[Bug 45217] Error box in Nox 6.x at 99% of initialisation

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Mar 3 07:16:50 CST 2019 

https://bugs.winehq.org/show_bug.cgi?id=45217

Louis Lenders <xerox.xerox2000x at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
          Component|ntdll                       |-unknown
                 CC|                            |xerox.xerox2000x at gmail.com
            Summary|Error in Nox                |Error box in Nox 6.x at 99%
                   |                            |of initialisation
           Keywords|                            |download
                URL|                            |https://downloadnox.com/

--- Comment #3 from Louis Lenders <xerox.xerox2000x at gmail.com> ---
Hi, to make this bugreport anything useful i change title to current behaviour
in current git.

Not sure how many bugs there are but one of them was already analyzed by Focht,
but that bugreport is closed, so doesn`t show up in searches (bug 45326),  so i
will copy paste comment here (wine net start YSDrv still crashes):


Hello folks,

confirming too.

Taking the example from comment #10 -> NoxPlayer 6.x

NoxPlayer is heavily based on VirtualBox infrastructure, which includes
multiple kernel drivers.

Trace log:

--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+service wine net start YSDrv >>log.txt 2>&1
...
0009:Call KERNEL32.WideCharToMultiByte(000001b5,00000000,00335d80 L"The VBox
Support Driver service is
starting.\r\n",0000002e,00145688,0000002e,00000000,00000000) ret=7efeb7a7 
...
002f:trace:service:QueryServiceConfigW Image path           = L"C:\\Program
Files (x86)\\Bignox\\BigNoxVM\\RT\\YSDrv.sys"
002f:trace:service:QueryServiceConfigW Group                = L""
002f:trace:service:QueryServiceConfigW Dependencies         = L""
002f:trace:service:QueryServiceConfigW Service account name = L"LocalSystem"
002f:trace:service:QueryServiceConfigW Display name         = L"VBox Support
Driver"
002f:Ret  advapi32.QueryServiceConfigW() retval=00000001 ret=7fca4a16a2a6
002f:trace:ntoskrnl:open_driver opened service for driver
L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\YSDrv" 
...
002f:trace:ntoskrnl:load_driver loading driver L"C:\\Program Files
(x86)\\Bignox\\BigNoxVM\\RT\\YSDrv.sys"
002f:Call KERNEL32.LoadLibraryW(00027070 L"C:\\Program Files
(x86)\\Bignox\\BigNoxVM\\RT\\YSDrv.sys") ret=7fca4a15cc0c 
...
002f:Call driver init 0x1400127e0
(obj=0x26ee0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\YSDrv")
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryMaximumGroupCount" not
found
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetProcessorIndexFromNumber"
not found
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetProcessorNumberFromIndex"
not found
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeIpiGenericCall" not found
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeSetTargetProcessorDpcEx" not
found
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeInitializeAffinityEx" not
found
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeAddProcessorAffinityEx" not
found
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetProcessorIndexFromNumber"
not found
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetProcessorNumberFromIndex"
not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeGetCurrentProcessorNumberEx"
not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryMaximumProcessorCount"
not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryMaximumProcessorCountEx"
not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryMaximumGroupCount" not
found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryActiveProcessorCount"
not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryActiveProcessorCountEx"
not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress
L"KeQueryLogicalProcessorRelationship" not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress
L"KeRegisterProcessorChangeCallback" not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress
L"KeDeregisterProcessorChangeCallback" not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQueryInterruptTimePrecise"
not found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"KeQuerySystemTimePrecise" not
found 
...
002f:fixme:ntoskrnl:MmGetSystemRoutineAddress L"HalRequestIpi" not found 
...
002f:Call ntoskrnl.exe.PsGetVersion(0033f5c0,0033f5c8,0033f5d0,00000000)
ret=140024c75
002f:Call ntdll.RtlGetVersion(0033f2b0) ret=7fca4a167b5d
002f:Ret  ntdll.RtlGetVersion() retval=00000000 ret=7fca4a167b5d
002f:Ret  ntoskrnl.exe.PsGetVersion() retval=00000001 ret=140024c75
002f:Call ntoskrnl.exe.RtlGetVersion(0033f490) ret=140024cd1
002f:Call ntdll.RtlGetVersion(0033f490) ret=7bc808ef
002f:Ret  ntdll.RtlGetVersion() retval=00000000 ret=7bc808ef
002f:Ret  ntoskrnl.exe.RtlGetVersion() retval=00000000 ret=140024cd1
002f:trace:seh:NtRaiseException code=c0000096 flags=0 addr=0x1400251ac
ip=1400251ac tid=002f
002f:trace:seh:NtRaiseException  rax=0000000000000002 rbx=0000000000027070
rcx=00007fca58290997 rdx=0000000000000000
002f:trace:seh:NtRaiseException  rsi=0000000000026ee0 rdi=0000000000027048
rbp=0000000000000000 rsp=000000000033f5c0
002f:trace:seh:NtRaiseException   r8=0000000000000000  r9=000000000033ec00
r10=0000000000000000 r11=0000000000000000
002f:trace:seh:NtRaiseException  r12=0000000000026ee0 r13=0000000000000000
r14=00000000000259e8 r15=00000001400127e0
002f:trace:seh:call_vectored_handlers calling handler at 0x7fca4a15c1a0
code=c0000096 flags=0
002f:trace:seh:call_vectored_handlers handler at 0x7fca4a15c1a0 returned
ffffffff
002f:trace:seh:NtRaiseException code=c0000096 flags=0 addr=0x1400251c5
ip=1400251c5 tid=002f
002f:trace:seh:NtRaiseException  rax=0000000000000002 rbx=0000000000027070
rcx=00007fca58290997 rdx=0000000000000000
002f:trace:seh:NtRaiseException  rsi=0000000000026ee0 rdi=0000000000027048
rbp=0000000000000000 rsp=000000000033f5c0
002f:trace:seh:NtRaiseException   r8=0000000000000000  r9=000000000033ec00
r10=0000000000000000 r11=0000000000000000
002f:trace:seh:NtRaiseException  r12=0000000000026ee0 r13=0000000000000000
r14=00000000000259e8 r15=00000001400127e0
002f:trace:seh:call_vectored_handlers calling handler at 0x7fca4a15c1a0
code=c0000096 flags=0
002f:trace:seh:call_vectored_handlers handler at 0x7fca4a15c1a0 returned
ffffffff
002f:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x1400251ed
ip=1400251ed tid=002f
002f:trace:seh:NtRaiseException  info[0]=0000000000000000
002f:trace:seh:NtRaiseException  info[1]=0000000000000020
002f:trace:seh:NtRaiseException  rax=0000000000000000 rbx=00000000756e6547
rcx=000000006c65746e rdx=0000000049656e69
002f:trace:seh:NtRaiseException  rsi=0000000000026ee0 rdi=0000000000027048
rbp=0000000000000000 rsp=000000000033f5c0
002f:trace:seh:NtRaiseException   r8=0000000000000000  r9=000000000033ec00
r10=0000000000000000 r11=0000000000000000
002f:trace:seh:NtRaiseException  r12=0000000000026ee0 r13=0000000000000000
r14=00000000000259e8 r15=00000001400127e0
002f:trace:seh:call_vectored_handlers calling handler at 0x7fca4a15c1a0
code=c0000005 flags=0
002f:trace:seh:call_vectored_handlers handler at 0x7fca4a15c1a0 returned 0
002f:trace:seh:RtlVirtualUnwind type 1 rip 1400251ed rsp 33f5c0
002f:trace:seh:dump_unwind_info **** func 24e70-2542f
002f:trace:seh:dump_unwind_info unwind info at 0x14003ab6c flags 1 prolog 0x10
bytes function 0x140024e70-0x14002542f
002f:trace:seh:dump_unwind_info     0x10: subq $0x60,%rsp
002f:trace:seh:dump_unwind_info     0xc: pushq %r15
002f:trace:seh:dump_unwind_info     0xa: pushq %r14
002f:trace:seh:dump_unwind_info     0x8: pushq %r13
002f:trace:seh:dump_unwind_info     0x6: pushq %r12
002f:trace:seh:dump_unwind_info     0x4: pushq %rdi
002f:trace:seh:dump_unwind_info     0x3: pushq %rsi
002f:trace:seh:dump_unwind_info     0x2: pushq %rbx
002f:trace:seh:dump_unwind_info     handler 0x14002b3e8 data at 0x14003ab84
002f:trace:seh:call_handler calling handler 0x14002b3e8 (rec=0x33f480,
frame=0x33f5c0 context=0x33e950, dispatch=0x33e820)
002f:trace:seh:NtRaiseException code=80000100 flags=1 addr=0x7bc5e16c
ip=7bc5e16c tid=002f
002f:trace:seh:NtRaiseException  info[0]=0000000140057848
002f:trace:seh:NtRaiseException  info[1]=00000001400572ee
wine: Call from 0x7bc5e16c to unimplemented function
ntoskrnl.exe.__C_specific_handler, aborting 
--- snip ---

Driver registry entry:

--- snip ---
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\YSDrv]
"DisplayName"="VBox Support Driver"
"ErrorControl"=dword:00000001
"ImagePath"="C:\\Program Files (x86)\\Bignox\\BigNoxVM\\RT\\YSDrv.sys"
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0002bf20
"Start"=dword:00000003
"Type"=dword:00000001
--- snip ---

Dissecting the trace log:

--- snip ---
00000001400251AC  mov     r8, cr8   ; read old TPR
--- snip ---

64-bit TPR access, exception handled (instruction emulated)

https://xem.github.io/minix86/manual/intel-x86-and-64-manual-vol3/o_fe12b1e2a880e0ce-390.html

("Chapter 10.8.3 Interrupt, Task and Processor Priority")

--- snip ---
00000001400251B0  mov     [rsp+98h+arg_10], r8
00000001400251B8  mov     [rsp+98h+arg_0], r8b
00000001400251C0  mov     eax, 2
00000001400251C5  mov     cr8, rax  ; write new task priority (TPR)
--- snip ---

64-bit TPR access, exception handled (instruction emulated)

--- snip ---
00000001400251C9  xor     eax, eax
00000001400251CB  xor     ecx, ecx
00000001400251CD  cpuid
00000001400251CF  mov     [rsp+98h+var_44], eax
00000001400251D3  mov     [rsp+98h+var_50], ebx
00000001400251D7  mov     [rsp+98h+var_48], ecx
00000001400251DB  mov     [rsp+98h+var_4C], edx
00000001400251DF  mov     byte ptr [rsp+98h+var_44], 0
00000001400251E4  mov     rax, gs:18h
00000001400251ED  mov     rdi, [rax+20h]              ; *boom*
00000001400251F1  mov     [rsp+98h+var_68], rdi
00000001400251F6  jmp     short loc_14002520F
00000001400251F8  xor     edi, edi
00000001400251FA  mov     [rsp+98h+var_68], rdi
00000001400251FF  movzx   eax, [rsp+98h+arg_0]
0000000140025207  mov     [rsp+98h+arg_10], rax
...
--- snip ---

GS:[0x18] -> NT SubSystemTib

Looks like it's trying to access some unknown member there.

I found the C scope table for the function-specific exception handler here:

--- snip ---
...
000000014003AB88  C_SCOPE_TABLE <rva loc_1400251E4, rva loc_1400251F8, 1, \
000000014003AB88                 rva loc_1400251F8>
...
--- snip ---

which indicates a NULL 'NT SubSystemTib' is kinda expected on Win64

---

In case of MTA San Andreas 1.5.x (https://mtasa.com/download/), the driver
causing this (due to other Wine insufficiencies):

--- snip ---
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD]
"DisplayName"="FairplayKD"
"ErrorControl"=dword:00000001
"ImagePath"="C:\\ProgramData\\MTA San Andreas
All\\Common\\temp\\FairplayKD.sys"
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0002bf20
"Start"=dword:00000003
"Type"=dword:00000001
"WOW64"=dword:00000001
--- snip ---

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list