[Bug 49230] Multiple kernel drivers crash on unimplemented function ntoskrnl.exe.KeSetTimer (Denuvo Anti-Cheat 'denuvo-anti-cheat.sys')

WineHQ Bugzilla wine-bugs at winehq.org
Sun May 24 05:03:33 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=49230

--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

addendum, since it's needed to make custom timer DPC work with KeSetTimer (one
shot timer):

--- snip ---
00d8:Call ntoskrnl.exe.KeInitializeTimer(04b600c4) ret=00caeab7
00d8:trace:ntoskrnl:KeInitializeTimerEx timer 0000000004B600C4, type 0.
00d8:Ret  ntoskrnl.exe.KeInitializeTimer() retval=00000020 ret=00caeab7
00d8:Call ntoskrnl.exe.KeInitializeDpc(04b60104,00caecf0,04b6009c) ret=00caeacb
00d8:fixme:ntoskrnl:KeInitializeDpc stub
00d8:Ret  ntoskrnl.exe.KeInitializeDpc() retval=00000005 ret=00caeacb
00d8:Call KERNEL32.RaiseException(80000100,00000001,00000002,067efbc0)
ret=0023ea28 
--- snip ---

The driver calls 'KeInitializeDpc' with DPC routine and context parameters.
Wine currently throws them away:

https://source.winehq.org/git/wine.git/blob/056c9df854817670dc4fb9c095cba29c99089ac8:/dlls/ntoskrnl.exe/ntoskrnl.c#l3027

--- snip ---
3027 /***********************************************************************
3028  *           KeInitializeDpc   (NTOSKRNL.EXE.@)
3029  */
3030 VOID WINAPI KeInitializeDpc(PRKDPC Dpc, PKDEFERRED_ROUTINE
DeferredRoutine, PVOID DeferredContext)
3031 {
3032     FIXME("stub\n");
3033 }
--- snip ---

Microsoft docs:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-keinitializedpc

--- quote ---
The caller can queue an initialized DPC with KeInsertQueueDpc. The caller also
can set up a timer object associated with the initialized DPC object and queue
the DPC with KeSetTimer.
--- quote ---

As implied by the documentation, 'KeInitializeDpc' needs associate the DPC
routine and context with the DPC object. Paul buried that change in the same
patch. Just wanted to highlight this in an extra comment.

Some example usage:

https://github.com/microsoft/Windows-driver-samples/blob/master/general/event/wdm/event.c#L887

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list