[Bug 49091] New: nProtect Anti-Virus/Spyware 4.0 'TKPcFtCb64.sys' crashes on unimplemented function 'ntoskrnl.exe.KeInitializeGuardedMutex'
WineHQ Bugzilla
wine-bugs at winehq.org
Sun May 3 09:37:19 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49091
Bug ID: 49091
Summary: nProtect Anti-Virus/Spyware 4.0 'TKPcFtCb64.sys'
crashes on unimplemented function
'ntoskrnl.exe.KeInitializeGuardedMutex'
Product: Wine
Version: 5.7
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntoskrnl
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
encountered while revisiting bug 47170
Download:
https://web.archive.org/web/20160510225518/http://avsd.nprotect.net/avs40/setup/nProtectSetup_AVS40.exe
--- snip ---
$ WINEDEBUG=+seh,+loaddll,+process wine ./nProtectSetup_AVS40.exe
...
0590:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\FLTMGR.SYS"
at 0xe20000: PE builtin
0590:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\system32\\TKFsFt64.sys" at 0xe10000: native
...
0590:fixme:fltmgr:FltRegisterFilter
(00000000000FBFC0,0000000000E13750,0000000000E141C0): stub
0590:fixme:fltmgr:FltStartFiltering (00000000DEADBEAF): stub
0590:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\version.dll"
at 0x1080000: PE builtin
0590:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\system32\\setupapi.dll" at 0xf50000: PE builtin
...
0590:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\system32\\TKPcFtCb64.sys" at 0x10a0000: native
...
0590:trace:seh:raise_exception code=c0000096 flags=0 addr=0x10a19a0 ip=10a19a0
tid=0590
0590:trace:seh:raise_exception rax=0000000000000000 rbx=00000000010b0008
rcx=0000000000cef6d4 rdx=0000000000000000
0590:trace:seh:raise_exception rsi=0000000000cef94c rdi=00000000007d6068
rbp=0000000000000000 rsp=0000000000cef7f8
0590:trace:seh:raise_exception r8=000000000000001e r9=0000000000000000
r10=0000000000000008 r11=0000000000000246
0590:trace:seh:raise_exception r12=00000000007d6250 r13=00007fffffea4000
r14=00000000007d63b8 r15=0000000000000000
0590:trace:seh:call_vectored_handlers calling handler at 0x22cde0 code=c0000096
flags=0
0590:trace:seh:call_vectored_handlers handler at 0x22cde0 returned ffffffff
0590:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6dfdc
ip=7bc6dfdc tid=0590
0590:trace:seh:raise_exception info[0]=00000000010b0344
0590:trace:seh:raise_exception info[1]=00000000010b01e2
wine: Call from 0x7bc6dfdc to unimplemented function
ntoskrnl.exe.KeInitializeGuardedMutex, aborting
--- snip ---
Microsoft docs:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-keinitializeguardedmutex
--- snip ---
winedump -j import ~/.wine/drive_c/windows/system32/TKPcFtCb64.sys
Contents of /home/focht/.wine/drive_c/windows/system32/TKPcFtCb64.sys: 39280
bytes
Import Table size: 00000028
offset 00005064 ntoskrnl.exe
Hint/Name Table: 00010090
TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970)
ForwarderChain: 00000000
First thunk RVA: 00005000
Thunk Ordn Name
00005000 689 KeInitializeGuardedMutex
00005008 1316 RtlInitUnicodeString
00005010 451 IoDeleteDevice
00005018 1163 PsSetCreateProcessNotifyRoutine
00005020 440 IoCreateSymbolicLink
00005028 430 IoCreateDevice
00005030 749 KeReleaseSpinLock
00005038 1042 ObfReferenceObject
00005040 1041 ObfDereferenceObject
00005048 651 KeAcquireSpinLockRaiseToDpc
00005050 594 IoThreadToProcess
00005058 1147 PsProcessType
00005060 482 IoGetCurrentProcess
00005068 1179 PsThreadType
00005070 786 KeStackAttachProcess
00005078 660 KeBugCheckEx
00005080 1801 _stricmp
00005088 92 ExAcquireResourceExclusiveLite
00005090 105 ExAllocatePoolWithTag
00005098 663 KeClearEvent
000050a0 129 ExFreePoolWithTag
000050a8 729 KeReadStateEvent
000050b0 711 KeLeaveCriticalRegion
000050b8 1815 _wcsnicmp
000050c0 771 KeSetEvent
000050c8 688 KeInitializeEvent
000050d0 1739 ZwQuerySystemInformation
000050d8 670 KeEnterCriticalRegion
000050e0 1081 PsCreateSystemThread
000050e8 1740 ZwQueryValueKey
000050f0 1178 PsTerminateSystemThread
000050f8 176 ExReleaseResourceLite
00005100 1638 ZwClose
00005108 629 IofCompleteRequest
00005110 1031 ObReferenceObjectByHandle
00005118 802 KeWaitForSingleObject
00005120 1132 PsGetVersion
00005128 140 ExInitializeResourceLite
00005130 1695 ZwOpenKey
00005138 60 DbgPrint
00005140 1459 RtlUnicodeToMultiByteN
Done dumping /home/focht/.wine/drive_c/windows/system32/TKPcFtCb64.sys
--- snip ---
$ sha1sum nProtectSetup_AVS40.exe
913b33ab5c9477539d4d65b9f89e67be1a6b6c13 nProtectSetup_AVS40.exe
$ du -sh nProtectSetup_AVS40.exe
36M nProtectSetup_AVS40.exe
$ wine --version
wine-5.7-177-gad1fad8a94
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list