[Bug 47334] TP-Link PLC utility 2.2 crashes on startup with native ' packet.dll' (part of WinPcap)('wine_pcap_findalldevs' needs to handle empty adapter description)
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Jun 10 05:15:44 CDT 2019
https://bugs.winehq.org/show_bug.cgi?id=47334
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Component|-unknown |wpcap
Status|UNCONFIRMED |NEW
Keywords| |download
CC| |focht at gmx.net
URL| |https://web.archive.org/web
| |/20190227005701/https://sta
| |tic.tp-link.com/2018/201809
| |/20180904/PowerLineUtility_
| |Win_180816.zip
Summary|TP-Link PowerLineUtility |TP-Link PLC utility 2.2
|has page fault |crashes on startup with
| |native 'packet.dll' (part
| |of
| |WinPcap)('wine_pcap_findall
| |devs' needs to handle empty
| |adapter description)
--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
Please don't attach binaries you have no right to redistribute. Just provide
links. In addition third-party download sites for Windows dlls such as
'http://www.dlldownloader.com' should be taken with grain of salt, even if they
have a high user trust rating.
You could have just linked to official WinPcap installation packages
(https://www.winpcap.org/install/bin/WinPcap_4_1_3.exe), the dll should be part
of it.
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files (x86)/TP-Link/TP-Link PLC Utility
$ WINEDEBUG=+seh,+relay,+wpcap wine ./tpPLC.exe >>log.txt 2>&1
...
0034:fixme:wpcap:wine_pcap_findalldevs_ex ("rpcap://" (nil) 0x100692d8
0x100692e0): partial stub
0034:trace:wpcap:wine_pcap_findalldevs (0x100692d8 0x100692e0)
...
0034:Ret wpcap.pcap_findalldevs_ex() retval=00000000 ret=1002f4ad
...
0034:Call wpcap.pcap_parsesrcstr(7ad00850
"enp5s0",00000000,00000000,00000000,03d1b12c,100692e0) ret=1002eff9
0034:fixme:wpcap:wine_pcap_parsesrcstr ("enp5s0" (nil) (nil) (nil) 0x3d1b12c
0x100692e0): partial stub
0034:Ret wpcap.pcap_parsesrcstr() retval=00000000 ret=1002eff9
...
0034:Call KERNEL32.GetModuleHandleW(00360708 L"Iphlpapi") ret=00352d6b
0034:Ret KERNEL32.GetModuleHandleW() retval=7dcb0000 ret=00352d6b
0034:Call KERNEL32.GetProcAddress(7dcb0000,0036071c "GetAdaptersAddresses")
ret=00352d7d
0034:Ret KERNEL32.GetProcAddress() retval=7dcc127c ret=00352d7d
0034:Call KERNEL32.LoadLibraryW(00360734 L"airpcap.dll") ret=00352d8d
...
0034:Ret KERNEL32.LoadLibraryW() retval=00000000 ret=00352d8d
...
0034:Call advapi32.RegOpenKeyExW(80000002,003605b0
L"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}",00000000,00020019,03d1a8dc)
ret=003524b3
0034:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=003524b3
0034:Call advapi32.RegOpenKeyExW(80000002,00360680
L"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage",00000000,00020019,03d1a8d4)
ret=0035265d
0034:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=0035265d
0034:Call iphlpapi.GetAdaptersInfo(00000000,03d1b0f0) ret=00352054
0034:Ret iphlpapi.GetAdaptersInfo() retval=0000006f ret=00352054
...
0034:Call advapi32.OpenSCManagerW(00000000,00000000,80000000) ret=0035346f
...
0034:Ret advapi32.OpenSCManagerW() retval=0259a5c8 ret=0035346f
...
0034:Call advapi32.RegOpenKeyExA(80000002,03d1abc8
"SYSTEM\\CurrentControlSet\\Services\\NPF",00000000,00020019,03d1a8a0)
ret=003534bd
0034:Ret advapi32.RegOpenKeyExA() retval=00000000 ret=003534bd
0034:Call advapi32.RegCloseKey(00000194) ret=00353561
0034:Ret advapi32.RegCloseKey() retval=00000000 ret=00353561
0034:Call advapi32.OpenServiceA(0259a5c8,03d1a9c8 "NPF",00000014) ret=003534ec
...
0034:Ret advapi32.OpenServiceA() retval=025a3d50 ret=003534ec
0034:Call advapi32.QueryServiceStatus(025a3d50,03d1a8a8) ret=00353502
...
0034:Ret advapi32.StartServiceW() retval=00000000 ret=0035351c
0034:Call KERNEL32.GetLastError() ret=00353526
0034:Ret KERNEL32.GetLastError() retval=0000045a ret=00353526
...
0034:Call KERNEL32.GetLastError() ret=1003f60f
0034:Ret KERNEL32.GetLastError() retval=00000057 ret=1003f60f
0034:Call KERNEL32.GetLastError() ret=1003d9f3
0034:Ret KERNEL32.GetLastError() retval=00000057 ret=1003d9f3
0034:trace:seh:raise_exception code=c0000005 flags=0 addr=0x1002f198
ip=1002f198 tid=0034
0034:trace:seh:raise_exception info[0]=00000000
0034:trace:seh:raise_exception info[1]=00000000
0034:trace:seh:raise_exception eax=00000000 ebx=0034ed64 ecx=00000001
edx=00000000 esi=0034ebf4 edi=03d1b3f6
0034:trace:seh:raise_exception ebp=03d1b230 esp=03d1b1ec cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0034:trace:seh:call_stack_handlers calling handler at 0x10051671 code=c0000005
flags=0
0034:Call KERNEL32.GetLastError() ret=10036425
0034:Ret KERNEL32.GetLastError() retval=00000057 ret=10036425
0034:trace:seh:call_stack_handlers handler at 0x10051671 returned 1
0034:trace:seh:call_stack_handlers calling handler at 0x5c45f7 code=c0000005
flags=0
0034:Call KERNEL32.GetLastError() ret=0059de73
0034:Ret KERNEL32.GetLastError() retval=00000057 ret=0059de73
0034:trace:seh:call_stack_handlers handler at 0x5c45f7 returned 1
0034:trace:seh:call_stack_handlers calling handler at 0x7bcc3fc0 code=c0000005
flags=0
wine: Unhandled page fault on read access to 0x00000000 at address 0x1002f198
(thread 0034), starting debugger...
0034:trace:seh:start_debugger Starting debugger "winedbg --auto 41 404"
...
--- snip ---
Call stack of crash annotated:
--- snip ---
Address To From Size Comment
03F0B234 1002F5C2 1002F198 40 plcoperation.1002F198
03F0B274 1002ED30 1002F5C2 10 plcoperation.1002F5C2
03F0B284 100063B2 1002ED30 8 plcoperation.1002ED30 ; openNICs
03F0B28C 00406A00 100063B2 4C64 plcoperation.100063B2 ; initAdapter
03F0FEF0 7BCA13B0 00406A00 10 tpplc.00406A00
03F0FF00 7BCA478E 7BCA13B0 E0 7BCA13B0
03F0FFE0 7BCA13A2 7BCA478E 10 7BCA478E
03F0FFF0 00000000 7BCA13A2 7BCA13A2
--- snip ---
Caller and crash site:
--- snip ---
...
1002F56A | 8B15 D8920610 | mov edx,dword ptr ds:[100692D8] ; alldevs
1002F570 | 8955 EC | mov dword ptr ss:[ebp-14],edx
1002F573 | EB 11 | jmp plcoperation.1002F586
...
1002F5B2 | 8B4D EC | mov ecx,dword ptr ss:[ebp-14] ; pcap_if_t alldevs
1002F5B5 | 8B51 08 | mov edx,dword ptr ds:[ecx+8] ; arg2 =
.description
1002F5B8 | 52 | push edx
1002F5B9 | 8B45 F0 | mov eax,dword ptr ss:[ebp-10]
1002F5BC | 50 | push eax
1002F5BD | E8 BEFBFFFF | call plcoperation.1002F180
...
1002F180 | 55 | push ebp
1002F181 | 8BEC | mov ebp,esp
1002F183 | 83EC 44 | sub esp,44
1002F186 | 8B45 0C | mov eax,dword ptr ss:[ebp+C] ; arg2
1002F189 | 8945 F4 | mov dword ptr ss:[ebp-C],eax
1002F18C | 8B4D F4 | mov ecx,dword ptr ss:[ebp-C] ; arg2
1002F18F | 83C1 01 | add ecx,1
1002F192 | 894D DC | mov dword ptr ss:[ebp-24],ecx
1002F195 | 8B55 F4 | mov edx,dword ptr ss:[ebp-C]
1002F198 | 8A02 | mov al,byte ptr ds:[edx] ; NULL *boom*
1002F19A | 8845 FF | mov byte ptr ss:[ebp-1],al
1002F19D | 8345 F4 01 | add dword ptr ss:[ebp-C],1
1002F1A1 | 807D FF 00 | cmp byte ptr ss:[ebp-1],0
1002F1A5 | 75 EE | jne plcoperation.1002F195
1002F1A7 | 8B4D F4 | mov ecx,dword ptr ss:[ebp-C]
1002F1AA | 2B4D DC | sub ecx,dword ptr ss:[ebp-24]
1002F1AD | 894D D8 | mov dword ptr ss:[ebp-28],ecx
1002F1B0 | 8B55 D8 | mov edx,dword ptr ss:[ebp-28]
1002F1B3 | 8955 E4 | mov dword ptr ss:[ebp-1C],edx
1002F1B6 | C745 BC F8310610 | mov dword ptr ss:[ebp-44],plcoperation.100631F8
1002F1BD | C745 C0 FC310610 | mov dword ptr ss:[ebp-40],plcoperation.100631FC
1002F1C4 | 837D E4 00 | cmp dword ptr ss:[ebp-1C],0
1002F1C8 | 75 07 | jne plcoperation.1002F1D1
--- snip ---
Base Module Path
00330000 packet.dll C:\Program Files
(x86)\TP-Link\TP-Link PLC Utility\Packet.dll
00350000 api-ms-win-core-fibers-l1-1-1.dll
Z:\home\focht\projects\wine\mainline-install-x86_64\bin\..\lib\wine\api-ms-win-core-fibers-l1-1-1.dll
00370000 api-ms-win-core-localization-l1-2-1.dll
Z:\home\focht\projects\wine\mainline-install-x86_64\bin\..\lib\wine\api-ms-win-core-localization-l1-2-1.dll
00400000 tpplc.exe C:\Program Files
(x86)\TP-Link\TP-Link PLC Utility\tpPLC.exe
00840000 hyfiinfotran.dll C:\Program Files
(x86)\TP-Link\TP-Link PLC Utility\hyfiinfotran.dll
00CA0000 flash.ocx C:\Program Files
(x86)\TP-Link\TP-Link PLC Utility\Flash.ocx
10000000 plcoperation.dll C:\Program Files
(x86)\TP-Link\TP-Link PLC Utility\PLCOperation.dll
...
--- snip ---
Var refs that lead to identification of 'alldevs':
--- snip ---
Address Disassembly
100075E1 mov eax,dword ptr ds:[100692D8]
100076E6 mov ecx,dword ptr ds:[100692D8]
1000796F mov ecx,dword ptr ds:[100692D8]
1002EF2A mov ecx,dword ptr ds:[100692D8]
1002EF66 cmp dword ptr ds:[100692D8],0
1002EF73 mov eax,dword ptr ds:[100692D8]
1002F464 mov dword ptr ds:[100692D8],0
1002F49B push plcoperation.100692D8 ; ---> var init
1002F4C5 mov edx,dword ptr ds:[100692D8]
1002F56A mov edx,dword ptr ds:[100692D8]
1002F798 mov edx,dword ptr ds:[100692D8]
1002FC41 cmp dword ptr ds:[100692D8],0
1002FC4A mov ecx,dword ptr ds:[100692D8]
1002FC5A mov dword ptr ds:[100692D8],0
--- snip ---
--- snip ---
1002F496 | 68 E0920610 | push plcoperation.100692E0
1002F49B | 68 D8920610 | push plcoperation.100692D8 ; pcap_if_t **alldevs
1002F4A0 | 6A 00 | push 0
1002F4A2 | 68 00320610 | push plcoperation.10063200 ; "rpcap://"
1002F4A7 | FF15 DC210510 | call dword ptr ds:[100521DC] ; pcap_findalldevs_ex
--- snip ---
The pcap_if_t->description field of the adapter is empty (NULL), causing the
crash. Not sure if it's worth to work around the crash as native 'packet.dll'
is unlikely to work in near future - if at all.
There is already some (invisible) failure prior: the app dll calls
'packet.PacketOpenAdapter' which obviously fails since the kernel side is
missing (NPF/NDIS driver) in case of native 'packet.dll'
Small test app for Linux libpcap:
--- snip ---
/* gcc -o pcap_test pcap_test.c -lpcap */
#include <pcap.h>
#include <stdlib.h>
int main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int i=0;
char errbuf[PCAP_ERRBUF_SIZE];
printf("%s\n", pcap_lib_version());
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"pcap_findalldevs() failed: %s\n", errbuf);
exit(1);
}
for(d= alldevs; d != NULL; d= d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
pcap_freealldevs(alldevs);
return 0;
}
--- snip ---
--- snip ---
$ ./pcap_test
libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
1. enp5s0 (No description available)
2. lo (No description available)
3. any (Pseudo-device that captures on all interfaces)
4. wlp4s0 (No description available)
5. bluetooth-monitor (Bluetooth Linux Monitor)
6. nflog (Linux netfilter log (NFLOG) interface)
7. nfqueue (Linux netfilter queue (NFQUEUE) interface)
8. bluetooth0 (Bluetooth adapter number 0)
9. usbmon0 (All USB buses)
10. usbmon1 (USB bus number 1)
11. usbmon2 (USB bus number 2)
12. usbmon3 (USB bus number 3)
13. usbmon4 (USB bus number 4)
--- snip ---
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/wpcap/wpcap.c#l141
--- snip ---
141 int CDECL wine_pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
142 {
143 int ret;
144
145 TRACE("(%p %p)\n", alldevsp, errbuf);
146 ret = pcap_findalldevs(alldevsp, errbuf);
147 if(alldevsp && !*alldevsp)
148 ERR_(winediag)("Failed to access raw network (pcap), this requires
special permissions.\n");
149
150 return ret;
151 }
152
153 int CDECL wine_pcap_findalldevs_ex(char *source, void *auth, pcap_if_t
**alldevs, char *errbuf)
154 {
155 FIXME("(%s %p %p %p): partial stub\n", debugstr_a(source), auth,
alldevs, errbuf);
156 return wine_pcap_findalldevs(alldevs, errbuf);
157 }
--- snip ---
Native WinPcap modifies adapter name and description after return of
'pcap_findalldevs', which includes handling the case of empty description:
https://github.com/wireshark/winpcap/blob/267327e28031d2d3d74c28cf18a08dfbc515071b/wpcap/libpcap/pcap-new.c#L136
$ sha1sum PowerLineUtility_Win_180816.zip
a641c9611bf053d5bb1e730baead5e9e74b3a81c PowerLineUtility_Win_180816.zip
$ du -sh PowerLineUtility_Win_180816.zip
19M PowerLineUtility_Win_180816.zip
$ wine --version
wine-4.9-378-g48a74277f5
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list