[Bug 49076] New: Sennheiser Wireless Systems Manager 4.4 installer overwrites Wine builtin "system/os" dlls, causing broken WINEPREFIX (SfcIsFileProtected is a stub)
WineHQ Bugzilla
wine-bugs at winehq.org
Sat May 2 05:37:08 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49076
Bug ID: 49076
Summary: Sennheiser Wireless Systems Manager 4.4 installer
overwrites Wine builtin "system/os" dlls, causing
broken WINEPREFIX (SfcIsFileProtected is a stub)
Product: Wine
Version: 5.7
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sfc
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
user 'morsik' reported an interesting problem in IRC #winehq. The conversation
went as follows (no sekrit stuff) ;-)
--- quote ---
[00:31:01] <morsik> Hi! I'm just experiencing very strange WINE behaviour…
After installing Sennheiser Wireless Systems Manager WINE just… stops working
:o it throws me 0033:err:module:import_dll Loading library imm32.dll (which is
needed by XXX.dll) failed (error c000007b).
[00:31:40] <morsik> the library which needs it doesn't matter - it's any, but
it's always about imm32.dll - I checkes sums of fresh WINEPREFIX and
non-working one and this file is not changed…
[00:55:27] <focht> if this happens on a new wineprefix (no native overrides)
then most likely the builtin dll can't be mapped or relocated by wine loader
for whatever reasons
[00:56:41] <morsik> yep, I removed my previous prefix and started with fresh
one
[00:56:57] <morsik> I successfully installed app, and then wine stopped working
(with any .exe! even winecfg can't start)
[00:57:06] <focht> try to make loader more verbose
WINEDEBUG=+seh,+loaddll,+module,+virtual wine ./foobar.exe
[00:57:44] <focht> ist that wireless manager a windows or native linux app?
[00:58:16] <morsik> it's Windows application written in Qt; it has also macOS
app but for some reason it's not working on my macOS :(
[00:59:20] <morsik> hm
[00:59:35] <morsik> in more verbose logs I can see this strange error:
0009:trace:module:open_dll_file L"\\??\\C:\\windows\\system32\\imm32.dll" is
for arch 8664, continuing search
...
[01:01:31] <focht> can you pastebin the full output with just one (builtin)
app? WINEDEBUG=+seh,+loaddll,+module,+virtual winecfg
...
[01:11:59] <focht> which wine version?
[01:12:26] <morsik> "wine-5.7 (Staging)" on Fedora 32 (wine-5.7-1.fc32.x86_64)
[01:14:01] <focht> can you run following commands: "winedump
~/.wine/drive_c/windows/system32/imm32.dll" and "winedump
~/.wine/drive_c/windows/syswow64/imm32.dll" -> pastebin both outputs
[01:14:29] <focht> i'm assuming you#re using default wineprefix ~/.wine ..
otherwise you have to adapt
...
[01:15:52] <morsik> interesting that syswow64 is not wine file? ;o
[01:16:16] <focht> lol ... something is fishy. you have a native 64-bit
imm32.dll in 32-bits syswow64 location
[01:16:26] <focht> that's the reason for the loader failure
[01:16:32] <focht> you didn't use any winetricks?
[01:16:41] <focht> just app install in clean wineprefix?
[01:16:45] <morsik> nope, totally fresh
[01:16:46] <morsik> yep
[01:16:55] <morsik> but checking this lead, I didn't thought about syswow
[01:16:59] <morsik> I checked only system32…
[01:17:12] <focht> hmm ... then this sennheiser app installer does something
very stupid. lemme check myself ... official website download?
[01:17:25] <morsik> yep.
https://en-cn.sennheiser.com/service-support-services-wireless-systems-manager
- download at the bottom
[01:17:41] <focht> well syswow64 is "system32" but for 32-bit in shared wow64
install.
[01:17:52] <morsik> (works kinda strange today so try few times if you have
errors)
[01:17:55] <focht> if the app is 32-bit, the dlls will be loaded from there
(among other locations=
[01:18:26] <morsik> well, there's another interesting thing I need to check.
docs says it needs Windows 10.
[01:18:43] <morsik> default wineprefix is Windows 7… maybe it replaces this
file because it detects too old windows?
[01:19:12] <focht> well this file should never be replaced. it's not allowed to
redistribute this dll as it's part of the os
[01:20:16] <morsik> aanddd… it works just by replacing this file by original
wine built-in file taken from (yet another) fresh wineprefix. (ok, not really
working, but at least wine itself is fixed)
[01:20:46] <focht> of course it works, because you restored the default ;-)
[01:20:58] <morsik> :P
--- quote ---
https://en-de.sennheiser.com/service-support-services-wireless-systems-manager
http://sennheiser-sites.com/responsive-manuals/WSM/Sennheiser_WSM_Setup_4.4.6.6.exe
Indeed, after installing the app which requires .NET Framework 4.5, the
WINEPREFIX is completely broken. Even Wine builtin programs don't run anymore.
The installer seems to be 'Setup Factory' based from indigorose.com. Relay log
was huge (50+ GB) hence only using relevant debug channel(s) here.
--- snip ---
$ WINEDEBUG=+seh,+loaddll,+process,+sfc wine ./Sennheiser_WSM_Setup_4.4.6.6.exe
>>log.txt 2>&1
...
00b4:trace:process:CreateProcessInternalW app (null) cmdline
L"\"C:\\users\\focht\\Temp\\_ir_sf_temp_0\\irsetup.exe\" __IRAOFF:1790210
\"__IRAFN:Z:\\home\\focht\\Downloads\\Sennheiser_WSM_Setup_4.4.6.6.exe\"
\"__IRCT:0\" \"__IRTSS:0\" \"__IRSID:S-1-5-21-0-0-0-1000\""
...
00bc:trace:loaddll:load_native_dll Loaded
L"C:\\users\\focht\\Temp\\_ir_sf_temp_0\\irsetup.exe" at 0x400000: native
00b4:trace:process:RtlCreateUserProcess
L"\\??\\C:\\users\\focht\\Temp\\_ir_sf_temp_0\\irsetup.exe" pid 00b8 tid 00bc
handles 0x78/0x7c
00b4:trace:process:CreateProcessInternalW started process pid 00b8 tid 00bc
...
00bc:fixme:ntdll:server_ioctl_file Unsupported ioctl 24000 (device=2 access=1
func=0 method=0)
00bc:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\Sfc.dll" at
0x3930000: PE builtin
00bc:trace:sfc:DllMain (03930000, 1, 00000000)
00bc:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\sfc_os.dll"
at 0x3940000: PE builtin
00bc:trace:sfc:DllMain (03940000, 1, 00000000)
00bc:fixme:sfc:SfcIsFileProtected (00000000,
L"C:\\windows\\system32\\IMM32.dll") stub
00bc:trace:sfc:DllMain (03930000, 0, 00000000)
00bc:trace:loaddll:free_modref Unloaded module
L"C:\\windows\\system32\\Sfc.dll" : builtin
...
0100:trace:process:CreateProcessInternalW app (null) cmdline L"wineconsole
--use-event=44"
...
0100:trace:process:RtlCreateUserProcess
L"\\??\\C:\\windows\\system32\\wineconsole.exe" pid 0104 tid 0108 handles
0x38/0x3c
0100:trace:process:CreateProcessInternalW started process pid 0104 tid 0108
...
0108:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\ucrtbase.dll" at
0x7e890000: builtin
0108:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\sechost.dll"
at 0x10000000: PE builtin
0108:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\advapi32.dll" at
0x7e990000: builtin
....
0108:trace:loaddll:load_so_dll Loaded L"C:\\windows\\system32\\winex11.drv" at
0xf7550000: builtin
0108:err:module:DelayLoadFailureHook failed to delay load
imm32.dll.ImmGetContext
0108:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b00dbb1
ip=7b00dbb1 tid=0108
0108:trace:seh:raise_exception info[0]=f75d75bb
0108:trace:seh:raise_exception info[1]=f75d7658
wine: Call from 0x7b00dbb1 to unimplemented function imm32.dll.ImmGetContext,
aborting
0108:trace:seh:call_stack_handlers calling handler at 0x7b4696e0 code=80000100
flags=1
wine: Unimplemented function imm32.dll.ImmGetContext called at address 7B00DBB1
(thread 0108), starting debugger.
....
0108:trace:process:CreateProcessInternalW app (null) cmdline L"winedbg --auto
260 104"
...
0108:trace:process:RtlCreateUserProcess
L"\\??\\C:\\windows\\system32\\winedbg.exe" pid 010c tid 0110 handles 0x74/0x78
0108:trace:process:CreateProcessInternalW started process pid 010c tid 0110
...
0110:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\usp10.dll"
at 0xdf0000: PE builtin
0110:err:module:import_dll Loading library imm32.dll (which is needed by
L"C:\\windows\\system32\\comctl32.dll") failed (error c000007b).
0110:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc77ad9
ip=7bc77ad9 tid=0110
0110:trace:seh:raise_exception info[0]=00000000
0110:trace:seh:raise_exception info[1]=00000000
0110:trace:seh:raise_exception eax=00000000 ebx=7ffd8c00 ecx=00000000
edx=00000000 esi=c0000135 edi=0031f8e0
0110:trace:seh:raise_exception ebp=0031f6b8 esp=0031f640 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
...
--- snip ---
The prefix is already broken during post-install steps.
The installer uses 'SfcIsFileProtected' API to check if 'IMM32.dll' is a
protected system file. Wine's implementation is a stub, returning FALSE hence
it happily overwrites the dll. Another separate (app?) bug is that the
installer overwrites the wrong arch (32-bit PE builtin with 64-bit native dll).
App log 'Wireless Systems Manager Setup Log.txt' from '%WINDIR%':
NOTE: I have 'mscoree' disabled on my Wine 'HEAD' builds to test auto-installs
of native .NET Framework without need of 'winetricks'.
--- snip ---
...
[05/02/2020 11:19:36] Success Setup started:
Z:\home\focht\Downloads\Sennheiser_WSM_Setup_4.4.6.6.exe
[05/02/2020 11:19:36] Notice Setup engine version: 4.4.6.6
[05/02/2020 11:19:36] Notice Product: Wireless Systems Manager, version
4.4.6.6
[05/02/2020 11:19:36] Success Language set: Primary = 9, Secondary = 1
[05/02/2020 11:19:36] Success Verify archive integrity
[05/02/2020 11:19:36] Skipped Date expiration check
[05/02/2020 11:19:36] Skipped Uses expiration check
[05/02/2020 11:19:36] Success System requirements check
[05/02/2020 11:19:36] Success Include script: _SUF70_Global_Functions.lua
[05/02/2020 11:19:36] Notice Start project event: Global Functions
[05/02/2020 11:19:36] Success Run project event: Global Functions
[05/02/2020 11:19:36] Success Detection Script: .NET 4
[05/02/2020 11:19:36] Info .NET 4 Module: No version of .NET 4.5 was found.
.NET 4.5 will be installed.
[05/02/2020 11:19:36] Success Extract dependency file:
C:\users\focht\Temp\_ir_sf_temp_0\dotnet4\dotnetfx45_full_x86_x64.exe
[05/02/2020 11:19:36] Success Create folder:
C:\users\focht\Temp\_ir_sf_temp_0\dotnet4\
[05/02/2020 11:19:37] Info .NET 4 Module: No version of .NET 4.5 was found.
.NET 4.5 will be installed.
[05/02/2020 11:19:37] Success .NET 4 Module: Installation script started.
[05/02/2020 11:19:37] Info .NET 4 Module: Entering compatible OS detection.
[05/02/2020 11:19:40] Info .NET 4 Module: .NET 4.5 installation file
C:\users\focht\Temp\_ir_sf_temp_0\dotnet4\dotnetfx45_full_x86_x64.exe is being
launched.
[05/02/2020 11:22:39] Success .NET 4 Module: Installation script finished.
[05/02/2020 11:22:39] Notice Start project event: On Startup
[05/02/2020 11:22:39] Success Run project event: On Startup
[05/02/2020 11:22:39] Success Display screen: Welcome to Setup
[05/02/2020 11:22:40] Success Display screen: License Agreement
[05/02/2020 11:22:43] Success Display screen: Select Install Folder
[05/02/2020 11:22:48] Success Display screen: Ready to Install
[05/02/2020 11:22:50] Notice Start project event: On Pre Install
[05/02/2020 11:22:50] Success Run project event: On Pre Install
[05/02/2020 11:22:50] Success Display screen: One Progress Bar (While
Installing)
[05/02/2020 11:23:01] Success Free space check on drive: C:\
[05/02/2020 11:23:01] Success Set uninstall data folder: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Uninstall
[05/02/2020 11:23:01] Success Set uninstall config file name: C:\Program
Files (x86)\Sennheiser\Wireless Systems Manager\Uninstall\uninstall.xml
[05/02/2020 11:23:01] Success Uninstall config file not merging
[05/02/2020 11:23:01] Success Create folder: C:\Program Files
(x86)\Sennheiser\
[05/02/2020 11:23:01] Success Create folder: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\
[05/02/2020 11:23:01] Success Create folder: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Uninstall\
[05/02/2020 11:23:01] Success Create uninstall data folder: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Uninstall
[05/02/2020 11:23:02] Success Create uninstall data file: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Uninstall\uninstall.dat
[05/02/2020 11:23:02] Success Create folder: C:\windows\Wireless Systems
Manager\
[05/02/2020 11:23:02] Success Install archive file: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Plugins\UpdateManager.dll
[05/02/2020 11:23:02] Success Create folder: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Plugins\
[05/02/2020 11:23:02] Success File added to uninstall list: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Plugins\UpdateManager.dll
[05/02/2020 11:23:02] Success Install archive file: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\WSM Helper.exe
[05/02/2020 11:23:02] Success File added to uninstall list: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\WSM Helper.exe
[05/02/2020 11:23:02] Success Install archive file: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\unzip.exe
[05/02/2020 11:23:02] Success File added to uninstall list: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\unzip.exe
[05/02/2020 11:23:02] Success Install archive file: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\mDNSResponder.exe
[05/02/2020 11:23:02] Success File added to uninstall list: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\mDNSResponder.exe
[05/02/2020 11:23:02] Success Install archive file: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\mdnsNSP.dll
...
[05/02/2020 11:23:02] Success Install archive file: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Qt5Xml.dll
[05/02/2020 11:23:02] Success File added to uninstall list: C:\Program Files
(x86)\Sennheiser\Wireless Systems Manager\Qt5Xml.dll
[05/02/2020 11:23:02] Success Install archive file:
C:\windows\system32\dnssd.dll
[05/02/2020 11:23:02] Success Increment usage count:
C:\windows\system32\dnssd.dll (New count = 1)
[05/02/2020 11:23:02] Success File added to uninstall list:
C:\windows\system32\dnssd.dll
[05/02/2020 11:23:02] Success Archive file rollback:
C:\windows\system32\IMM32.dll (Temporary filename =
C:\windows\system32\suf848.tmp)
[05/02/2020 11:23:02] Success Install archive file:
C:\windows\system32\suf848.tmp
[05/02/2020 11:23:02] Success Increment usage count:
C:\windows\system32\IMM32.dll (New count = 1)
[05/02/2020 11:23:02] Success File added to uninstall list:
C:\windows\system32\IMM32.dll
...
[05/02/2020 11:24:20] Notice Exit setup process (Return code: 0)
--- snip ---
Dumping the dll in question:
--- snip ---
$ winedump ~/.wine/drive_c/windows/syswow64/imm32.dll
Contents of /home/focht/.wine/drive_c/windows/syswow64/imm32.dll: 175672 bytes
File Header
Machine: 8664 (AMD64)
Number of Sections: 7
TimeDateStamp: 57899B30 (Sat Jul 16 04:25:52 2016) offset 240
PointerToSymbolTable: 00000000
NumberOfSymbols: 00000000
SizeOfOptionalHeader: 00F0
Characteristics: 2022
EXECUTABLE_IMAGE
LARGE_ADDRESS_AWARE
DLL
Optional Header (64bit)
Magic 0x20B 523
linker version 14.00
size of code 0x1b600 112128
size of initialized data 0xda00 55808
size of uninitialized data 0x0 0
entrypoint RVA 0x12e0 4832
base of code 0x1000 4096
image base 0x1180000000
section align 0x1000 4096
file align 0x200 512
required OS version 10.00
image version 10.00
subsystem version 10.00
Win32 Version 0x0 0
size of image 0x2e000 188416
size of headers 0x400 1024
checksum 0x3079b 198555
Subsystem 0x2 (Windows GUI)
DLL characteristics: 0x4160
DYNAMIC_BASE
NX_COMPAT
stack reserve size 0x40000
stack commit size 0x1000
heap reserve size 0x100000
heap commit size 0x1000
loader flags 0x0 0
RVAs & sizes 0x10 16
Data Directory
EXPORT rva: 0x20940 size: 0x1054
IMPORT rva: 0x21994 size: 0x208
RESOURCE rva: 0x28000 size: 0x4c48
EXCEPTION rva: 0x25000 size: 0x13e0
SECURITY rva: 0x28600 size: 0x2838
BASERELOC rva: 0x2d000 size: 0xd4
DEBUG rva: 0x1dc20 size: 0x38
ARCHITECTURE rva: 0x0 size: 0x0
GLOBALPTR rva: 0x0 size: 0x0
TLS rva: 0x0 size: 0x0
LOAD_CONFIG rva: 0x1d010 size: 0xd0
Bound IAT rva: 0x0 size: 0x0
IAT rva: 0x1d178 size: 0x650
Delay IAT rva: 0x1ffd4 size: 0xa0
CLR Header rva: 0x0 size: 0x0
rva: 0x0 size: 0x0
Done dumping /home/focht/.wine/drive_c/windows/syswow64/imm32.dll
--- snip ---
That dll is probably from a Windows 10 installation. Very questionable from
technical and legal point of view (these files should never be
redistributed/installed by app vendors). How is this supposed to work with real
Windows? Afaik all Windows versions since Windows XP would refuse to have that
dll getting overwritten.
Anyway, there is no point in trying to figure out what in the flying F was
going on in the mind of the developers/packagers doing this.
This might be the point when Wine should also enhance it's own "protection" by
providing a more reasonable but not too overly complex implementation ;-)
I've quickly hacked the stub and the installer didn't overwrite 'imm32.dll'. I
would not recommend to just unconditionally return 'TRUE'. There are gazillion
installers from app vendors, including Microsoft using this API that might
break. Just check if the file is a Wine (PE) builtin and maybe limit the
"protection scope" to system32/syswow64. Hard-coded lists would be bad idea.
Wine source:
https://source.winehq.org/git/wine.git/blob/d1f858e03da732c621504f90e349d5170ca3336e:/dlls/sfc_os/sfc_os.c#l63
--- snip ---
63 /******************************************************************
64 * SfcIsFileProtected [sfc_os.@]
65 *
66 * Check, if the given File is protected by the System
67 *
68 * PARAMS
69 * RpcHandle [I] This must be NULL
70 * ProtFileName [I] Filename with Path to check
71 *
72 * RETURNS
73 * Failure: FALSE with GetLastError() != ERROR_FILE_NOT_FOUND
74 * Success: TRUE, when the File is Protected
75 * FALSE with GetLastError() == ERROR_FILE_NOT_FOUND,
76 * when the File is not Protected
77 *
78 *
79 * BUGS
80 * We return always the Result for: "File is not Protected"
81 *
82 */
83 BOOL WINAPI SfcIsFileProtected(HANDLE RpcHandle, LPCWSTR ProtFileName)
84 {
85 static BOOL reported = FALSE;
86
87 if (reported) {
88 TRACE("(%p, %s) stub\n", RpcHandle, debugstr_w(ProtFileName));
89 }
90 else
91 {
92 FIXME("(%p, %s) stub\n", RpcHandle, debugstr_w(ProtFileName));
93 reported = TRUE;
94 }
95
96 SetLastError(ERROR_FILE_NOT_FOUND);
97 return FALSE;
98 }
--- snip ---
$ sha1sum Sennheiser_WSM_Setup_4.4.6.6.exe
be82329265ce8fca79334612007ea9b1f894bf8f Sennheiser_WSM_Setup_4.4.6.6.exe
$ du -sh Sennheiser_WSM_Setup_4.4.6.6.exe
122M Sennheiser_WSM_Setup_4.4.6.6.exe
$ wine --version
wine-5.7-177-gad1fad8a94
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list