[Bug 44803] Age of Empires II Forgotten Empires crashes " Unhandled privileged instruction"

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Apr 2 15:39:07 CDT 2019 

https://bugs.winehq.org/show_bug.cgi?id=44803

--- Comment #7 from Anastasius Focht <focht at gmx.net> ---
Hello Raphael,

--- quote ---
Could it be that having UPnP enabled could trigger some different code paths?
--- quote ---

well, that important information was missing in initial comments.

I checked the modules list from your backtrace again and indeed there is a
module 'miniupnpc.dll' mapped into process space that I don't have with a
default AOE2/Expanion sets install.

Your backtrace:

--- snip ---
...
wine: Unhandled privileged instruction at address 0x7e23f895 (thread 0056),
starting debugger...
...
Unhandled exception: privileged instruction in 32-bit code (0x7e23f895).
0062:fixme:dbghelp:elf_search_auxv can't find symbol in module
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7e23f895 ESP:00339358 EBP:00339358 EFLAGS:00210206(  R- --  I   - -P- )
 EAX:00000000 EBX:00000128 ECX:003393a0 EDX:00000000
 ESI:003393f8 EDI:00000000
Stack dump:
0x00339358:  003393b4 5df0893c 00000128 003393a0
0x00339368:  00000010 00000000 00000000 0033b81c
0x00339378:  003393f0 00000001 003393e8 00000000
0x00339388:  00000000 7bc3cd96 003393a8 00000001
0x00339398:  00000128 00000000 00000002 00000000
0x003393a8:  00000000 00000000 000023e4 0033b804
Backtrace:
=>0 0x7e23f895 WS_bind+0x5() in ws2_32 (0x00339358)
  1 0x00000000 (0x00339358)
  2 0x5df0893c in dpwsockx (+0x893b) (0x003393b4)
  3 0x5df084a3 in dpwsockx (+0x84a2) (0x0033b804)
  4 0x5e08706e in dplayx (+0x706d) (0x0033b854)
  5 0x5e0872fb in dplayx (+0x72fa) (0x0033b8a0)
  6 0x5e0873e0 in dplayx (+0x73df) (0x0033b8c0)
  7 0x005ccf57 in age2_x2 (+0x1ccf56) (0x0033bb10)
0x7e23f895 WS_bind+0x5 in ws2_32: inb    $0xf0,%al
Modules:
Module    Address            Debug info    Name (138 modules)
PE      400000-  7e6000    Export          age2_x2
PE     1050000- 110a000    Deferred        language_x1_p1
PE     9dc0000- 9e51000    Deferred        language
PE    10000000-1005e000    Deferred        language_x1
PE    5df00000-5df16000    Export          dpwsockx
PE    5e080000-5e0bb000    Export          dplayx
PE    6ad80000-6ad95000    Deferred        miniupnpc
...
--- snip ---

This 'miniupnpc' dll seems to be distributed by some unofficial? game
patches/installers. I found one installer here:
http://jonathanrooke.co.uk/ror/phpbb/viewtopic.php?f=2&t=177

The original 'MiniUPnP' project seems to be here:

http://miniupnp.free.fr/files/

Even with the dll in place and router (Fritzbox) having UPnP enabled I couldn't
reproduce the crash.

--- snip ---
...
002b:Call ws2_32.WSAStartup(00000101,0033d188) ret=007db0e4
002b:Ret  ws2_32.WSAStartup() retval=00000000 ret=007db0e4
002b:Call KERNEL32.LoadLibraryA(007db720 "age2_x1\\miniupnpc.dll") ret=007db0f7
002b:trace:snoop:SNOOP_SetupDLL hmod=0x6ad80000, name=miniupnpc.dll 
...
002b:Call PE DLL (proc=0x6ad810c0,module=0x6ad80000
L"miniupnpc.dll",reason=PROCESS_ATTACH,res=(nil))
002b:Call msvcrt.malloc(00000080) ret=6ad8112c
002b:Call ntdll.RtlAllocateHeap(00b10000,00000000,00000080) ret=7d67dd27
002b:Ret  ntdll.RtlAllocateHeap() retval=00b11390 ret=7d67dd27
002b:Ret  msvcrt.malloc() retval=00b11390 ret=6ad8112c
002b:Call KERNEL32.GetModuleHandleA(6ad8c000 "libgcc_s_dw2-1.dll") ret=6ad811c2
002b:Ret  KERNEL32.GetModuleHandleA() retval=00000000 ret=6ad811c2
002b:Call msvcrt.__dllonexit(6ad8123c,6ad8f000,6ad8f010) ret=6ad81051
002b:Call ntdll.RtlReAllocateHeap(00b10000,00000000,00b11390,00000004)
ret=7d67de5c
002b:Ret  ntdll.RtlReAllocateHeap() retval=00b11390 ret=7d67de5c
002b:Ret  msvcrt.__dllonexit() retval=6ad8123c ret=6ad81051
002b:Call msvcrt.__dllonexit(6ad85d60,6ad8f000,6ad8f010) ret=6ad81051
002b:Call ntdll.RtlReAllocateHeap(00b10000,00000000,00b11390,00000008)
ret=7d67de5c
002b:Ret  ntdll.RtlReAllocateHeap() retval=00b11390 ret=7d67de5c
002b:Ret  msvcrt.__dllonexit() retval=6ad85d60 ret=6ad81051
002b:Ret  PE DLL (proc=0x6ad810c0,module=0x6ad80000
L"miniupnpc.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
002b:Ret  KERNEL32.LoadLibraryA() retval=6ad80000 ret=007db0f7
002b:Call KERNEL32.GetProcAddress(6ad80000,007db736 "upnpDiscover")
ret=007db115
002b:Ret  KERNEL32.GetProcAddress() retval=00390220 ret=007db115
002b:Call KERNEL32.GetProcAddress(6ad80000,007db743 "UPNP_GetValidIGD")
ret=007db11f
002b:Ret  KERNEL32.GetProcAddress() retval=003901a9 ret=007db11f
002b:Call KERNEL32.GetProcAddress(6ad80000,007db754 "UPNP_AddPortMapping")
ret=007db12b
002b:Ret  KERNEL32.GetProcAddress() retval=00390055 ret=007db12b
002b:Call KERNEL32.GetProcAddress(6ad80000,007db768 "UPNP_DeletePortMapping")
ret=007db137
002b:Ret  KERNEL32.GetProcAddress() retval=00390088 ret=007db137
002b:Call KERNEL32.GetProcAddress(6ad80000,007db77f
"UPNP_GetSpecificPortMappingEntry") ret=007db143
002b:Ret  KERNEL32.GetProcAddress() retval=00390143 ret=007db143
002b:Call KERNEL32.GetProcAddress(6ad80000,007db7a0 "FreeUPNPUrls")
ret=007db14f
002b:Ret  KERNEL32.GetProcAddress() retval=00390011 ret=007db14f
002b:Call KERNEL32.GetProcAddress(6ad80000,007db7ad "freeUPNPDevlist")
ret=007db15b
002b:Ret  KERNEL32.GetProcAddress() retval=003901cb ret=007db15b
002b:CALL miniupnpc.upnpDiscover(<unknown, check return>) ret=007db1d6
002b:Call ws2_32.socket(00000002,00000002,00000011) ret=6ad8289f 
...
002b:Ret  ws2_32.socket() retval=0000008c ret=6ad8289f
002b:Call ws2_32.inet_addr(6ad8c66a "223.255.255.255") ret=6ad8294c
002b:Ret  ws2_32.inet_addr() retval=ffffffdf ret=6ad8294c
002b:Call iphlpapi.GetBestRoute(ffffffdf,00000000,0033d0ac) ret=6ad82967
...
002b:Ret  iphlpapi.GetBestRoute() retval=00000000 ret=6ad82967
...
002b:Call iphlpapi.GetIpAddrTable(00b113a8,0033d10c,00000000) ret=6ad8299e
....
002b:Ret  iphlpapi.GetIpAddrTable() retval=0000007a ret=6ad8299e
...
002b:Call iphlpapi.GetIpAddrTable(00b113a8,0033d10c,00000000) ret=6ad829da
...
002b:Ret  iphlpapi.GetIpAddrTable() retval=00000000 ret=6ad829da
002b:Call ws2_32.setsockopt(0000008c,00000000,00000009,0033d108,00000004)
ret=6ad82a42
...
002b:Ret  ws2_32.setsockopt() retval=00000000 ret=6ad82a42
...
002b:Call ws2_32.setsockopt(0000008c,0000ffff,00000004,0033d114,00000004)
ret=6ad82abd
002b:Call ntdll.wine_server_handle_to_fd(0000008c,00000000,0033c7ac,00000000)
ret=7deacd7b
002b:Ret  ntdll.wine_server_handle_to_fd() retval=00000000 ret=7deacd7b
002b:Call ntdll.wine_server_release_fd(0000008c,0000000f) ret=7deacdbf
002b:Ret  ntdll.wine_server_release_fd() retval=00000000 ret=7deacdbf
002b:Ret  ws2_32.setsockopt() retval=00000000 ret=6ad82abd
002b:Call ws2_32.bind(0000008c,0033d028,00000010) ret=6ad82bab
002b:Call ntdll.wine_server_handle_to_fd(0000008c,00000000,0033c86c,00000000)
ret=7deacd7b
002b:Ret  ntdll.wine_server_handle_to_fd() retval=00000000 ret=7deacd7b
002b:Call KERNEL32.LoadLibraryA(7decc998 "iphlpapi.dll") ret=7debfba7
002b:Ret  KERNEL32.LoadLibraryA() retval=7de70000 ret=7debfba7
002b:Call KERNEL32.GetProcAddress(7de70000,7decc9b0 "GetAdaptersInfo")
ret=7debfbdd
002b:Ret  KERNEL32.GetProcAddress() retval=7de7d708 ret=7debfbdd
002b:Call iphlpapi.GetAdaptersInfo(00000000,0033c83c) ret=7deb1374
002b:Ret  iphlpapi.GetAdaptersInfo() retval=0000006f ret=7deb1374
...
002b:Call iphlpapi.GetAdaptersInfo(0016c908,0033c83c) ret=7deb13bd
...
002b:Ret  iphlpapi.GetAdaptersInfo() retval=00000000 ret=7deb13bd
...
002b:Ret  ws2_32.bind() retval=00000000 ret=6ad82bab
002b:Call ws2_32.getaddrinfo(6ad8c623 "239.255.255.250",6ad8c68a
"1900",0033d0e4,0033d110) ret=6ad82cec
...
002b:Ret  ws2_32.getaddrinfo() retval=00000000 ret=6ad82cec 
002b:RET  miniupnpc.upnpDiscover() retval=00000000 ret=007db1d6
002b:Call ws2_32.WSACleanup() ret=007db2c9
002b:Ret  ws2_32.WSACleanup() retval=00000000 ret=007db2c9 
...
--- snip ---

That 'miniupnpc' doesn't seem to hook Winsock API.

Where exactly did you get your dll from (link)?

Scan of the dlls I found:

----

From: http://jonathanrooke.co.uk/ror/phpbb/viewtopic.php?f=2&t=177

->
https://www.virustotal.com/gui/file/13c18272374f17c2b644b9a4591bf76d466f3f410b7c1b3c0a31a302deb35a1a/details

->
https://www.virustotal.com/gui/file/13c18272374f17c2b644b9a4591bf76d466f3f410b7c1b3c0a31a302deb35a1a/relations

----

From:
http://miniupnp.free.fr/files/download.php?file=upnpc-exe-win32-20150918.zip

->
https://www.virustotal.com/gui/file/621e7d728f1de9adc10673da452036fe7c35ce3de87e5a959752eb303f03e48b/details

->
https://www.virustotal.com/gui/file/621e7d728f1de9adc10673da452036fe7c35ce3de87e5a959752eb303f03e48b/relations

----

None of them seem suspicous.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list