[Bug 49091] New: nProtect Anti-Virus/Spyware 4.0 'TKPcFtCb64.sys' crashes on unimplemented function 'ntoskrnl.exe.KeInitializeGuardedMutex'

WineHQ Bugzilla wine-bugs at winehq.org
Sun May 3 09:37:19 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=49091

            Bug ID: 49091
           Summary: nProtect Anti-Virus/Spyware 4.0 'TKPcFtCb64.sys'
                    crashes on unimplemented function
                    'ntoskrnl.exe.KeInitializeGuardedMutex'
           Product: Wine
           Version: 5.7
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntoskrnl
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

encountered while revisiting bug 47170

Download:

https://web.archive.org/web/20160510225518/http://avsd.nprotect.net/avs40/setup/nProtectSetup_AVS40.exe

--- snip ---
$ WINEDEBUG=+seh,+loaddll,+process wine ./nProtectSetup_AVS40.exe
...
0590:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\FLTMGR.SYS"
at 0xe20000: PE builtin
0590:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\system32\\TKFsFt64.sys" at 0xe10000: native
...
0590:fixme:fltmgr:FltRegisterFilter
(00000000000FBFC0,0000000000E13750,0000000000E141C0): stub
0590:fixme:fltmgr:FltStartFiltering (00000000DEADBEAF): stub
0590:trace:loaddll:load_native_dll Loaded L"C:\\windows\\system32\\version.dll"
at 0x1080000: PE builtin
0590:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\system32\\setupapi.dll" at 0xf50000: PE builtin
...
0590:trace:loaddll:load_native_dll Loaded
L"C:\\windows\\system32\\TKPcFtCb64.sys" at 0x10a0000: native
...
0590:trace:seh:raise_exception code=c0000096 flags=0 addr=0x10a19a0 ip=10a19a0
tid=0590
0590:trace:seh:raise_exception  rax=0000000000000000 rbx=00000000010b0008
rcx=0000000000cef6d4 rdx=0000000000000000
0590:trace:seh:raise_exception  rsi=0000000000cef94c rdi=00000000007d6068
rbp=0000000000000000 rsp=0000000000cef7f8
0590:trace:seh:raise_exception   r8=000000000000001e  r9=0000000000000000
r10=0000000000000008 r11=0000000000000246
0590:trace:seh:raise_exception  r12=00000000007d6250 r13=00007fffffea4000
r14=00000000007d63b8 r15=0000000000000000
0590:trace:seh:call_vectored_handlers calling handler at 0x22cde0 code=c0000096
flags=0
0590:trace:seh:call_vectored_handlers handler at 0x22cde0 returned ffffffff
0590:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6dfdc
ip=7bc6dfdc tid=0590
0590:trace:seh:raise_exception  info[0]=00000000010b0344
0590:trace:seh:raise_exception  info[1]=00000000010b01e2
wine: Call from 0x7bc6dfdc to unimplemented function
ntoskrnl.exe.KeInitializeGuardedMutex, aborting
--- snip ---

Microsoft docs:

https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-keinitializeguardedmutex

--- snip ---
winedump -j import ~/.wine/drive_c/windows/system32/TKPcFtCb64.sys 
Contents of /home/focht/.wine/drive_c/windows/system32/TKPcFtCb64.sys: 39280
bytes

Import Table size: 00000028
  offset 00005064 ntoskrnl.exe
  Hint/Name Table: 00010090
  TimeDateStamp:   00000000 (Thu Jan  1 01:00:00 1970)
  ForwarderChain:  00000000
  First thunk RVA: 00005000
   Thunk    Ordn  Name
  00005000   689  KeInitializeGuardedMutex
  00005008  1316  RtlInitUnicodeString
  00005010   451  IoDeleteDevice
  00005018  1163  PsSetCreateProcessNotifyRoutine
  00005020   440  IoCreateSymbolicLink
  00005028   430  IoCreateDevice
  00005030   749  KeReleaseSpinLock
  00005038  1042  ObfReferenceObject
  00005040  1041  ObfDereferenceObject
  00005048   651  KeAcquireSpinLockRaiseToDpc
  00005050   594  IoThreadToProcess
  00005058  1147  PsProcessType
  00005060   482  IoGetCurrentProcess
  00005068  1179  PsThreadType
  00005070   786  KeStackAttachProcess
  00005078   660  KeBugCheckEx
  00005080  1801  _stricmp
  00005088    92  ExAcquireResourceExclusiveLite
  00005090   105  ExAllocatePoolWithTag
  00005098   663  KeClearEvent
  000050a0   129  ExFreePoolWithTag
  000050a8   729  KeReadStateEvent
  000050b0   711  KeLeaveCriticalRegion
  000050b8  1815  _wcsnicmp
  000050c0   771  KeSetEvent
  000050c8   688  KeInitializeEvent
  000050d0  1739  ZwQuerySystemInformation
  000050d8   670  KeEnterCriticalRegion
  000050e0  1081  PsCreateSystemThread
  000050e8  1740  ZwQueryValueKey
  000050f0  1178  PsTerminateSystemThread
  000050f8   176  ExReleaseResourceLite
  00005100  1638  ZwClose
  00005108   629  IofCompleteRequest
  00005110  1031  ObReferenceObjectByHandle
  00005118   802  KeWaitForSingleObject
  00005120  1132  PsGetVersion
  00005128   140  ExInitializeResourceLite
  00005130  1695  ZwOpenKey
  00005138    60  DbgPrint
  00005140  1459  RtlUnicodeToMultiByteN


Done dumping /home/focht/.wine/drive_c/windows/system32/TKPcFtCb64.sys
--- snip ---

$ sha1sum nProtectSetup_AVS40.exe 
913b33ab5c9477539d4d65b9f89e67be1a6b6c13  nProtectSetup_AVS40.exe

$ du -sh nProtectSetup_AVS40.exe 
36M    nProtectSetup_AVS40.exe

$ wine --version
wine-5.7-177-gad1fad8a94

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list