[Bug 50428] New: 'BHDrvx64'.sys' (part of Norton Antivirus 2010) crashes on unimplemented function 'ntoskrnl.exe.SeCaptureSecurityDescriptor'

WineHQ Bugzilla wine-bugs at winehq.org
Thu Dec 31 07:12:10 CST 2020 

https://bugs.winehq.org/show_bug.cgi?id=50428

            Bug ID: 50428
           Summary: 'BHDrvx64'.sys' (part of Norton Antivirus 2010)
                    crashes on unimplemented function
                    'ntoskrnl.exe.SeCaptureSecurityDescriptor'
           Product: Wine
           Version: 6.0-rc4
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntoskrnl
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

as it says. Continuation of bug 34083

The driver is part of Norton Antivirus 2010, installed as auto-start kernel
service.

--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+winedevice wineboot >>log.txt 2>&1
...
0054:trace:ntoskrnl:load_driver loading driver
L"C:\\ProgramData\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\NAV_17.0.0.136\\Definitions\\BASHDefs\\20090829.001\\BHDrvx64.sys"
0054:Call KERNEL32.LoadLibraryW(00043480
L"C:\\ProgramData\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\NAV_17.0.0.136\\Definitions\\BASHDefs\\20090829.001\\BHDrvx64.sys")
ret=0032606e 
...
0054:trace:ntoskrnl:ldr_notify_callback loading L"FLTMGR.SYS" 
...
0054:trace:ntoskrnl:ldr_notify_callback loading L"BHDrvx64.sys" 
...
0054:Ret  KERNEL32.LoadLibraryW() retval=00d60000 ret=0032606e 
...
0054:Call driver init 0000000000DFC064
(obj=00000000000431C0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\BHDrvx64") 
...
0054:Call KERNEL32.RaiseException(80000100,00000001,00000002,00c3f570)
ret=00330ad5
0054:Call ntdll.memcpy(00c3f450,00c3f570,00000010) ret=7b012ae3
0054:Ret  ntdll.memcpy() retval=00c3f450 ret=7b012ae3
0054:trace:seh:dispatch_exception code=80000100 flags=1 addr=000000007B012AF2
ip=000000007B012AF2 tid=0054
0054:trace:seh:dispatch_exception  info[0]=000000000034f000
0054:trace:seh:dispatch_exception  info[1]=0000000000352f16
0054:trace:seh:call_vectored_handlers calling handler at 000000000031D2F0
code=80000100 flags=1
0054:trace:seh:call_vectored_handlers handler at 000000000031D2F0 returned 0
0054:trace:seh:call_vectored_handlers calling handler at 000000007B011BA0
code=80000100 flags=1
0054:trace:seh:call_vectored_handlers handler at 000000007B011BA0 returned 0 
...
wine: Call from 000000007B012AF2 to unimplemented function
ntoskrnl.exe.SeCaptureSecurityDescriptor, aborting
--- snip ---

Wine source:

https://source.winehq.org/git/wine.git/blob/784cb2060ab63076adc349dcb1d15a6cb5eb2bc4:/dlls/ntoskrnl.exe/ntoskrnl.exe.spec#l1317

--- snip ---
1317 @ stub SeCaptureSecurityDescriptor
--- snip ---

Virustotal.com scan of the binary:

https://www.virustotal.com/gui/file/b8110fba782df5f9bfc25d39315b5ccd1f375b20da60e08e68966788eb5258a1/details

$ sha1sum NAV10TBEN.exe 
eadfb9c860146186c548aba695a9be87607f5586  NAV10TBEN.exe

$ du -sh NAV10TBEN.exe 
74M    NAV10TBEN.exe

$ wine --version
wine-6.0-rc4

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list