[Bug 49290] New: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes on access to 'ComponentGlobals' out parameter, returned by 'wdfldr.sys.WdfVersionBind'
WineHQ Bugzilla
wine-bugs at winehq.org
Fri May 29 13:12:31 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49290
Bug ID: 49290
Summary: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes on
access to 'ComponentGlobals' out parameter, returned
by 'wdfldr.sys.WdfVersionBind'
Product: Wine
Version: 5.9
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: -unknown
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
continuation of bug 49193
--- snip ---
$ WINEDEBUG=+seh,+relay,+int,+ntoskrnl,+ntdll,+reg wine net start "Denuvo
Anti-Cheat" >>log.txt 2>&1
...
00d0:trace:seh:raise_exception info[0]=0000000000000000
00d0:trace:seh:raise_exception info[1]=0000000000000030
00d0:trace:seh:raise_exception rax=0000000000000000 rbx=0000000000000000
rcx=5a6b5c4ad4f60000 rdx=0000000000000045
00d0:trace:seh:raise_exception rsi=000000000078dfb8 rdi=000000000078de50
rbp=0000000000000000 rsp=0000000000b5f860
00d0:trace:seh:raise_exception r8=0000000000000000 r9=0000000000b5ee22
r10=0000000000000000 r11=0000000000000000
00d0:trace:seh:raise_exception r12=000000000078de50 r13=00007fffffea4000
r14=000000000078dfb8 r15=0000000000000000
00d0:trace:seh:call_vectored_handlers calling handler at 0x22d0a0 code=c0000005
flags=0
00d0:trace:seh:call_vectored_handlers handler at 0x22d0a0 returned 0
00d0:trace:seh:RtlVirtualUnwind type 1 rip c81116 rsp b5f860
00d0:trace:seh:dump_unwind_info **** func 1060-1182
...
wine: Unhandled page fault on read access to 0000000000000030 at address
0000000000C81116 (thread 00d0), starting debugger...
--- snip ---
Driver disassembly, showing it wants to access a field/member of opaque
'WDF_COMPONENT_GLOBALS' structure which is returned by WdfVersionBind():
--- snip ---
...
0000000140001104 | call denuvo-anti-cheat.14003AE20 |
0000000140001109 | cmp eax,ebp |
000000014000110B | mov ebx,eax |
000000014000110D | jl denuvo-anti-cheat.140001166 |
000000014000110F | mov rax,qword ptr ds:[1400AB9A8] | ComponentGlobals
0000000140001116 | cmp byte ptr ds:[rax+30],bpl | *boom*
000000014000111A | je denuvo-anti-cheat.140001140 |
000000014000111C | mov rax,qword ptr ds:[1400AB998] |
0000000140001123 | cmp qword ptr ds:[rdi+68],rbp |
0000000140001127 | cmovne rax,qword ptr ds:[rdi+68] |
...
--- snip ---
Init/setup:
--- snip ---
...
000000014000108D | mov eax,208 |
0000000140001092 | mov qword ptr ds:[1400AB9B0],rcx |
0000000140001099 | lea rcx,qword ptr ds:[1400AB988] |
00000001400010A0 | mov word ptr ds:[1400AB98A],ax |
00000001400010A7 | lea rax,qword ptr ds:[1400AB9C0] |
00000001400010AE | mov word ptr ds:[1400AB988],bp |
00000001400010B5 | mov qword ptr ds:[1400AB990],rax |
00000001400010BC | call qword ptr ds:[<&JMP.&RtlCopyUnicodeString>] |
00000001400010C2 | lea r9,qword ptr ds:[1400AB9A8] | ComponentGlobals
00000001400010C9 | lea r8,qword ptr ds:[1400A7060] | BindInfo
00000001400010D0 | lea rdx,qword ptr ds:[1400AB988] | RegistryPath
00000001400010D7 | mov rcx,rdi | DriverObject
00000001400010DA | call denuvo-anti-cheat.14006F97A | WdfVersionBind
00000001400010DF | cmp eax,ebp |
00000001400010E1 | jl denuvo-anti-cheat.14000116D |
...
000000014006F97A | jmp qword ptr ds:[<&JMP.&WdfVersionBind>] |
000000014006F980 | jmp qword ptr ds:[<&JMP.&WdfVersionBindClass>] |
000000014006F986 | jmp qword ptr ds:[<&JMP.&WdfVersionUnbindClass>] |
000000014006F98C | jmp qword ptr ds:[<&JMP.&_purecall>] |
--- snip ---
https://github.com/microsoft/Windows-Driver-Frameworks/blob/master/src/framework/shared/inc/private/common/fxldr.h#L294
--- snip ---
//-----------------------------------------------------------------------------
// WDFLDR.SYS exported function prototype definitions
//-----------------------------------------------------------------------------
_Must_inspect_result_
NTSTATUS
WdfVersionBind(
__in PDRIVER_OBJECT DriverObject,
__in PUNICODE_STRING RegistryPath,
__inout PWDF_BIND_INFO BindInfo,
__out PWDF_COMPONENT_GLOBALS* ComponentGlobals
);
--- snip ---
$ wine --version
wine-5.9-162-gcb67fb39ff
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list