[Bug 48417] New: Wine 32-bit builtins in PE format occupy low address space range, preventing non-relocatable native executables from being loaded
WineHQ Bugzilla
wine-bugs at winehq.org
Sat Jan 4 15:20:59 CST 2020
https://bugs.winehq.org/show_bug.cgi?id=48417
Bug ID: 48417
Summary: Wine 32-bit builtins in PE format occupy low address
space range, preventing non-relocatable native
executables from being loaded
Product: Wine
Version: 5.0-rc4
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntdll
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says. Encountered with some Microsoft installers, for example .NET
Framework 2.0 SDK. Wine was built with llvm-mingw toolchain.
Failure of installer with PE builtins:
--- snip ---
$ WINEDEBUG=+seh,+relay,+server,+loaddll,+virtual,+module wine ./setup.exe
>>log.txt 2>&1
...
0009:trace:module:load_dll looking for L"kernelbase.dll" in
L"Z:\\home\\focht\\.cache\\winetricks\\dotnet20sdk;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem;C:\\windows\\system32\\WindowsPowershell\\v1.0"
0009: create_file( access=80100000, sharing=00000005, create=1,
options=00000060, attrs=00000000,
objattr={rootdir=0000,attributes=00000040,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/windows/system32/kernelbase.dll" )
0009: create_file() = 0 { handle=0014 }
0009: get_handle_fd( handle=0014 )
0009: *fd* 0014 -> 24
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089,
options=00000060 }
0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001,
size=00000000, file_handle=0014, objattr={} )
0009: create_mapping() = 0 { handle=0018 }
0009: close_handle( handle=0014 )
0009: close_handle() = 0
0009: get_mapping_info( handle=0018, access=0000000c )
0009: get_mapping_info() = 0 { size=001c1000, flags=01800000, shared_file=0000,
image={base=10000000,entry_point=10020850,map_size=001c1000,stack_size=00100000,stack_commit=00001000,zerobits=00000000,subsystem=00000002,subsystem_low=0000,subsystem_high=0006,gp=00000000,image_charact=2102,dll_charact=0100,machine=014c,contains_code=1,image_flags=40,loader_flags=00000000,header_size=00000400,file_size=001b8000,checksum=00000000,cpu=x86}
}
0009: get_handle_fd( handle=0018 )
0009: *fd* 0018 -> 25
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d,
options=00000020 }
0009:trace:module:map_image mapped PE file at 0x10000000-0x101c1000
0009:trace:module:map_image mapping section .text at 0x10001000 off 400 size
46800 virt 466b8 flags 60000020
0009:trace:module:map_image clearing 0x10047800 - 0x10048000
0009:trace:module:map_image mapping section .rdata at 0x10048000 off 46c00 size
37800 virt 377ca flags 40000040
0009:trace:module:map_image clearing 0x1007f800 - 0x10080000
0009:trace:module:map_image mapping section .buildid at 0x10080000 off 7e400
size 200 virt 81 flags 40000040
0009:trace:module:map_image clearing 0x10080200 - 0x10081000
0009:trace:module:map_image mapping section .data at 0x10081000 off 7e600 size
200 virt 1c30 flags c0000040
0009:trace:module:map_image clearing 0x10081200 - 0x10082000
0009:trace:module:map_image mapping section .rodata at 0x10083000 off 7e800
size 1e00 virt 1d04 flags c0000040
0009:trace:module:map_image clearing 0x10084e00 - 0x10085000
0009:trace:module:map_image mapping section .reloc at 0x10085000 off 80600 size
4200 virt 4158 flags 42000040
0009:trace:module:map_image clearing 0x10089200 - 0x1008a000
0009:trace:module:map_image mapping section /4 at 0x1008a000 off 84800 size
4600 virt 45c4 flags 42000040
0009:trace:module:map_image clearing 0x1008e600 - 0x1008f000
0009:trace:module:map_image mapping section /18 at 0x1008f000 off 88e00 size
8000 virt 7f08 flags 42000040
0009:trace:module:map_image mapping section /31 at 0x10097000 off 90e00 size
92600 virt 9243c flags 42000040
0009:trace:module:map_image clearing 0x10129600 - 0x1012a000
0009:trace:module:map_image mapping section /43 at 0x1012a000 off 123400 size
1aa00 virt 1a936 flags 42000040
0009:trace:module:map_image clearing 0x10144a00 - 0x10145000
0009:trace:module:map_image mapping section /55 at 0x10145000 off 13de00 size
34400 virt 3432e flags 42000040
0009:trace:module:map_image clearing 0x10179400 - 0x1017a000
0009:trace:module:map_image mapping section /66 at 0x1017a000 off 172200 size
4600 virt 4488 flags 42000040
0009:trace:module:map_image clearing 0x1017e600 - 0x1017f000
0009:trace:module:map_image mapping section /80 at 0x1017f000 off 176800 size
41600 virt 41417 flags 42000040
0009:trace:module:map_image clearing 0x101c0600 - 0x101c1000
0009: map_view( mapping=0018, access=0000000c, base=10000000, size=001c1000,
start=00000000 )
0009: map_view() = 0
0009:trace:virtual:VIRTUAL_DumpView View: 0x10000000 - 0x101c0fff (image)
0009:trace:virtual:VIRTUAL_DumpView 0x10000000 - 0x10000fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x10001000 - 0x10047fff c-r-x
0009:trace:virtual:VIRTUAL_DumpView 0x10048000 - 0x10080fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x10081000 - 0x10084fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView 0x10085000 - 0x101c0fff c-r--
...
0009:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\system32\\kernelbase.dll" at 0x10000000: PE builtin
0009:trace:module:load_dll Loaded module
L"\\??\\C:\\windows\\system32\\kernelbase.dll" at 0x10000000
...
0009:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\kernel32.dll" at
0x7b420000: builtin
0009:trace:module:load_dll looking for
L"Z:\\home\\focht\\.cache\\winetricks\\dotnet20sdk\\setup.exe" in
L"Z:\\home\\focht\\.cache\\winetricks\\dotnet20sdk;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem;C:\\windows\\system32\\WindowsPowershell\\v1.0"
0009: create_file( access=80100000, sharing=00000005, create=1,
options=00000060, attrs=00000000,
objattr={rootdir=0000,attributes=00000040,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/z:/home/focht/.cache/winetricks/dotnet20sdk/setup.exe"
)
0009: create_file() = 0 { handle=0014 }
0009: get_handle_fd( handle=0014 )
0009: *fd* 0014 -> 24
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=00120089,
options=00000060 }
0009: create_mapping( access=000f000d, flags=01000000, file_access=00000001,
size=00000000, file_handle=0014, objattr={} )
0009: create_mapping() = 0 { handle=0018 }
0009: close_handle( handle=0014 )
0009: close_handle() = 0
0009: get_mapping_info( handle=0018, access=0000000c )
0009: get_mapping_info() = 0 { size=1620a000, flags=01800000, shared_file=0000,
image={base=01000000,entry_point=0100645c,map_size=1620a000,stack_size=00040000,stack_commit=00001000,zerobits=00000000,subsystem=00000002,subsystem_low=0000,subsystem_high=0004,gp=00000000,image_charact=010f,dll_charact=8400,machine=014c,contains_code=1,image_flags=00,loader_flags=00000000,header_size=00000400,file_size=162088b8,checksum=16210119,cpu=x86}
}
0009: get_handle_fd( handle=0018 )
0009: *fd* 0018 -> 25
0009: get_handle_fd() = 0 { type=1, cacheable=1, access=000f000d,
options=00000020 }
0009:trace:virtual:map_view got mem in reserved area 0x101d0000-0x263da000
0009:trace:module:map_image mapped PE file at 0x101d0000-0x263da000
0009:trace:module:map_image mapping section .text at 0x101d1000 off 400 size
9a00 virt 992c flags 60000020
0009:trace:module:map_image clearing 0x101daa00 - 0x101db000
0009:trace:module:map_image mapping section .data at 0x101db000 off 9e00 size
400 virt 1be4 flags c0000040
0009:trace:module:map_image clearing 0x101db400 - 0x101dc000
0009:trace:module:map_image mapping section .rsrc at 0x101dd000 off a200 size
161fcc00 virt 161fca34 flags 40000040
0009:trace:module:map_image clearing 0x263d9c00 - 0x263da000
0009: map_view( mapping=0018, access=0000000c, base=101d0000, size=1620a000,
start=00000000 )
0009: map_view() = 0
0009:trace:virtual:VIRTUAL_DumpView View: 0x101d0000 - 0x263d9fff (image)
0009:trace:virtual:VIRTUAL_DumpView 0x101d0000 - 0x101d0fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x101d1000 - 0x101dafff c-r-x
0009:trace:virtual:VIRTUAL_DumpView 0x101db000 - 0x101dcfff c-rW-
0009:trace:virtual:VIRTUAL_DumpView 0x101dd000 - 0x263d9fff c-r--
0009: close_handle( handle=0018 )
0009: close_handle() = 0
0009:trace:module:get_load_order looking for
L"Z:\\home\\focht\\.cache\\winetricks\\dotnet20sdk\\setup.exe"
0009:trace:module:get_load_order got main exe default n,b for
L"Z:\\home\\focht\\.cache\\winetricks\\dotnet20sdk\\setup.exe"
0009:trace:module:load_native_dll Trying native dll
L"\\??\\Z:\\home\\focht\\.cache\\winetricks\\dotnet20sdk\\setup.exe"
0009:warn:module:perform_relocations Need to relocate module from 0x1000000 to
0x101d0000, but there are no relocation records
0009: unmap_view( base=101d0000 )
0009: unmap_view() = 0
0009:warn:module:load_dll Failed to load module
L"Z:\\home\\focht\\.cache\\winetricks\\dotnet20sdk\\setup.exe"; status=c0000018
...
--- snip ---
Due to 'kernelbase.dll' already mapped to 0x10000000 (seven zeros) it prevents
native 'setup.exe' from being mapped at 0x1000000 (six zeros). Mappable image
size is 0x1620a000 (see 'get_mapping_info') which overlaps into 0x10000000 .
The installer executable is non-relocatable.
Address space layout with 32-bit PE builtins using notepad:
--- snip ---
$ winedbg notepad
WineDbg starting on pid 003d
0x7bcb0201 DbgBreakPoint+0x1 in ntdll: ret
Wine-dbg>info share
Module Address Debug info Name (98 modules)
PE 330000- 3c0000 Deferred shlwapi
PE 3c0000- 3d3000 Deferred version
PE 3e0000- 3ec000 Deferred api-ms-win-crt-runtime-l1-1-0
PE 400000- 458000 Deferred notepad
PE 460000- 5d2000 Deferred comdlg32
PE 5e0000- 609000 Deferred shcore
PE 610000- 95e000 Deferred ole32
PE 960000- ab1000 Deferred rpcrt4
PE ac0000- d7c000 Deferred comctl32
PE d80000- e0b000 Deferred usp10
PE e10000- e3f000 Deferred imm32
PE 1060000- 1149000 Deferred setupapi
PE 1160000- 11b3000 Deferred uxtheme
PE 10000000-101c1000 Deferred kernelbase
ELF 7b400000-7b670000 Dwarf kernel32<elf>
\-PE 7b420000-7b670000 \ kernel32
ELF 7bc00000-7beb1000 Dwarf ntdll<elf>
\-PE 7bc30000-7beb1000 \ ntdll
ELF 7c000000-7c004000 Deferred <wine-loader>
...
--- snip ---
Without PE builtins:
--- snip ---
$ winedbg notepad.exe
WineDbg starting on pid 0048
0x7bcb0851 DbgBreakPoint+0x1 in ntdll: ret
Wine-dbg>info share
Module Address Debug info Name (108 modules)
ELF 7b400000-7b670000 Dwarf kernel32<elf>
\-PE 7b420000-7b670000 \ kernel32
ELF 7bc00000-7beb2000 Dwarf ntdll<elf>
\-PE 7bc30000-7beb2000 \ ntdll
ELF 7bec2000-7bf1e000 Deferred libblkid.so.1
ELF 7bf1e000-7c000000 Deferred libgcrypt.so.20
ELF 7c000000-7c004000 Deferred <wine-loader>
...
ELF 7e908000-7e953000 Deferred notepad<elf>
\-PE 7e910000-7e953000 \ notepad
ELF 7e953000-7ea2f000 Deferred kernelbase<elf>
\-PE 7e970000-7ea2f000 \ kernelbase
...
--- snip ---
In case of 32-bit processes, the loader should not map Wine PE builtins into
low address space regions to avoid these issues. I'm not sure what the "hard"
lower limit is though, when the address space is congested with a lot of dlls
(top down?).
Tidbit: Starting with Windows Vista+, even core dlls are subject to address
space randomization (if ASLR enabled) but they are still located within
0x7xxxxxxx range on 32-bit.
$ sha1sum setup.exe
4e4b1072b5e65e855358e2028403f2dc52a62ab4 setup.exe
$ du -sh setup.exe
355M setup.exe
$ wine --version
wine-5.0-rc4
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list