[Bug 49165] Multiple kernel drivers crash in entry point due to 'IoGetDeviceObjectPointer' returning a stub device when the device object doesn't exist (VeraCrypt 1.24 'veracrypt_x64.sys', NAV 2010 'ccHPx64.sys')
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Dec 31 13:16:31 CST 2020
https://bugs.winehq.org/show_bug.cgi?id=49165
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL|https://launchpad.net/verac |https://web.archive.org/web
|rypt/trunk/1.24-update6/+do |/20200319114317/https://lau
|wnload/VeraCrypt%20Portable |nchpadlibrarian.net/4686578
|%201.24-Update6.exe |62/VeraCrypt%20Portable%201
| |.24-Update6.exe
Summary|VeraCrypt 1.24 filter |Multiple kernel drivers
|driver 'veracrypt_x64.sys' |crash in entry point due to
|crashes in entry point |'IoGetDeviceObjectPointer'
|('IoGetDeviceObjectPointer' |returning a stub device
|must not return a stub |when the device object
|device if the device object |doesn't exist (VeraCrypt
|doesn't exist) |1.24 'veracrypt_x64.sys',
| |NAV 2010 'ccHPx64.sys')
--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
adding another driver and refining summary for collecting.
Symantec Hash Provider driver 'ccHP' from Norton Antivirus 2010.
https://web.archive.org/web/20111104092310/http://spftrl.digitalriver.com/pub/symantec/tbyb/NAM/NAV10TBEN.exe
NOTE: Needs multiple prerequisite bugs fixed or worked around before coming to
this place.
* bug 34083 ("Norton/Symantec AntiVirus 10.x installers fail to validate
embedded certificate (CERT with multiple OU fields, crypt32.CertGetNameStringW
must return RDNs in reverse order)")
* bug 50431 ("SCM erroneously tries to start 64-bit kernel drivers as 32-bit
service when 'ImagePath' contains '\\SystemRoot\\system32\\drivers' and
'WOW64=1')"
To debug driver crashes it's best to disable autostart.
Change start type to "manual" (3).
--- snip ---
[System\\CurrentControlSet\\Services\\ccHP]
...
"Start"=dword:00000003
--- snip ---
--- snip ---
$ WINEDEBUG=+seh,+relay,+loaddll,+ntoskrnl wine net start ccHP >>log.txt 2>&1
...
0054:trace:ntoskrnl:load_driver loading driver
L"C:\\windows\\system32\\drivers\\NAVx64\\1100000.088\\ccHPx64.sys"
0054:Call KERNEL32.LoadLibraryW(00041490
L"C:\\windows\\system32\\drivers\\NAVx64\\1100000.088\\ccHPx64.sys")
ret=0032606e
...
0054:Ret KERNEL32.LoadLibraryW() retval=00d60000 ret=0032606e
...
0054:Call driver init 0000000000DF8008
(obj=0000000000042DD0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\ccHP")
...
0054:Call ntoskrnl.exe.IoWMIRegistrationControl(00def6c8,80010001) ret=00d61775
0054:fixme:ntoskrnl:IoWMIRegistrationControl (0000000000DEF6C8 2147549185) stub
0054:Ret ntoskrnl.exe.IoWMIRegistrationControl() retval=00000000 ret=00d61775
0054:Call
ntoskrnl.exe.IoGetDeviceObjectPointer(00c3f710,001f01ff,00c3f708,00c3f700)
ret=00d61c9f
...
0054:fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\\Device\\SYMEFA" 1f01ff
0000000000C3F708 0000000000C3F700
0054:Ret ntoskrnl.exe.IoGetDeviceObjectPointer() retval=00000000 ret=00d61c9f
0054:Call
ntoskrnl.exe.IoBuildSynchronousFsdRequest(0000001b,0034d5c8,00000000,00000000,00000000,00c3f720,00c3f738)
ret=00d61d1b
0054:trace:ntoskrnl:IoBuildSynchronousFsdRequest (27 000000000034D5C8
0000000000000000 0 0000000000000000 0000000000C3F738)
0054:trace:ntoskrnl:IoBuildAsynchronousFsdRequest (27 000000000034D5C8
0000000000000000 0 0000000000000000 0000000000C3F738)
0054:trace:ntoskrnl:IoAllocateIrp -128, 0
0054:Call ntdll.RtlAllocateHeap(009c0000,00000000,00000310) ret=0031fab9
0054:Ret ntdll.RtlAllocateHeap() retval=009c03b0 ret=0031fab9
0054:trace:ntoskrnl:ExAllocatePoolWithTag 784 pool 0 -> 00000000009C03B0
0054:trace:ntoskrnl:IoInitializeIrp 00000000009C03B0, 784, -128
0054:Call msvcrt.memset(009c03b0,00000000,00000310) ret=0031fb53
0054:Ret msvcrt.memset() retval=009c03b0 ret=0031fb53
0054:trace:seh:dispatch_exception code=c0000005 flags=0 addr=000000000032069E
ip=000000000032069E tid=0054
0054:trace:seh:dispatch_exception info[0]=0000000000000001
0054:trace:seh:dispatch_exception info[1]=00000000009be038
0054:trace:seh:dispatch_exception rax=00000000009c03b0 rbx=000000000000001b
rcx=00000000e421390f rdx=0000000000000037
0054:trace:seh:dispatch_exception rsi=000000000034d5c8 rdi=00000000009c03b0
rbp=0000000000c3f560 rsp=0000000000c3f510
0054:trace:seh:dispatch_exception r8=0000000000000000 r9=0000000000000000
r10=0000000000c3efe2 r11=0000000000000000
0054:trace:seh:dispatch_exception r12=00000000009be080 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
0054:trace:seh:call_vectored_handlers calling handler at 000000000031D2F0
code=c0000005 flags=0
0054:trace:seh:call_vectored_handlers handler at 000000000031D2F0 returned 0
0054:trace:seh:call_vectored_handlers calling handler at 000000007B011BA0
code=c0000005 flags=0
0054:trace:seh:call_vectored_handlers handler at 000000007B011BA0 returned 0
--- snip ---
Virustotal.com scan of the installer binary:
https://www.virustotal.com/gui/file/b8110fba782df5f9bfc25d39315b5ccd1f375b20da60e08e68966788eb5258a1/details
$ sha1sum NAV10TBEN.exe
eadfb9c860146186c548aba695a9be87607f5586 NAV10TBEN.exe
$ du -sh NAV10TBEN.exe
74M NAV10TBEN.exe
$ wine --version
wine-6.0-rc4
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list