[Bug 49198] New: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes in entry point (incorrect page protection restored during relocation processing)
WineHQ Bugzilla
wine-bugs at winehq.org
Tue May 19 06:10:41 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49198
Bug ID: 49198
Summary: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes in
entry point (incorrect page protection restored during
relocation processing)
Product: Wine
Version: 5.8
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntoskrnl
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says. Regression introduced by commit
https://source.winehq.org/git/wine.git/commitdiff/22dfb0df10b44d1c21b3d04b59312670c2318431
("ntoskrnl.exe: Protect relocated pages one at a time.")
--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll,+module,+ntdll,+virtual wine net
start "Denuvo Anti-Cheat" >>log.txt 2>&1
...
00d0:trace:ntoskrnl:load_driver loading driver L"C:\\Program Files\\Denuvo
Anti-Cheat\\denuvo-anti-cheat.sys"
00d0:Call KERNEL32.LoadLibraryW(0078e440 L"C:\\Program Files\\Denuvo
Anti-Cheat\\denuvo-anti-cheat.sys") ret=00236928
...
00d0:trace:virtual:map_view got mem in reserved area 0xc80000-0xe04000
00d0:trace:module:map_image mapped PE file at 0xc80000-0xe04000
00d0:trace:module:map_image mapping section .text at 0xc81000 off 600 size
75200 virt 75200 flags 68000020
00d0:trace:module:map_image clearing 0xcf6200 - 0xcf7000
00d0:trace:module:map_image mapping section .rdata at 0xcf7000 off 75800 size
2fa00 virt 30000 flags 48000020
00d0:trace:module:map_image clearing 0xd26a00 - 0xd27000
00d0:trace:module:map_image mapping section .data at 0xd27000 off a5200 size
200 virt 5000 flags c8000020
00d0:trace:module:map_image clearing 0xd27200 - 0xd28000
00d0:trace:module:map_image mapping section .pdata at 0xd2c000 off a5400 size
7800 virt 8000 flags 48000040
00d0:trace:module:map_image clearing 0xd33800 - 0xd34000
00d0:trace:module:map_image mapping section .gfids at 0xd34000 off acc00 size
200 virt 1000 flags 48000020
00d0:trace:module:map_image clearing 0xd34200 - 0xd35000
00d0:trace:module:map_image mapping section PAGE at 0xd35000 off ace00 size 400
virt 400 flags 68000020
00d0:trace:module:map_image clearing 0xd35400 - 0xd36000
00d0:trace:module:map_image mapping section .edata at 0xd36000 off ad200 size
200 virt 1000 flags 48000020
00d0:trace:module:map_image clearing 0xd36200 - 0xd37000
00d0:trace:module:map_image mapping section INIT at 0xd37000 off ad400 size e00
virt e00 flags 68000020
00d0:trace:module:map_image clearing 0xd37e00 - 0xd38000
00d0:trace:module:map_image mapping section .rsrc at 0xd38000 off ae200 size
1a00 virt 2000 flags 48000020
00d0:trace:module:map_image clearing 0xd39a00 - 0xd3a000
00d0:trace:module:map_image mapping section at 0xd3a000 off afc00 size c1a00
virt c1828 flags 68000020
00d0:trace:module:map_image clearing 0xdfba00 - 0xdfc000
00d0:trace:module:map_image mapping section at 0xdfc000 off 171600 size e00
virt c2c flags 48000020
00d0:trace:module:map_image clearing 0xdfce00 - 0xdfd000
00d0:trace:module:map_image mapping section at 0xdfd000 off 172400 size 600
virt 480 flags c8000020
00d0:trace:module:map_image clearing 0xdfd600 - 0xdfe000
00d0:trace:module:map_image mapping section at 0xdfe000 off 172a00 size 800
virt 696 flags 68000020
00d0:trace:module:map_image clearing 0xdfe800 - 0xdff000
00d0:trace:module:map_image mapping section .rdata at 0xdff000 off 173200 size
1400 virt 12d4 flags 48000040
00d0:trace:module:map_image clearing 0xe00400 - 0xe01000
00d0:trace:module:map_image mapping section .rsrc at 0xe01000 off 174600 size
600 virt 4f8 flags 42000040
00d0:trace:module:map_image clearing 0xe01600 - 0xe02000
00d0:trace:module:map_image mapping section .reloc at 0xe02000 off 174c00 size
1c00 virt 1a60 flags 42000040
00d0:trace:module:map_image clearing 0xe03c00 - 0xe04000
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
...
00d0:trace:loaddll:load_native_dll Loaded L"C:\\Program Files\\Denuvo
Anti-Cheat\\denuvo-anti-cheat.sys" at 0xc80000: native
00d0:trace:module:load_dll Loaded module L"\\??\\C:\\Program Files\\Denuvo
Anti-Cheat\\denuvo-anti-cheat.sys" at 0xc80000
00d0:trace:module:process_attach (L"denuvo-anti-cheat.sys",(nil)) - START
00d0:trace:module:process_attach (L"netio.sys",(nil)) - START
00d0:trace:module:process_attach (L"netio.sys",(nil)) - END
00d0:trace:module:process_attach (L"wdfldr.sys",(nil)) - START
00d0:trace:module:process_attach (L"wdfldr.sys",(nil)) - END
00d0:trace:module:process_attach (L"denuvo-anti-cheat.sys",(nil)) - END
00d0:Ret ntdll.LdrLoadDll() retval=00000000 ret=7b01d770
00d0:Call ntdll.RtlReleasePath(0078e4d0) ret=7b01d7ae
00d0:Ret ntdll.RtlReleasePath() retval=00000001 ret=7b01d7ae
00d0:Ret KERNEL32.LoadLibraryW() retval=00c80000 ret=00236928
...
00d0:trace:ntoskrnl:perform_relocations relocating from
0000000140000000-0000000140184000 to 0000000000C80000-0000000000E04000
00d0:Call KERNEL32.VirtualProtect(00cf7000,00002000,00000004,00b5f7c0)
ret=00236a79
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6e0,00b5f6d8,00000004,00b5f7c0)
ret=7b02d058
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xcf7000 00002000
00000004
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xcf8fff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xcf9000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
...
00d0:Call
ntdll.LdrProcessRelocationBlock(00d27000,10000000a,00e03924,fffffffec0c80000)
ret=00236a9e
00d0:Ret ntdll.LdrProcessRelocationBlock() retval=00e03938 ret=00236a9e
00d0:Call KERNEL32.VirtualProtect(00d27000,00002000,00000008,00b5f7c0)
ret=00236ab4
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6e0,00b5f6d8,00000008,00b5f7c0)
ret=7b02d058
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xd27000 00002000
00000008
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d058
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236ab4
00d0:Call KERNEL32.VirtualProtect(00dfd000,00002000,00000004,00b5f7c0)
ret=00236a79
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6e0,00b5f6d8,00000004,00b5f7c0)
ret=7b02d058
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfd000 00002000
00000004
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfefff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d058
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236a79
...
00d0:Call driver init 0000000000C81184
(obj=000000000078E290,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Denuvo
Anti-Cheat")
00d0:trace:seh:raise_exception code=c0000005 flags=0 addr=0xdfe5e0 ip=dfe5e0
tid=00d0
00d0:trace:seh:raise_exception info[0]=0000000000000008
00d0:trace:seh:raise_exception info[1]=0000000000dfe5e0
00d0:trace:seh:raise_exception rax=0000000000d2b9c0 rbx=0000000000c81184
rcx=0000000000d2b988 rdx=000000000078e3f8
00d0:trace:seh:raise_exception rsi=000000000078e3f8 rdi=000000000078e290
rbp=0000000000000000 rsp=0000000000b5f858
00d0:trace:seh:raise_exception r8=00002b992ddfa232 r9=0000000000000000
r10=0000000000000000 r11=0000000000000000
00d0:trace:seh:raise_exception r12=000000000078e290 r13=00007fffffea4000
r14=000000000078e3f8 r15=0000000000000000
00d0:trace:seh:call_vectored_handlers calling handler at 0x22cf50 code=c0000005
flags=0
00d0:trace:seh:call_vectored_handlers handler at 0x22cf50 returned 0
00d0:warn:seh:virtual_unwind exception data not found in
L"denuvo-anti-cheat.sys"
--- snip ---
0xdfe000 = IAT which has page execute protection erroneously removed during
relocation processing.
$ wine --version
wine-5.8-232-gca6dbcf35b
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list