[Bug 44860] 4k/8k demos crash due to Crinkler executable file compressor expecting PEB address in %ebx on process entry

WineHQ Bugzilla wine-bugs at winehq.org
Sat Feb 29 05:59:59 CST 2020 

https://bugs.winehq.org/show_bug.cgi?id=44860

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
    Staged patchset|https://github.com/wine-sta |https://github.com/wine-sta
                   |ging/wine-staging/blob/mast |ging/wine-staging/tree/mast
                   |er/patches/kernel32-PE_Load |er/patches/kernel32-PE_Load
                   |er_Fixes/0003-kernel32-On-p |er_Fixes
                   |rocess-entry-store-PEB-addr |
                   |ess-in-ebx.patch            |

--- Comment #8 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting, the issue seems no longer present. Apparently the compilers no
longer generate code that clobbers EBX in 'start_process'.

The original piece of code is still here (comment #6), albeit moved due to
various refactoring of Wine process startup/environment setup code.

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/kernel32/process.c#l123

--- snip ---
 123 /***********************************************************************
 124  *           __wine_start_process
 125  *
 126  * Startup routine of a new process. Runs on the new process stack.
 127  */
 128 #ifdef __i386__
 129 void CDECL start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
 130 #else
 131 void CDECL __wine_start_process( LPTHREAD_START_ROUTINE entry, PEB *peb )
 132 #endif
 133 {
 134     BOOL being_debugged;
 135 
 136     if (!entry)
 137     {
 138         ERR( "%s doesn't have an entry point, it cannot be executed\n",
 139              debugstr_w(peb->ProcessParameters->ImagePathName.Buffer) );
 140         ExitThread( 1 );
 141     }
 142 
 143     TRACE_(relay)( "\1Starting process %s (entryproc=%p)\n",
 144                   
debugstr_w(peb->ProcessParameters->ImagePathName.Buffer), entry );
 145 
 146     __TRY
 147     {
 148         if (!CheckRemoteDebuggerPresent( GetCurrentProcess(),
&being_debugged ))
 149             being_debugged = FALSE;
 150 
 151         SetLastError( 0 );  /* clear error code */
 152         if (being_debugged) DbgBreakPoint();
 153         ExitThread( call_process_entry( peb, entry ));
 154     }
 155     __EXCEPT(UnhandledExceptionFilter)
 156     {
 157         TerminateProcess( GetCurrentProcess(), GetExceptionCode() );
 158     }
 159     __ENDTRY
 160     abort();  /* should not be reached */
 161 }
--- snip ---

Both, LLVM MinGW (https://github.com/mstorsjo/llvm-mingw/releases/tag/20191230)
and GCC 8.x/9.x produce identical code for this function.

EBX is used in debug/trace leaf functions but they properly save/restore it.

--- snip ---
; var_70          = dword ptr -70h
; var_6C          = dword ptr -6Ch
; being_debugged  = dword ptr -64h
; __f             = __WINE_FRAME ptr -60h
; entry           = dword ptr  8
; peb             = dword ptr  0Ch

7B4525D0 lea     ecx, [esp+4]
7B4525D4 and     esp, 0FFFFFFF0h
7B4525D7 push    dword ptr [ecx-4]
7B4525DA push    ebp
7B4525DB mov     ebp, esp
7B4525DD push    ecx
7B4525DE sub     esp, 74h
7B4525E1 mov     eax, [ecx]
7B4525E3 mov     edx, [ecx+4]
7B4525E6 mov     [ebp+var_70], eax
7B4525E9 mov     [ebp+var_6C], edx
7B4525EC test    eax, eax
7B4525EE jz      loc_7B4526B8
7B4525F4 test    __wine_dbch_relay.flags, 8
7B4525FB jnz     short loc_7B452637
7B4525FD lea     eax, [ebp+__f]
7B452600 push    ecx
7B452601 push    ecx
7B452602 push    eax
7B452603 lea     eax, [ebp+__f.jmp]
7B452606 push    eax
7B452607 mov     [ebp+__f.frame.Handler], offset __wine_exception_handler
7B45260E mov     dword ptr [ebp+__f.u], offset UnhandledExceptionFilter
7B452615 call    __wine_setjmpex
7B45261A add     esp, 10h
7B45261D test    eax, eax
7B45261F jz      short loc_7B452666
7B452621 push    eax
7B452622 push    eax
7B452623 mov     eax, [ebp+__f.ExceptionRecord]
7B452626 push    dword ptr [eax+50h]
7B452629 push    0FFFFFFFFh
7B45262B call    TerminateProcess
7B452630 pop     eax
7B452631 pop     edx
7B452632 call    abort
7B452637 mov     eax, [ebp+var_6C]
7B45263A mov     eax, [eax+10h]
7B45263D mov     eax, [eax+3Ch]
7B452640 call    wine_dbgstr_wn_10
7B452645 push    edx
7B452646 push    edx
7B452647 push    [ebp+var_70]
7B45264A push    eax
7B45264B push    offset byte_7B475524 ; format
7B452650 push    offset __FUNCTION___30260 ; "start_process"
7B452655 push    offset __wine_dbch_relay ; channel
7B45265A push    3               ; cls
7B45265C call    wine_dbg_log
7B452661 add     esp, 20h
7B452664 jmp     short loc_7B4525FD
7B452666 lea     eax, [ebp+__f]
7B452669 mov     edx, large fs:0
7B452670 mov     [eax], edx
7B452672 mov     large fs:0, eax
7B452678 push    eax
7B452679 push    eax
7B45267A lea     eax, [ebp+being_debugged]
7B45267D push    eax
7B45267E push    0FFFFFFFFh
7B452680 call    CheckRemoteDebuggerPresent
7B452685 pop     edx
7B452686 pop     ecx
7B452687 test    eax, eax
7B452689 jz      short loc_7B4526F6
7B45268B mov     eax, large fs:18h
7B452691 cmp     [ebp+being_debugged], 0
7B452695 mov     dword ptr [eax+34h], 0
7B45269C jz      short loc_7B4526A3
7B45269E call    DbgBreakPoint
7B4526A3 push    ecx
7B4526A4 push    ecx
7B4526A5 push    [ebp+var_70]
7B4526A8 push    [ebp+var_6C]
7B4526AB call    call_process_entry
7B4526B0 mov     [esp], eax
7B4526B3 call    ExitThread
7B4526B8 test    __wine_dbch_process_0.flags, 2
7B4526BF jz      short loc_7B4526EC
7B4526C1 mov     eax, [ebp+var_6C]
7B4526C4 mov     eax, [eax+10h]
7B4526C7 mov     eax, [eax+3Ch]
7B4526CA call    wine_dbgstr_wn_10
7B4526CF sub     esp, 0Ch
7B4526D2 push    eax
7B4526D3 push    offset aSDoesnTHaveAnE ; "%s doesn't have an entry point,.."
7B4526D8 push    offset __FUNCTION___30260 ; "start_process"
7B4526DD push    offset __wine_dbch_process_0 ; channel
7B4526E2 push    1               ; cls
7B4526E4 call    wine_dbg_log
7B4526E9 add     esp, 20h
7B4526EC sub     esp, 0Ch
7B4526EF push    1
7B4526F1 call    ExitThread
7B4526F6 mov     [ebp+being_debugged], 0
7B4526FD jmp     short loc_7B45268B
--- snip ---

The was considerable rework of debug trace functionality around April 2019
(inlining functions/exports etc.) which is very likely the reason.

https://source.winehq.org/git/wine.git/history/HEAD:/include/wine/debug.h

I consider it fixed (for now) and suggest to drop
https://github.com/wine-staging/wine-staging/blob/master/patches/kernel32-PE_Loader_Fixes/0003-kernel32-On-process-entry-store-PEB-address-in-ebx.patch
unless there is still a plan to eventually upstream it to mainline.

What do you think Dmitry.

$ wine --version
wine-5.3

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list