <+5>:    dec    %edi
   0x7b47a0bb <+6>:    sti    
   0x7b47a0bc <+7>:    incl   0x1e6f43
   0x7b47a0c2 <+13>:    cmpl   $0x0,0xc(%ebp)
   0x7b47a0c6 <+17>:    jne    0x7b47a0cf <SizeofResource+26>
   0x7b47a0c8 <+19>:    mov    $0x0,%eax
   0x7b47a0cd <+24>:    jmp    0x7b47a0d5 <SizeofResource+32>
   0x7b47a0cf <+26>:    mov    0xc(%ebp),%eax
   0x7b47a0d2 <+29>:    mov    0x4(%eax),%eax
   0x7b47a0d5 <+32>:    pop    %ebp
   0x7b47a0d6 <+33>:    ret    $0x8
--- snip ---

Unmodified API entry:

--- snip ---
Wine-gdb> disas SizeofResource
Dump of assembler code for function SizeofResource:
   0x7b47a0b5 <+0>:    push   %ebp
   0x7b47a0b6 <+1>:    mov    %esp,%ebp
   0x7b47a0b8 <+3>:    call   0x7b42f028 <__x86.get_pc_thunk.ax>
   0x7b47a0bd <+8>:    add    $0x1e6f43,%eax
   0x7b47a0c2 <+13>:    cmpl   $0x0,0xc(%ebp)
   0x7b47a0c6 <+17>:    jne    0x7b47a0cf <SizeofResource+26>
   0x7b47a0c8 <+19>:    mov    $0x0,%eax
   0x7b47a0cd <+24>:    jmp    0x7b47a0d5 <SizeofResource+32>
   0x7b47a0cf <+26>:    mov    0xc(%ebp),%eax
   0x7b47a0d2 <+29>:    mov    0x4(%eax),%eax
   0x7b47a0d5 <+32>:    pop    %ebp
   0x7b47a0d6 <+33>:    ret    $0x8
--- snip ---

Lets continue the (bad) practice of cluttering Wine with DECLSPEC_HOTPATCH per
case.

* https://bugs.winehq.org/show_bug.cgi?id=45703#c9

* https://bugs.winehq.org/show_bug.cgi?id=45199

...

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list