[Bug 49222] New: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes on unimplemented function ntoskrnl.exe.KeRevertToUserAffinityThreadEx
WineHQ Bugzilla
wine-bugs at winehq.org
Fri May 22 07:47:42 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49222
Bug ID: 49222
Summary: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes on
unimplemented function
ntoskrnl.exe.KeRevertToUserAffinityThreadEx
Product: Wine
Version: 5.8
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntoskrnl
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
continuation of bug 49220 (split out from bug 49194).
--- snip ---
$ WINEDEBUG=+seh,+relay,+int,+ntoskrnl,+ntdll wine net start "Denuvo
Anti-Cheat" >>log.txt 2>&1
...
00d0:Call driver init 0000000000C81184
(obj=000000000078EE10,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Denuvo
Anti-Cheat")
...
00d0:Call ntoskrnl.exe.KeQueryActiveProcessorCountEx(0000ffff) ret=00c83d3a
00d0:fixme:ntoskrnl:KeQueryActiveProcessorCountEx GroupNumber 65535 semi-stub.
00d0:Call KERNEL32.GetSystemInfo(00b5f2f0) ret=00232996
00d0:Call ntdll.NtQuerySystemInformation(00000000,00b5f200,00000040,00000000)
ret=7b02c721
00d0:trace:ntdll:NtQuerySystemInformation
(0x00000000,0xb5f200,0x00000040,(nil))
00d0:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=7b02c721
00d0:Call ntdll.NtQuerySystemInformation(00000001,00b5f1f0,0000000c,00000000)
ret=7b02c751
00d0:trace:ntdll:NtQuerySystemInformation
(0x00000001,0xb5f1f0,0x0000000c,(nil))
00d0:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=7b02c751
00d0:Ret KERNEL32.GetSystemInfo() retval=00000006 ret=00232996
00d0:Ret ntoskrnl.exe.KeQueryActiveProcessorCountEx() retval=00000008
ret=00c83d3a
00d0:Call ntoskrnl.exe.KeSetSystemAffinityThreadEx(ffffffffffffffff)
ret=00c83d56
00d0:fixme:ntoskrnl:KeSetSystemAffinityThreadEx (0xffffffff) semi-stub
00d0:Call
ntdll.NtQueryInformationThread(fffffffffffffffe,0000001e,00b5f300,00000010,00000000)
ret=00232b18
00d0:Ret ntdll.NtQueryInformationThread() retval=00000000 ret=00232b18
00d0:Call
ntdll.NtSetInformationThread(fffffffffffffffe,0000001e,00b5f310,00000010)
ret=00232b70
00d0:Ret ntdll.NtSetInformationThread() retval=c000000d ret=00232b70
00d0:fixme:ntoskrnl:KeSetSystemAffinityThreadEx Set affinity, status
0xc000000d.
00d0:fixme:ntoskrnl:KeSetSystemAffinityThreadEx old.Group 0, old.Mask 0xff.
00d0:Ret ntoskrnl.exe.KeSetSystemAffinityThreadEx() retval=000000ff
ret=00c83d56
00d0:Call ntoskrnl.exe.KeSetSystemAffinityThreadEx(00000001) ret=00c83d86
00d0:fixme:ntoskrnl:KeSetSystemAffinityThreadEx (0x1) semi-stub
00d0:Call
ntdll.NtQueryInformationThread(fffffffffffffffe,0000001e,00b5f300,00000010,00000000)
ret=00232b18
00d0:Ret ntdll.NtQueryInformationThread() retval=00000000 ret=00232b18
00d0:Call
ntdll.NtSetInformationThread(fffffffffffffffe,0000001e,00b5f310,00000010)
ret=00232b70
00d0:Ret ntdll.NtSetInformationThread() retval=00000000 ret=00232b70
00d0:fixme:ntoskrnl:KeSetSystemAffinityThreadEx old.Group 0, old.Mask 0xff.
00d0:Ret ntoskrnl.exe.KeSetSystemAffinityThreadEx() retval=000000ff
ret=00c83d86
...
00d0:fixme:int:emulate_instruction reg 0xfe returning 0.
00d0:trace:int:vectored_handler next instruction rip=c88cf5
00d0:trace:int:vectored_handler rax=0000000000000000 rbx=0000000000b5d280
rcx=00000000000000fe rdx=0000000000000000
00d0:trace:int:vectored_handler rsi=00000000008e1f70 rdi=0000000000000000
rbp=0000000000b5f370 rsp=0000000000b5d220
00d0:trace:int:vectored_handler r8=0000000000000000 r9=0000000000000000
r10=0000000000000000 r11=0000000000000000
00d0:trace:int:vectored_handler r12=0000000000000000 r13=00000000ffea4000
r14=0000000000000000 r15=0000000080000008
00d0:trace:seh:call_vectored_handlers handler at 0x22cfa0 returned ffffffff
00d0:trace:seh:raise_exception code=80000100 flags=1 addr=0x7bc6cb0c
ip=7bc6cb0c tid=00d0
00d0:trace:seh:raise_exception info[0]=0000000000e00266
00d0:trace:seh:raise_exception info[1]=0000000000dffcf8
wine: Call from 0x7bc6cb0c to unimplemented function
ntoskrnl.exe.KeRevertToUserAffinityThreadEx, aborting
--- snip ---
Microsoft docs:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-kereverttouseraffinitythreadex
It's the "tail" (epilogue) of bug 49219 to restore the previous affinity of the
driver's main thread.
Relevant disassembly snippet of driver:
--- snip ---
...
140003D37 | call qword ptr ds:[rax+40] | KeQueryActiveProcessorCountEx
140003D3A | mov byte ptr ds:[rsi+30],al |
140003D3D | movzx ebp,al | num cores
140003D40 | cmp al,20 |
140003D42 | jb denuvo-anti-cheat.140003D49 |
140003D44 | mov ebp,20 | limit to 32 cores max
140003D49 | or rcx,FFFFFFFFFFFFFFFF |
140003D4D | mov dword ptr ds:[rsi+34],ebp |
140003D50 | call qword ptr ds:[<&JMP.&KeSetSystemAffinityThreadEx>]
140003D56 | mov r15,rax |
140003D59 | test ebp,ebp |
140003D5B | je denuvo-anti-cheat.140003DA9 |
140003D5D | mov qword ptr ss:[rsp+80],r14 |
140003D65 | lea rdi,qword ptr ds:[rsi+38] |
140003D69 | lea r14,qword ptr ds:[rsi+1C38] |
140003D70 | mov esi,ebp |
140003D72 | mov rcx,rbx |
140003D75 | mov edx,1 |
140003D7A | shl rdx,cl |
140003D7D | mov rcx,rdx | current core mask
140003D80 | call qword ptr ds:[<&JMP.&KeSetSystemAffinityThreadEx>]
140003D86 | mov rdx,r14 |
140003D89 | mov rcx,rdi |
140003D8C | call denuvo-anti-cheat.1400086C0 | read cpuid + VMX MSRs
140003D91 | inc rbx | core++
140003D94 | add rdi,E0 |
140003D9B | sub rsi,1 |
140003D9F | jne denuvo-anti-cheat.140003D72 | loop through all cores
140003DA1 | mov r14,qword ptr ss:[rsp+80] |
140003DA9 | mov rcx,r15 |
140003DAC | call qword ptr ds:[1400770F0] | KeRevertToUserAffinityThreadEx
140003DB2 | mov rcx,qword ptr ss:[rsp+30] |
140003DB7 | xor rcx,rsp |
140003DBA | call denuvo-anti-cheat.14006FB10 |
140003DBF | add rsp,40 |
140003DC3 | pop r15 |
140003DC5 | pop rdi |
140003DC6 | pop rsi |
140003DC7 | pop rbp |
140003DC8 | pop rbx |
140003DC9 | ret |
--- snip ---
$ wine --version
wine-5.8-323-g563de17f53
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list