[Bug 49086] New: Blindwrite 7.0 'ezplay.sys' crashes in driver entry point
WineHQ Bugzilla
wine-bugs at winehq.org
Sun May 3 05:37:19 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49086
Bug ID: 49086
Summary: Blindwrite 7.0 'ezplay.sys' crashes in driver entry
point
Product: Wine
Version: 5.7
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntoskrnl
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
to track this patch from Zeb:
https://www.winehq.org/pipermail/wine-devel/2020-May/165678.html
Download:
https://web.archive.org/web/20131210151026/http://download2.vso-software.fr/Blindwrite7_setup.exe
--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+module,+virtual wineboot >> log.txt 2>&1
...
00b8:trace:ntoskrnl:load_driver loading driver
L"C:\\windows\\System32\\Drivers\\ezplay.sys"
00b8:Call KERNEL32.LoadLibraryW(007fe230
L"C:\\windows\\System32\\Drivers\\ezplay.sys") ret=00236878
...
00b8:trace:virtual:map_view got mem in reserved area 0xe10000-0xe2d000
00b8:trace:module:map_image mapped PE file at 0xe10000-0xe2d000
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe2cfff c-rWx
...
00b8:warn:module:alloc_module disabling no-exec because of L"ezplay.sys"
...
00b8:trace:module:load_dll Found L"C:\\windows\\system32\\ntoskrnl.exe" for
L"NTOSKRNL.exe" at 0x220000, count=-1
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe19b98 00000170
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe19fff c-rW-
00b8:trace:virtual:VIRTUAL_DumpView 0xe1a000 - 0xe2cfff c-rWx
00b8:trace:virtual:NtAllocateVirtualMemory 0xffffffffffffffff (nil) 00010000
1000 00000040
00b8:trace:virtual:map_view got mem in reserved area 0xe30000-0xe40000
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe30000 - 0xe3ffff (valloc)
00b8:trace:virtual:VIRTUAL_DumpView 0xe30000 - 0xe3ffff c-rwx
00b8:warn:module:import_dll No implementation for
NTOSKRNL.exe.RtlCopyMemoryNonTemporal imported from
L"C:\\windows\\System32\\Drivers\\ezplay.sys", setting to 0xe30000
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe19000 00001000
00000080
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe2cfff c-rWx
...
00b8:Ret KERNEL32.LoadLibraryW() retval=00e10000 ret=00236878
00b8:Call ntdll.RtlImageNtHeader(00e10000) ret=0023688d
00b8:Ret ntdll.RtlImageNtHeader() retval=00e100e0 ret=0023688d
00b8:Call ntdll.NtQuerySystemInformation(00000000,00cef680,00000040,00000000)
ret=002368b0
00b8:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=002368b0
00b8:Call ntdll.RtlImageNtHeader(00e10000) ret=002368d2
00b8:Ret ntdll.RtlImageNtHeader() retval=00e100e0 ret=002368d2
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000004,00cef6c0)
ret=00236983
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe10380 00009800
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe19fff c-rW-
00b8:trace:virtual:VIRTUAL_DumpView 0xe1a000 - 0xe2cfff c-rWx
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236983
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000004,00cef6c4)
ret=00236983
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe19b80 0000b100
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe24fff c-rW-
00b8:trace:virtual:VIRTUAL_DumpView 0xe25000 - 0xe2cfff c-rWx
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236983
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000004,00cef6c8)
ret=00236983
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe24c80 00003680
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe28fff c-rW-
00b8:trace:virtual:VIRTUAL_DumpView 0xe29000 - 0xe2cfff c-rWx
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236983
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000004,00cef6cc)
ret=00236983
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe28300 00000b80
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe28fff c-rW-
00b8:trace:virtual:VIRTUAL_DumpView 0xe29000 - 0xe2cfff c-rWx
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236983
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000004,00cef6d0)
ret=00236983
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe28e80 00003300
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236983
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000004,00cef6d4)
ret=00236983
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe2c180 00000700
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236983
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000004,00cef6d8)
ret=00236983
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe2c880 00000400
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236983
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000004,00cef6dc)
ret=00236983
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe2cc80 00000200
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236983
00b8:trace:ntoskrnl:perform_relocations relocating from
0000000000010000-000000000002CE80 to 0000000000E10000-0000000000E2CE80
00b8:Call ntdll.LdrProcessRelocationBlock(00e1a000,10000000a,00e2cc88,00e00000)
ret=00236a44
00b8:Ret ntdll.LdrProcessRelocationBlock() retval=00e2cc9c ret=00236a44
00b8:Call ntdll.LdrProcessRelocationBlock(00e24000,100000002,00e2cca4,00e00000)
ret=00236a44
00b8:Ret ntdll.LdrProcessRelocationBlock() retval=00e2cca8 ret=00236a44
00b8:Call ntdll.LdrProcessRelocationBlock(00e25000,100000010,00e2ccb0,00e00000)
ret=00236a44
00b8:Ret ntdll.LdrProcessRelocationBlock() retval=00e2ccd0 ret=00236a44
00b8:Call ntdll.LdrProcessRelocationBlock(00e27000,100000018,00e2ccd8,00e00000)
ret=00236a44
00b8:Ret ntdll.LdrProcessRelocationBlock() retval=00e2cd08 ret=00236a44
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000080,00cef6c0)
ret=00236b1d
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe10380 00009800
00000080
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe19fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe1a000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236b1d
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000008,00cef6c4)
ret=00236b1d
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe19b80 0000b100
00000008
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236b1d
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000008,00cef6c8)
ret=00236b1d
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe24c80 00003680
00000008
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236b1d
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000008,00cef6cc)
ret=00236b1d
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe28300 00000b80
00000008
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236b1d
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000008,00cef6d0)
ret=00236b1d
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe28e80 00003300
00000008
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236b1d
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000008,00cef6d4)
ret=00236b1d
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe2c180 00000700
00000008
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236b1d
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000008,00cef6d8)
ret=00236b1d
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe2c880 00000400
00000008
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236b1d
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef660,00cef668,00000008,00cef6dc)
ret=00236b1d
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe2cc80 00000200
00000008
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=00236b1d
00b8:Call KERNEL32.VirtualProtect(00e100e0,00000108,00000004,00cef668)
ret=00236b56
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef590,00cef588,00000004,00cef668)
ret=7b028568
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe100e0 00000108
00000004
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe10fff c-rW-
00b8:trace:virtual:VIRTUAL_DumpView 0xe11000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b028568
00b8:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236b56
00b8:Call KERNEL32.VirtualProtect(00e100e0,00000108,00000080,00cef668)
ret=00236b75
00b8:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00cef590,00cef588,00000080,00cef668)
ret=7b028568
00b8:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xe100e0 00000108
00000080
00b8:trace:virtual:VIRTUAL_DumpView View: 0xe10000 - 0xe2cfff (image)
00b8:trace:virtual:VIRTUAL_DumpView 0xe10000 - 0xe18fff c-rWx
00b8:trace:virtual:VIRTUAL_DumpView 0xe19000 - 0xe2cfff c-rW-
00b8:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b028568
00b8:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236b75
...
00b8:Call driver init 0000000000E2C190
(obj=00000000007FE080,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\ezplay")
00b8:trace:seh:raise_exception code=c0000005 flags=0 addr=0xe2c190 ip=e2c190
tid=00b8
00b8:trace:seh:raise_exception info[0]=0000000000000008
00b8:trace:seh:raise_exception info[1]=0000000000e2c190
00b8:trace:seh:raise_exception rax=0000000000000081 rbx=0000000000e2c190
rcx=00000000007fe080 rdx=00000000007fe1e8
00b8:trace:seh:raise_exception rsi=0000000000cef8dc rdi=00000000000fc158
rbp=00000000000fc348 rsp=0000000000cef888
00b8:trace:seh:raise_exception r8=0000000000000000 r9=0000000000000000
r10=0000000000000000 r11=0000000000000000
00b8:trace:seh:raise_exception r12=00000000007fe080 r13=00007fffffea4000
r14=00000000007fe1e8 r15=0000000000000000
00b8:trace:seh:call_vectored_handlers calling handler at 0x22cde0 code=c0000005
flags=0
00b8:trace:seh:call_vectored_handlers handler at 0x22cde0 returned 0
00b8:warn:seh:virtual_unwind exception data not found in L"ezplay.sys"
--- snip ---
--- snip ---
$ winedump -f .wine/drive_c/windows/system32/drivers/ezplay.sys
Contents of .wine/drive_c/windows/system32/drivers/ezplay.sys: 118400 bytes
File Header
Machine: 8664 (AMD64)
Number of Sections: 8
TimeDateStamp: 4635C037 (Mon Apr 30 12:08:55 2007) offset 232
PointerToSymbolTable: 00000000
NumberOfSymbols: 00000000
SizeOfOptionalHeader: 00F0
Characteristics: 0022
EXECUTABLE_IMAGE
LARGE_ADDRESS_AWARE
Optional Header (64bit)
Magic 0x20B 523
linker version 8.00
size of code 0xd200 53760
size of initialized data 0xf900 63744
size of uninitialized data 0x0 0
entrypoint RVA 0x1c190 115088
base of code 0x380 896
image base 0x10000
section align 0x80 128
file align 0x80 128
required OS version 5.02
image version 5.02
subsystem version 1.10
Win32 Version 0x0 0
size of image 0x1ce80 118400
size of headers 0x380 896
checksum 0x22220 139808
Subsystem 0x1 (Native)
DLL characteristics: 0x2000
WDM_DRIVER
stack reserve size 0x40000
stack commit size 0x1000
heap reserve size 0x100000
heap commit size 0x1000
loader flags 0x0 0
RVAs & sizes 0x10 16
Data Directory
EXPORT rva: 0x0 size: 0x0
IMPORT rva: 0x1c1ec size: 0x3c
RESOURCE rva: 0x1c880 size: 0x398
EXCEPTION rva: 0x18300 size: 0xb10
SECURITY rva: 0x0 size: 0x0
BASERELOC rva: 0x1cc80 size: 0x88
DEBUG rva: 0x9d10 size: 0x1c
ARCHITECTURE rva: 0x0 size: 0x0
GLOBALPTR rva: 0x0 size: 0x0
TLS rva: 0x0 size: 0x0
LOAD_CONFIG rva: 0x0 size: 0x0
Bound IAT rva: 0x0 size: 0x0
IAT rva: 0x9b80 size: 0x190
Delay IAT rva: 0x0 size: 0x0
CLR Header rva: 0x0 size: 0x0
rva: 0x0 size: 0x0
Section Table
.text VirtSize: 0x000097c9 VirtAddr: 0x00000380
raw data offs: 0x00000380 raw data size: 0x00009800
relocation offs: 0x00000000 relocations: 0x00000000
line # offs: 0 line #'s: 0
characteristics: 0x68000020
CODE MEM_NOT_PAGED MEM_EXECUTE MEM_READ
.rdata VirtSize: 0x0000b0e4 VirtAddr: 0x00009b80
raw data offs: 0x00009b80 raw data size: 0x0000b100
relocation offs: 0x00000000 relocations: 0x00000000
line # offs: 0 line #'s: 0
characteristics: 0x48000040
INITIALIZED_DATA MEM_NOT_PAGED MEM_READ
.data VirtSize: 0x00003610 VirtAddr: 0x00014c80
raw data offs: 0x00014c80 raw data size: 0x00003680
relocation offs: 0x00000000 relocations: 0x00000000
line # offs: 0 line #'s: 0
characteristics: 0xc8000040
INITIALIZED_DATA MEM_NOT_PAGED MEM_READ MEM_WRITE
.pdata VirtSize: 0x00000b10 VirtAddr: 0x00018300
raw data offs: 0x00018300 raw data size: 0x00000b80
relocation offs: 0x00000000 relocations: 0x00000000
line # offs: 0 line #'s: 0
characteristics: 0x48000040
INITIALIZED_DATA MEM_NOT_PAGED MEM_READ
PAGE VirtSize: 0x000032f4 VirtAddr: 0x00018e80
raw data offs: 0x00018e80 raw data size: 0x00003300
relocation offs: 0x00000000 relocations: 0x00000000
line # offs: 0 line #'s: 0
characteristics: 0x60000020
CODE MEM_EXECUTE MEM_READ
INIT VirtSize: 0x0000069e VirtAddr: 0x0001c180
raw data offs: 0x0001c180 raw data size: 0x00000700
relocation offs: 0x00000000 relocations: 0x00000000
line # offs: 0 line #'s: 0
characteristics: 0xe2000020
CODE MEM_DISCARDABLE MEM_EXECUTE MEM_READ MEM_WRITE
.rsrc VirtSize: 0x00000398 VirtAddr: 0x0001c880
raw data offs: 0x0001c880 raw data size: 0x00000400
relocation offs: 0x00000000 relocations: 0x00000000
line # offs: 0 line #'s: 0
characteristics: 0x42000040
INITIALIZED_DATA MEM_DISCARDABLE MEM_READ
.reloc VirtSize: 0x00000186 VirtAddr: 0x0001cc80
raw data offs: 0x0001cc80 raw data size: 0x00000200
relocation offs: 0x00000000 relocations: 0x00000000
line # offs: 0 line #'s: 0
characteristics: 0x42000040
INITIALIZED_DATA MEM_DISCARDABLE MEM_READ
Done dumping .wine/drive_c/windows/system32/drivers/ezplay.sys
--- snip ---
$ sha1sum Blindwrite7_setup.exe
8b357a5613b5f348e0105d9dbb84ef42550016ee Blindwrite7_setup.exe
$ du -sh Blindwrite7_setup.exe
14M Blindwrite7_setup.exe
$ wine --version
wine-5.7-177-gad1fad8a94
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list