[Bug 48641] skse64 is broken with the ntdll-ForceBottomUpAlloc patchset
WineHQ Bugzilla
wine-bugs at winehq.org
Mon Oct 12 20:12:14 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=48641
--- Comment #7 from qsniyg <qsniyg at mail.com> ---
Sorry for the late response (never got around to compiling staging again...).
The bug now happens with wine vanilla as well, I haven't yet bisected the
cause.
After applying a rebased version of your test hack, it still doesn't work.
However, after doing further research, it's not the cause of the issue.
Before the patch (with a err trace added to display the output):
0398:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x13fffffff,
info_class=0, 0x21f760, 48, 0x21f728)
0398:err:virtual:get_basic_memory_info .State=4096, .RegionSize=0x1000
...
06dc:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x13fff0fff,
info_class=0, 0x21f760, 48, 0x21f728)
06dc:err:virtual:get_basic_memory_info .State=65536, .RegionSize=0x10000
, .BaseAddress=0x13fff0000
06dc:trace:virtual:NtAllocateVirtualMemory 0xffffffffffffffff 0x13fff0000
00010000 3000 00000040
After the patch:
...
0398:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x13ffb0fff,
info_class=0, 0x21f760, 48, 0x21f728)
0398:err:virtual:get_basic_memory_info .State=65536, .RegionSize=0x10000
, .BaseAddress=0x13ffb0000
0398:trace:virtual:NtAllocateVirtualMemory 0xffffffffffffffff 0x13ffb0000
00010000 3000 00000040
This works fine, and corresponds to the following in
src/skse64/skse64/skse64.cpp
(https://github.com/JimBeamBeagle/SimplyKnock/blob/e0e64412201c9eac1881377e3573f923aa1eb016/simplyknock_skse_plugin/skse64/skse64/skse64.cpp#L68
):
if(!g_branchTrampoline.Create(1024 * 64))
{
_ERROR("couldn't create branch trampoline. this is fatal. skipping
remainder of init process.");
return;
}
However, what fails is the line right after in the log:
0398:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x2236ffff,
info_class=0, 0x21f760, 48, 0x21f728)
0398:err:virtual:get_basic_memory_info .State=65536, .RegionSize=0x1000
, .BaseAddress=0x2236f000
Source code (the difference here is g_moduleHandle, which is the handle of
skse_1_5_97.dll, which loads at 0x22370000):
if(!g_localTrampoline.Create(1024 * 64, g_moduleHandle))
{
_ERROR("couldn't create codegen buffer. this is fatal. skipping
remainder of init process.");
return;
}
The reason this fails is because of the following in BranchTrampoline::Create
(src/skse64/skse64_common/BranchTrampoline.cpp, link:
https://github.com/JimBeamBeagle/SimplyKnock/blob/e0e64412201c9eac1881377e3573f923aa1eb016/simplyknock_skse_plugin/skse64/skse64_common/BranchTrampoline.cpp#L22
):
uintptr_t lowestOKAddress = moduleBase - 0x80000000 + (1024 * 1024 * 128);
// largest 32-bit displacement with 128MB scratch space
...
if (addr < lowestOKAddress)
{
_ERROR("couldn't allocate trampoline, no free space before image");
break;
}
lowestOKAddress = 0x22370000 - 0x80000000 + (1024 * 1024 * 128), which is a
negative value (and therefore overflows).
Applying an updated version of the SKSE hack (sending MEM_TOP_DOWN to
NtMapViewOfSection in open_dll_file) allows it to work fine (loads it at
7FFFFED40000), but this is probably not a proper solution.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list