[Bug 47175] SCM must ensure kernel services 'ImagePath' contains native NT-style path for private paths (BitRaider Streaming Client 1.3.3, SmartGaga)

WineHQ Bugzilla wine-bugs at winehq.org
Wed Apr 15 04:18:36 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=47175

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|BitRaider Streaming Client  |SCM must ensure kernel
                   |1.3.3 fails with            |services 'ImagePath'
                   |'Installation of drivers    |contains native NT-style
                   |require administrative      |path for private paths
                   |permission' (existing       |(BitRaider Streaming Client
                   |native NT-style 'ImagePath' |1.3.3, SmartGaga)
                   |resolving to same path must |
                   |be preserved by SCM)        |

--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting, obviously still present. Refining the summary a bit to also include
creation part.

Standard path patterns for kernel services in well-known locations:

* '\SystemRoot\system32\drivers\foobar.sys'
* 'system32\drivers\foobar.sys'
* 'foobar.sys' (SCM automatically prepends '\SystemRoot\system32\drivers')

Private paths:

* '\??\C:\Program Files (x86)\MyProduct\foobar.sys'

Also encountered with SmartGaga (Android Emulator) v1.1.x from bug 48933

https://docs.google.com/uc?export=download&id=1CbktLjrw6IAo_lU9Sh0sGghEHtO5HeKu

'androidkernelx64.sys' driver

--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+server wine wineboot >>log.txt 2>&1
...
003e:Call ntoskrnl.exe.RtlInitUnicodeString(00c3f348,00790330
L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\AndroidKernel")
ret=00e07cf8
...
003e:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000084 ret=00e07cf8
003e:Call ntoskrnl.exe.RtlInitUnicodeString(00c3f358,00e337f8 L"ImagePath") 
...
003e:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000014 ret=00e07d05
003e:Call ntoskrnl.exe.ZwOpenKey(00c3f338,00020019,00c3f368) ret=00e07d3d
003e:Call ntdll.NtOpenKey(00c3f338,00020019,00c3f368) ret=7bca110f
003e: open_key( parent=0000, access=00020019, attributes=00000240,
name=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\AndroidKernel"
)
003e: open_key() = 0 { hkey=0048 }
003e:Ret  ntdll.NtOpenKey() retval=00000000 ret=7bca110f
003e:Ret  ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=00e07d3d 
...
003e:Call
ntoskrnl.exe.ZwQueryValueKey(00000048,00c3f358,00000002,00790520,00000400,00c3f330)
ret=00e07de4
003e:Call
ntdll.NtQueryValueKey(00000048,00c3f358,00000002,00790520,00000400,00c3f330)
ret=7bca110f
003e: get_key_value( hkey=0048, name=L"ImagePath" )
003e: get_key_value() = 0 { type=1, total=148,
data={43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,20,00,28,00,78,00,38,00,36,00,29,00,5c,00,53,00,6d,00,61,00,72,00,74,00,47,00,61,00,47,00,61,00,5c,00,50,00,72,00,6f,00,6a,00,65,00,63,00,74,00,54,00,69,00,74,00,61,00,6e,00,5c,00,45,00,6e,00,67,00,69,00,6e,00,65,00,5c,00,41,00,6e,00,64,00,72,00,6f,00,69,00,64,00,4b,00,65,00,72,00,6e,00,65,00,6c,00,58,00,36,00,34,00,2e,00,73,00,79,00,73,00,00,00}
}
003e:Ret  ntdll.NtQueryValueKey() retval=00000000 ret=7bca110f
003e:Ret  ntoskrnl.exe.ZwQueryValueKey() retval=00000000 ret=00e07de4
...
003e:Call ntoskrnl.exe.RtlInitUnicodeString(00c3f2e0,00790520 L"C:\\Program
Files (x86)\\SmartGaGa\\ProjectTitan\\Engine\\AndroidKernelX64.sys")
ret=00e0403b
...
003e:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000094 ret=00e0403b
003e:Call
ntoskrnl.exe.ZwCreateFile(00c3f2c0,00120089,00c3f300,00c3f2f0,00000000,00000080,00000001,00000001,00000060,00000000,00000000)
ret=00e040a3
003e:Call
ntdll.NtCreateFile(00c3f2c0,00120089,00c3f300,00c3f2f0,00000000,00000080,00000001,00000001,00000060,00000000,00000000)
ret=7bca110f
003e:trace:ntdll:FILE_CreateFile handle=0xc3f2c0 access=00120089
name=L"C:\\Program Files
(x86)\\SmartGaGa\\ProjectTitan\\Engine\\AndroidKernelX64.sys" objattr=00000240
root=(nil) sec=(nil) io=0xc3f2f0 alloc_size=(nil) attr=00000080
sharing=00000001 disp=1 options=00000060 ea=(nil).0x00000000
003e:warn:ntdll:FILE_CreateFile L"C:\\Program Files
(x86)\\SmartGaGa\\ProjectTitan\\Engine\\AndroidKernelX64.sys" not found
(c000003b)
003e:Ret  ntdll.NtCreateFile() retval=c000003b ret=7bca110f
003e:Ret  ntoskrnl.exe.ZwCreateFile() retval=c000003b ret=00e040a3
DbgPrint says: [Saturn] MyOpenFileForRead Fail Z
--- snip ---

'NtCreateFile' needs to see an NT-style path here, hence the error.

Wine's SCM created the kernel service registry data with "normal" private path
which obviously can't work for drivers retrieving the 'ImagePath' value at
runtime.

--- snip ---
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AndroidKernel]
"DisplayName"="AndroidKernel"
"ErrorControl"=dword:00000000
"ImagePath"="C:\\Program Files
(x86)\\SmartGaGa\\ProjectTitan\\Engine\\AndroidKernelX64.sys"
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:0002bf20
"Start"=dword:00000002
"Type"=dword:00000001
"WOW64"=dword:00000001
--- snip ---

$ sha1sum Setup_AndroidFs442_1.1.646.1.exe 
8cec18338e1e931433ac37f63d26a701dfcbd0dd  Setup_AndroidFs442_1.1.646.1.exe

$ du -sh Setup_AndroidFs442_1.1.646.1.exe 
203M    Setup_AndroidFs442_1.1.646.1.exe

$ wine --version
wine-5.6

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list