[Bug 48987] New: Riot Vanguard (Riot Games) 'vgk.sys' crashes on unimplemented function ntoskrnl.exe.{wcscat_s,wcscpy_s}

Tue Apr 21 12:24:19 CDT 2020

https://bugs.winehq.org/show_bug.cgi?id=48987

            Bug ID: 48987
           Summary: Riot Vanguard (Riot Games) 'vgk.sys' crashes on
                    unimplemented function
                    ntoskrnl.exe.{wcscat_s,wcscpy_s}
           Product: Wine
           Version: 5.6
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntoskrnl
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

as it says. It lacks the imports from msvcrt.

--- snip ---
...
002f:Ret  ntdll.NtFlushBuffersFile() retval=00000000 ret=7bca1f9f
002f:Ret  ntoskrnl.exe.ZwFlushBuffersFile() retval=00000000 ret=0115f5ac
002f:Call ntoskrnl.exe.ExFreePoolWithTag(008a0bc0,656e6f4e) ret=0115fd31
002f:trace:ntoskrnl:ExFreePoolWithTag 00000000008A0BC0
002f:Call KERNEL32.HeapFree(008a0000,00000000,008a0bc0) ret=7bca1f9f
002f:Ret  KERNEL32.HeapFree() retval=00000001 ret=7bca1f9f
002f:Ret  ntoskrnl.exe.ExFreePoolWithTag() retval=00000001 ret=0115fd31
002f:Call ntoskrnl.exe.ExFreePoolWithTag(008a0b40,656e6f4e) ret=00e73ad4
002f:trace:ntoskrnl:ExFreePoolWithTag 00000000008A0B40
002f:Call KERNEL32.HeapFree(008a0000,00000000,008a0b40) ret=7bca1f9f
002f:Ret  KERNEL32.HeapFree() retval=00000001 ret=7bca1f9f
002f:Ret  ntoskrnl.exe.ExFreePoolWithTag() retval=00000001 ret=00e73ad4
002f:Call ntoskrnl.exe.ExFreePoolWithTag(008a0330,656e6f4e) ret=00e73ad4
002f:trace:ntoskrnl:ExFreePoolWithTag 00000000008A0330
002f:Call KERNEL32.HeapFree(008a0000,00000000,008a0330) ret=7bca1f9f
002f:Ret  KERNEL32.HeapFree() retval=00000001 ret=7bca1f9f
002f:Ret  ntoskrnl.exe.ExFreePoolWithTag() retval=00000001 ret=00e73ad4
002f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x115cbbd ip=115cbbd
tid=002f
002f:trace:seh:raise_exception  info[0]=0000000000000000
002f:trace:seh:raise_exception  info[1]=fffff7800000026c
002f:trace:seh:raise_exception  rax=0000000001000001 rbx=0000000000728b98
rcx=0000000000000000 rdx=0000000000000048
002f:trace:seh:raise_exception  rsi=0000000000d4f7bc rdi=0000000000728b98
rbp=00000000007277d8 rsp=0000000000d4f6a0
002f:trace:seh:raise_exception   r8=0000000000000000  r9=0000000000d4ec12
r10=0000000000000000 r11=0000000000000000
002f:trace:seh:raise_exception  r12=0000000000728a30 r13=00007fffffea4000
r14=0000000000728b98 r15=0000000000000000
002f:trace:seh:call_vectored_handlers calling handler at 0x18000b9c0
code=c0000005 flags=0
002f:Call KERNEL32.GetTickCount64() ret=18000bd34
002f:Ret  KERNEL32.GetTickCount64() retval=01d54298 ret=18000bd34
002f:Call msvcrt.memcpy(00d4f108,7ffe026c,00000004) ret=18000bd60
002f:Ret  msvcrt.memcpy() retval=00d4f108 ret=18000bd60
002f:trace:int:vectored_handler next instruction rip=115cbc6
002f:trace:int:vectored_handler   rax=0000000000000006 rbx=0000000000728b98
rcx=0000000000000000 rdx=0000000000000048
002f:trace:int:vectored_handler   rsi=0000000000d4f7bc rdi=0000000000728b98
rbp=00000000007277d8 rsp=0000000000d4f6a0
002f:trace:int:vectored_handler    r8=0000000000000000  r9=0000000000d4ec12
r10=0000000000000000 r11=0000000000000000
002f:trace:int:vectored_handler   r12=0000000000728a30 r13=00000000ffea4000
r14=0000000000728b98 r15=0000000000000000
002f:trace:seh:call_vectored_handlers handler at 0x18000b9c0 returned ffffffff
002f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x115cbff ip=115cbff
tid=002f
002f:trace:seh:raise_exception  info[0]=0000000000000000
002f:trace:seh:raise_exception  info[1]=fffff78000000270
002f:trace:seh:raise_exception  rax=0000000000000001 rbx=0000000000728b98
rcx=0000000000000006 rdx=fffff78000000270
002f:trace:seh:raise_exception  rsi=0000000000d4f7bc rdi=0000000000728b98
rbp=00000000007277d8 rsp=0000000000d4f6a0
002f:trace:seh:raise_exception   r8=0000000000000000  r9=0000000000d4ec12
r10=0000000000000000 r11=0000000000000000
002f:trace:seh:raise_exception  r12=0000000000728a30 r13=00007fffffea4000
r14=0000000000728b98 r15=0000000000000000
002f:trace:seh:call_vectored_handlers calling handler at 0x18000b9c0
code=c0000005 flags=0
002f:trace:int:emulate_instruction cmp dword ptr ds:[rdx],eax
002f:trace:int:vectored_handler next instruction rip=115cc01
002f:trace:int:vectored_handler   rax=0000000000000001 rbx=0000000000728b98
rcx=0000000000000006 rdx=0000000000000270
002f:trace:int:vectored_handler   rsi=0000000000d4f7bc rdi=0000000000728b98
rbp=00000000007277d8 rsp=0000000000d4f6a0
002f:trace:int:vectored_handler    r8=0000000000000000  r9=0000000000d4ec12
r10=0000000000000000 r11=0000000000000000
002f:trace:int:vectored_handler   r12=0000000000728a30 r13=00000000ffea4000
r14=0000000000728b98 r15=0000000000000000
002f:trace:seh:call_vectored_handlers handler at 0x18000b9c0 returned ffffffff
002f:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6dd4c
ip=7bc6dd4c tid=002f
002f:trace:seh:raise_exception  info[0]=0000000000e92434
002f:trace:seh:raise_exception  info[1]=0000000000e922ea
wine: Call from 0x7bc6dd4c to unimplemented function ntoskrnl.exe.wcscpy_s,
aborting
002f:trace:seh:call_vectored_handlers calling handler at 0x18000b9c0
code=80000100 flags=1
--- snip ---

--- snip ---
...
002f:Call ntoskrnl.exe.wcscpy_s(00d4f3f0,00000105,00d4f270 L"\\??\\")
ret=0115c8be
002f:Call msvcrt.wcscpy_s(00d4f3f0,00000105,00d4f270 L"\\??\\") ret=7bca1f9f
002f:Ret  msvcrt.wcscpy_s() retval=00000000 ret=7bca1f9f
002f:Ret  ntoskrnl.exe.wcscpy_s() retval=00000000 ret=0115c8be
002f:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6dd4c
ip=7bc6dd4c tid=002f
002f:trace:seh:raise_exception  info[0]=0000000000e92434
002f:trace:seh:raise_exception  info[1]=0000000000e922de
wine: Call from 0x7bc6dd4c to unimplemented function ntoskrnl.exe.wcscat_s,
aborting
002f:trace:seh:call_vectored_handlers calling handler at 0x18000b9f0
code=80000100 flags=1
...
--- snip ---

--- snip ---
$ winedump -j import vgk.sys
Contents of vgk.sys: 3196560 bytes

Import Table size: 00000050
  offset 0001e090 cng.sys
  Hint/Name Table: 00022108
  TimeDateStamp:   00000000 (Thu Jan  1 01:00:00 1970)
  ForwarderChain:  00000000
  First thunk RVA: 0001B028
   Thunk    Ordn  Name
  0001b028     8  BCryptDestroyHash
  0001b030     1  BCryptCloseAlgorithmProvider

  offset 0001e0a4 ntoskrnl.exe
  Hint/Name Table: 00022120
  TimeDateStamp:   00000000 (Thu Jan  1 01:00:00 1970)
  ForwarderChain:  00000000
  First thunk RVA: 0001B040
   Thunk    Ordn  Name
  0001b040  1081  KeIpiGenericCall
  0001b048  2777  __C_specific_handler
  0001b050   196  ExFreePoolWithTag
  0001b058  2801  _stricmp
  0001b060  2897  wcscat_s
  0001b068  2901  wcscpy_s
  0001b070  2060  RtlInitUnicodeString
  0001b078  2571  ZwCreateFile
  0001b080  2705  ZwReadFile
  0001b088  2775  ZwWriteFile
  0001b090  2560  ZwClose
  0001b098  2604  ZwFlushBuffersFile
  0001b0a0  2697  ZwQuerySystemInformation
  0001b0a8  2259  RtlTimeToTimeFields
  0001b0b0   986  KeAreAllApcsDisabled
  0001b0b8   302  ExSystemTimeToLocalTime
  0001b0c0  2885  swprintf_s
  0001b0c8  2895  vswprintf_s
  0001b0d0  2818  _vsnwprintf
  0001b0d8  1049  KeInitializeApc
  0001b0e0  1074  KeInsertQueueApc
  0001b0e8   157  ExAllocatePoolWithTag
  0001b0f0   990  KeBugCheckEx

Done dumping vgk.sys
--- snip ---

Wine source:

https://source.winehq.org/git/wine.git/blob/f31a29b8d1ea478af28f14cdaf3db1515a932853:/dlls/ntoskrnl.exe/ntoskrnl.exe.spec

$ sha1sum setup.exe 
08deca4c0b46a3481e706926c0217d1c944d22a3  setup.exe

$ du -sh setup.exe 
15M    setup.exe

$ wine --version
wine-5.6-258-gf31a29b8d1

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.