[Bug 46804] New: StarForce v3 kernel driver service 'sfhlp02' crashes in driver entry point due to ' ntoskrnl.exe.IoCreateSynchronizationEvent' stub

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Mar 8 11:33:42 CST 2019 

https://bugs.winehq.org/show_bug.cgi?id=46804

            Bug ID: 46804
           Summary: StarForce v3 kernel driver service 'sfhlp02' crashes
                    in driver entry point due to
                    'ntoskrnl.exe.IoCreateSynchronizationEvent' stub
           Product: Wine
           Version: 4.3
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntoskrnl
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

while revisiting bug 44925 I've noticed the SF driver crashes now in entry
point. Technically a regression due to the introduction of "kernel"
synchronization objects/functions. Bug 44588 and friends.

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/TmSunriseDemoMag

$ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll,+process wine ./TmSunriseDemoMag.exe
>>log.txt 2>&1
...
0031:trace:ntoskrnl:load_driver loading driver
L"System32\\drivers\\sfhlp02.sys"
0031:Call KERNEL32.LoadLibraryW(0011d880 L"System32\\drivers\\sfhlp02.sys")
ret=7e97f680
0031:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\System32\\drivers\\sfhlp02.sys" at 0x550000: native
0031:Ret  KERNEL32.LoadLibraryW() retval=00550000 ret=7e97f680
...
0031:trace:ntoskrnl:load_driver_module L"System32\\drivers\\sfhlp02.sys":
relocating from 0x10000 to 0x550000 
...
0031:Call driver init 0x555300
(obj=0x11d7a8,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\sfhlp02") 
...
0031:Call ntoskrnl.exe.IoCreateSymbolicLink(0042fbe4,0042fbec) ret=0055515b
0031:trace:ntoskrnl:IoCreateSymbolicLink L"\\DosDevices\\sfhlp02i" ->
L"\\Device\\sfhlp02i"
0031:Call ntdll.NtCreateSymbolicLinkObject(0042fb54,000f0001,0042fb3c,0042fbec)
ret=7e97adb0
0031:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7e97adb0
0031:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=0055515b
...
0031:Call ntoskrnl.exe.RtlInitUnicodeString(0042fbf0,00555334
L"\\Device\\StarForce - {60E30D10-C32F-4845-8477-139131D5E900}") ret=00555406
0031:Call ntdll.RtlInitUnicodeString(0042fbf0,00555334 L"\\Device\\StarForce -
{60E30D10-C32F-4845-8477-139131D5E900}") ret=7bc87f7c
0031:Ret  ntdll.RtlInitUnicodeString() retval=0042fbf0 ret=7bc87f7c
0031:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0042fbf0 ret=00555406
0031:Call ntoskrnl.exe.IoCreateSynchronizationEvent(0042fbf0,0042fbfc)
ret=00555414
0031:fixme:ntoskrnl:IoCreateSynchronizationEvent (0x42fbf0 0x42fbfc) stub
0031:Ret  ntoskrnl.exe.IoCreateSynchronizationEvent() retval=deadbeaf
ret=00555414
0031:Call ntoskrnl.exe.KeEnterCriticalRegion() ret=0055542c
0031:fixme:ntoskrnl:KeEnterCriticalRegion : stub
0031:Ret  ntoskrnl.exe.KeEnterCriticalRegion() retval=00000031 ret=0055542c
0031:Call
ntoskrnl.exe.KeWaitForSingleObject(deadbeaf,00000000,00000000,00000000,00000000)
ret=00555437
0031:trace:ntoskrnl:KeWaitForMultipleObjects count 1, objs 0x42fb70, wait_type
1, reason 0, mode 0, alertable 0, timeout (nil), wait_blocks (nil).
0031:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e9817a9
ip=7e9817a9 tid=0031
0031:trace:seh:raise_exception  info[0]=00000000
0031:trace:seh:raise_exception  info[1]=deadbeb7
0031:trace:seh:raise_exception  eax=deadbeb7 ebx=0042fb20 ecx=0042f9b0
edx=00000000 esi=0042fbc4 edi=0042fb84
0031:trace:seh:raise_exception  ebp=0042fb08 esp=0042f9c0 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210296
0031:trace:seh:call_vectored_handlers calling handler at 0x7e976ddd
code=c0000005 flags=0
0031:trace:seh:call_vectored_handlers handler at 0x7e976ddd returned 0
0031:trace:seh:call_stack_handlers calling handler at 0x7bcbae2a code=c0000005
flags=0
wine: Unhandled page fault on read access to 0xdeadbeb7 at address 0x7e9817a9
(thread 0031), starting debugger... 
--- snip ---

KeWaitForXXX functions now expect valid handles and can't deal with the fake
ones from (semi) stubs.

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl.c#l3139

--- snip ---
3139 PKEVENT WINAPI IoCreateSynchronizationEvent(PUNICODE_STRING name, PHANDLE
handle)
3140 {
3141     FIXME("(%p %p) stub\n", name, handle);
3142     return (KEVENT *)0xdeadbeaf;
3143 }
--- snip ---

$ sha1sum tmsunrisedemo_setup.exe 
2d44577a71718464c595d9da91a017fb0914afc4  tmsunrisedemo_setup.exe

$ du -sh tmsunrisedemo_setup.exe 
210M    tmsunrisedemo_setup.exe

$ wine --version
wine-4.3-188-gab7756619c

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list