[Bug 50428] New: 'BHDrvx64'.sys' (part of Norton Antivirus 2010) crashes on unimplemented function 'ntoskrnl.exe.SeCaptureSecurityDescriptor'
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Dec 31 07:12:10 CST 2020
https://bugs.winehq.org/show_bug.cgi?id=50428
Bug ID: 50428
Summary: 'BHDrvx64'.sys' (part of Norton Antivirus 2010)
crashes on unimplemented function
'ntoskrnl.exe.SeCaptureSecurityDescriptor'
Product: Wine
Version: 6.0-rc4
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntoskrnl
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says. Continuation of bug 34083
The driver is part of Norton Antivirus 2010, installed as auto-start kernel
service.
--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+winedevice wineboot >>log.txt 2>&1
...
0054:trace:ntoskrnl:load_driver loading driver
L"C:\\ProgramData\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\NAV_17.0.0.136\\Definitions\\BASHDefs\\20090829.001\\BHDrvx64.sys"
0054:Call KERNEL32.LoadLibraryW(00043480
L"C:\\ProgramData\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\NAV_17.0.0.136\\Definitions\\BASHDefs\\20090829.001\\BHDrvx64.sys")
ret=0032606e
...
0054:trace:ntoskrnl:ldr_notify_callback loading L"FLTMGR.SYS"
...
0054:trace:ntoskrnl:ldr_notify_callback loading L"BHDrvx64.sys"
...
0054:Ret KERNEL32.LoadLibraryW() retval=00d60000 ret=0032606e
...
0054:Call driver init 0000000000DFC064
(obj=00000000000431C0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\BHDrvx64")
...
0054:Call KERNEL32.RaiseException(80000100,00000001,00000002,00c3f570)
ret=00330ad5
0054:Call ntdll.memcpy(00c3f450,00c3f570,00000010) ret=7b012ae3
0054:Ret ntdll.memcpy() retval=00c3f450 ret=7b012ae3
0054:trace:seh:dispatch_exception code=80000100 flags=1 addr=000000007B012AF2
ip=000000007B012AF2 tid=0054
0054:trace:seh:dispatch_exception info[0]=000000000034f000
0054:trace:seh:dispatch_exception info[1]=0000000000352f16
0054:trace:seh:call_vectored_handlers calling handler at 000000000031D2F0
code=80000100 flags=1
0054:trace:seh:call_vectored_handlers handler at 000000000031D2F0 returned 0
0054:trace:seh:call_vectored_handlers calling handler at 000000007B011BA0
code=80000100 flags=1
0054:trace:seh:call_vectored_handlers handler at 000000007B011BA0 returned 0
...
wine: Call from 000000007B012AF2 to unimplemented function
ntoskrnl.exe.SeCaptureSecurityDescriptor, aborting
--- snip ---
Wine source:
https://source.winehq.org/git/wine.git/blob/784cb2060ab63076adc349dcb1d15a6cb5eb2bc4:/dlls/ntoskrnl.exe/ntoskrnl.exe.spec#l1317
--- snip ---
1317 @ stub SeCaptureSecurityDescriptor
--- snip ---
Virustotal.com scan of the binary:
https://www.virustotal.com/gui/file/b8110fba782df5f9bfc25d39315b5ccd1f375b20da60e08e68966788eb5258a1/details
$ sha1sum NAV10TBEN.exe
eadfb9c860146186c548aba695a9be87607f5586 NAV10TBEN.exe
$ du -sh NAV10TBEN.exe
74M NAV10TBEN.exe
$ wine --version
wine-6.0-rc4
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list