[Bug 49219] New: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes on unimplemented function ntoskrnl.exe.KeSetSystemAffinityThreadEx
WineHQ Bugzilla
wine-bugs at winehq.org
Fri May 22 05:59:36 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49219
Bug ID: 49219
Summary: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes on
unimplemented function
ntoskrnl.exe.KeSetSystemAffinityThreadEx
Product: Wine
Version: 5.8
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntoskrnl
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
continuation of bug 49217 (split out from bug 49194).
--- snip ---
$ WINEDEBUG=+seh,+relay,+int,+ntoskrnl,+ntdll wine net start "Denuvo
Anti-Cheat" >>log.txt 2>&1
...
00d0:Call driver init 0000000000C81184
(obj=000000000078EE10,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Denuvo
Anti-Cheat")
...
00d0:Call ntoskrnl.exe.KdRefreshDebuggerNotPresent() ret=00c84e5a
00d0:trace:ntoskrnl:KdRefreshDebuggerNotPresent .
00d0:Ret ntoskrnl.exe.KdRefreshDebuggerNotPresent() retval=00000001
ret=00c84e5a
00d0:Call ntoskrnl.exe.KeQueryActiveProcessorCountEx(0000ffff) ret=00c83d3a
00d0:fixme:ntoskrnl:KeQueryActiveProcessorCountEx GroupNumber 65535 semi-stub.
00d0:Call KERNEL32.GetSystemInfo(00b5f2f0) ret=00232906
00d0:Call ntdll.NtQuerySystemInformation(00000000,00b5f200,00000040,00000000)
ret=7b02c721
00d0:trace:ntdll:NtQuerySystemInformation
(0x00000000,0xb5f200,0x00000040,(nil))
00d0:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=7b02c721
00d0:Call ntdll.NtQuerySystemInformation(00000001,00b5f1f0,0000000c,00000000)
ret=7b02c751
00d0:trace:ntdll:NtQuerySystemInformation
(0x00000001,0xb5f1f0,0x0000000c,(nil))
00d0:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=7b02c751
00d0:Ret KERNEL32.GetSystemInfo() retval=00000006 ret=00232906
00d0:Ret ntoskrnl.exe.KeQueryActiveProcessorCountEx() retval=00000008
ret=00c83d3a
00d0:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6cb0c
ip=7bc6cb0c tid=00d0
00d0:trace:seh:raise_exception info[0]=0000000000e00266
00d0:trace:seh:raise_exception info[1]=0000000000dffd28
wine: Call from 0x7bc6cb0c to unimplemented function
ntoskrnl.exe.KeSetSystemAffinityThreadEx, aborting
--- snip ---
Microsoft docs:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-kesetsystemaffinitythreadex
This API is needed to ensure that certain code is executed on a specific cpu
core (pinning).
Relevant disassembly snippet of driver:
--- snip ---
...
140003D37 | call qword ptr ds:[rax+40] | KeQueryActiveProcessorCountEx
140003D3A | mov byte ptr ds:[rsi+30],al |
140003D3D | movzx ebp,al | num cores
140003D40 | cmp al,20 |
140003D42 | jb denuvo-anti-cheat.140003D49 |
140003D44 | mov ebp,20 | limit to 32 cores max
140003D49 | or rcx,FFFFFFFFFFFFFFFF |
140003D4D | mov dword ptr ds:[rsi+34],ebp |
140003D50 | call qword ptr ds:[<&JMP.&KeSetSystemAffinityThreadEx>]
140003D56 | mov r15,rax |
140003D59 | test ebp,ebp |
140003D5B | je denuvo-anti-cheat.140003DA9 |
140003D5D | mov qword ptr ss:[rsp+80],r14 |
140003D65 | lea rdi,qword ptr ds:[rsi+38] |
140003D69 | lea r14,qword ptr ds:[rsi+1C38] |
140003D70 | mov esi,ebp |
140003D72 | mov rcx,rbx |
140003D75 | mov edx,1 |
140003D7A | shl rdx,cl |
140003D7D | mov rcx,rdx | current core mask
140003D80 | call qword ptr ds:[<&JMP.&KeSetSystemAffinityThreadEx>]
140003D86 | mov rdx,r14 |
140003D89 | mov rcx,rdi |
140003D8C | call denuvo-anti-cheat.1400086C0 | read cpuid + VMX MSRs
140003D91 | inc rbx | core++
140003D94 | add rdi,E0 |
140003D9B | sub rsi,1 |
140003D9F | jne denuvo-anti-cheat.140003D72 | loop through all cores
140003DA1 | mov r14,qword ptr ss:[rsp+80] |
140003DA9 | mov rcx,r15 |
140003DAC | call qword ptr ds:[1400770F0] | KeRevertToUserAffinityThreadEx
140003DB2 | mov rcx,qword ptr ss:[rsp+30] |
140003DB7 | xor rcx,rsp |
140003DBA | call denuvo-anti-cheat.14006FB10 |
140003DBF | add rsp,40 |
140003DC3 | pop r15 |
140003DC5 | pop rdi |
140003DC6 | pop rsi |
140003DC7 | pop rbp |
140003DC8 | pop rbx |
140003DC9 | ret |
--- snip ---
The API is used by the driver to execute a subroutine on each cpu core (limited
to 32) which:
- queries information about the cpu core (vendor, revision, ...)
- queries for virtualization extensions (VMX MSRs)
$ wine --version
wine-5.8-321-gf0a8061663
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list