[Bug 46155] Multiple applications need KERNEL32.dll.RaiseFailFastException (RoyalTS v5, Windows PowerShell Core 6.1 for ARM64)
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Dec 9 16:28:23 CST 2021
https://bugs.winehq.org/show_bug.cgi?id=46155
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Hardware|aarch64 |x86-64
Summary|Windows PowerShell Core 6.1 |Multiple applications need
|for ARM64 crashes on |KERNEL32.dll.RaiseFailFastE
|unimplemented function |xception (RoyalTS v5,
|KERNEL32.dll.RaiseFailFastE |Windows PowerShell Core 6.1
|xception |for ARM64)
URL|https://web.archive.org//we |https://web.archive.org/web
|b/20210219203340/https://gi |/20211209205844/https://dow
|thub.com/PowerShell/PowerSh |nload.royalapplications.com
|ell/releases/download/v6.1. |/RoyalTS/RoyalTS_5.04.60415
|1/PowerShell-6.1.1-win-arm6 |.0.zip
|4.zip |
--- Comment #19 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
adding stable download link for Louis' app and refining summary. Using RoyalTS
as primary test case here because it actually requires a stub.
Replacing:
https://web.archive.org/web/20210219203340/https://github.com/PowerShell/PowerShell/releases/download/v6.1.1/PowerShell-6.1.1-win-arm64.zip
with:
https://web.archive.org/web/20211209205844/https://download.royalapplications.com/RoyalTS/RoyalTS_5.04.60415.0.zip
$ sha1sum RoyalTS_5.04.60415.0.zip
7786d03517b4423a26859a719bae073867f873c6 RoyalTS_5.04.60415.0.zip
$ du -sh RoyalTS_5.04.60415.0.zip
146M RoyalTS_5.04.60415.0.zip
The culprit seems to be a browser helper process based on Chromium browser by
'Essential Objects'.
There is a custom imports resolver at work. The 'RaiseFailFastException' export
is required even though no error condition is present at that time.
--- snip ---
$ WINEDEBUG=+pid,+seh,+process,+relay wine ./RoyalTS.exe >>log.txt 2>&1
...
0198:0298:trace:process:CreateProcessInternalW app
L"C:\\users\\focht\\Temp\\Royal TS
V5\\Plugins\\f008c2f0-5fb3-4c5e-a8eb-8072c1183088\\RoyalTS_Chromium_WP.exe"
cmdline L"\"C:\\users\\focht\\Temp\\Royal TS
V5\\Plugins\\f008c2f0-5fb3-4c5e-a8eb-8072c1183088\\RoyalTS_Chromium_WP.exe\"
--enable-speech-input --enable-media-stream --no-sandbox
--eo_init_data=eo.ipc.temp.21.0.85.0.408.1.5"
...
0198:0298:trace:process:CreateProcessInternalW started process pid 02b8 tid
02bc
...
0198:0298:Ret KERNEL32.CreateProcessW() retval=00000001 ret=2c727ce7
...
02b8:02bc:Call ntdll.strlen(004dfc68 "After CodeModule::Init") ret=7b021e30
...
02b8:02bc:Call ntdll.strlen(004e7978 "CodeModule::LoadLibrary:
swiftshader/libEGL.dll succeeded.") ret=7b021e30
...
02b8:02bc:Call ntdll.strlen(004e7978 "CodeModule::LoadMemoryModule. dllName =
C:\\users\\focht\\Temp\\libcef.dll") ret=7b021e30
...
02b8:02bc:Call ntdll.strlen(004e7978 "Try fix import table for KERNEL32.dll")
ret=7b021e30
...
02b8:02bc:Call ntdll.strlen(004e7978 "PEFile::FixupIAT resolves IAT for module
KERNEL32.dll") ret=7b021e30
...
02b8:02bc:Call KERNEL32.GetProcAddress(7b600000,165e4b38 "RaiseException")
ret=02a13615
...
02b8:02bc:Ret KERNEL32.GetProcAddress() retval=7b607ff0 ret=02a13615
...
02b8:02bc:Call KERNEL32.GetProcAddress(7b600000,165e4b4a
"RaiseFailFastException") ret=02a13615
...
02b8:02bc:Ret KERNEL32.GetProcAddress() retval=00000000 ret=02a13615
...
02b8:02bc:Call user32.MessageBoxA(00000000,0032e43c "Failed to resolve function
RaiseFailFastException in KERNEL32.dll",02a20928 "Error",00000000) ret=02a1716c
--- snip ---
ProtectionID scan:
--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> Z:\home\focht\Downloads\rts\RoyalTS.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 23106208 (016092A0h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x6077D831 -> Thu 15th Apr 2021 06:07:45 (GMT)
[TimeStamp] 0x6077D831 -> Thu 15th Apr 2021 06:07:45 (GMT) | PE Header | - |
Offset: 0x00000088 | VA: 0x00400088 | -
[TimeStamp] 0x6077D831 -> Thu 15th Apr 2021 06:07:45 (GMT) | DebugDirectory | -
| Offset: 0x01139A5C | VA: 0x0153B85C | -
-> File Appears to be Digitally Signed @ Offset 01604400h, size : 04EA0h /
020128 byte(s)
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000100000001001101000000110100 (0x0404D034)
[Entrypoint Section Entropy] : 6.25 (section #0) ".text " | Size : 0x15383A0
(22250400) byte(s)
[DllCharacteristics] -> Flag : (0x8560) -> HEVA | ASLR | DEP | NOSEH | TSA
[SectionCount] 3 (0x3) | ImageSize 0x160A000 (23109632) byte(s)
[VersionInfo] Company Name : Royal Apps GmbH
[VersionInfo] Product Name : Royal TS V5
[VersionInfo] Product Version : 5.4.60415
[VersionInfo] File Description : Royal TS V5
[VersionInfo] File Version : 5.4.60415.0
[VersionInfo] Original FileName : RoyalTS.exe
[VersionInfo] Internal Name : RoyalTS.exe
[VersionInfo] Legal Copyrights : Copyright © 2021. Royal Apps GmbH. Austria
[ModuleReport] [IAT] Modules -> mscoree.dll
[Debug Info] (record 1 of 1) (file offset 0x1139A58)
Characteristics : 0x0 | TimeDateStamp : 0x6077D831 (Thu 15th Apr 2021 06:07:45
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x67 (103)
AddressOfRawData : 0x113B874 | PointerToRawData : 0x1139A74
CvSig : 0x53445352 | SigGuid A10F330B-642E-402B-9DF8993FA514F060
Age : 0x1 (1) | Pdb : C:\agent\_work\r1\a\_Royal TS
V5\drop\Working\ObfuscatedAssemblies\RoyalTS.pdb
[Raw/Hidden Debug Record] (File Offset 0x5A78F4)
CvSig : 0x53445352 | SigGuid 95BA2397-0344-47BD-92D4B96DF61C1496
Age : 0x1 (1) | Pdb :
C:\projects\easyhook\Build\netfx4-Release\x86\EasyHook32.pdb
[.] .net @ FileOffset 0x1139ADC | MetaData->Version 1.1 (struct version) ->
v4.0.30319 (net version required)
[.] Flags : 0x0 | Streams : 0x5 (5) -> #~ | #Strings | #GUID | #Blob | #US
[COR20] MajorRuntimeVersion 0x2 (2) | MinorRuntimeVersion 0x2 (2) -> 0x2.2
(2.2)
[COR20] Flags 0x1
[COR20 Flags] [x] IL_ONLY [ ] 32BITREQUIRED [ ] IL_LIBRARY
[COR20 Flags] [ ] STRONGNAME [ ] NATIVE_EP [ ] TRACKDEBUGDATA
[COR20 Flags] [ ] 32BITPREFERRED | 0x0 UNKNOWN
[COR20 Flags] Assembly is NOT strong name signed
[!] Crypto Obfuscator for .NET v5.x detected !
[CdKeySerial] found "License key" @ VA: 0x0057E2CC / Offset: 0x0057C4CC
[CdKeySerial] found "License key" @ VA: 0x0057E45B / Offset: 0x0057C65B
[CdKeySerial] found "Evaluation period" @ VA: 0x0057E6BA / Offset: 0x0057C8BA
[CdKeySerial] found "License key" @ VA: 0x0057E71A / Offset: 0x0057C91A
[CdKeySerial] found "License key" @ VA: 0x0057E741 / Offset: 0x0057C941
[CdKeySerial] found "License key" @ VA: 0x0057E83D / Offset: 0x0057CA3D
[CdKeySerial] found "License key" @ VA: 0x0057E8BC / Offset: 0x0057CABC
[CdKeySerial] found "License key" @ VA: 0x0057E8E3 / Offset: 0x0057CAE3
[CdKeySerial] found "License key" @ VA: 0x0057E9FB / Offset: 0x0057CBFB
[CdKeySerial] found "SerialNumber" @ VA: 0x015269A5 / Offset: 0x01524BA5
- Scan Took : 4.584 Second(s) [000001140h (4416) tick(s)] [506 of 580 scan(s)
done]
--- snip ---
--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> C:\users\focht\Temp\Royal TS
V5\Plugins\f008c2f0-5fb3-4c5e-a8eb-8072c1183088\RoyalTS_Chromium_WP.exe
File Type : 32-Bit Exe (Subsystem : Win CUI / 3), Size : 610240 (094FC0h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x6071FED3 -> Sat 10th Apr 2021 19:38:59 (GMT)
[TimeStamp] 0x6071FED3 -> Sat 10th Apr 2021 19:38:59 (GMT) | PE Header | - |
Offset: 0x00000118 | VA: 0x00400118 | -
[TimeStamp] 0x6071FED3 -> Sat 10th Apr 2021 19:38:59 (GMT) | DebugDirectory | -
| Offset: 0x00035450 | VA: 0x00436E50 | -
[TimeStamp] 0x6071FED3 -> Sat 10th Apr 2021 19:38:59 (GMT) | DebugDirectory | -
| Offset: 0x0003546C | VA: 0x00436E6C | -
[TimeStamp] 0x6071FED3 -> Sat 10th Apr 2021 19:38:59 (GMT) | DebugDirectory | -
| Offset: 0x00035488 | VA: 0x00436E88 | -
[TimeStamp] 0x6071FED3 -> Sat 10th Apr 2021 19:38:59 (GMT) | DebugDirectory | -
| Offset: 0x000354A4 | VA: 0x00436EA4 | -
-> File Appears to be Digitally Signed @ Offset 093400h, size : 01BC0h / 07104
byte(s)
[LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64)
[!] Executable uses SEH Tables (/SAFESEH) (23 calculated 4 recorded... 18
invalid addresses)
[!] * table may be compressed / encrypted *
[LoadConfig] CodeIntegrity -> Flags 0x0 | Catalog 0x0 (0) | Catalog Offset 0x0
| Reserved 0x0
[LoadConfig] GuardAddressTakenIatEntryTable 0x0 | Count 0x0 (0)
[LoadConfig] GuardLongJumpTargetTable 0x0 | Count 0x0 (0)
[LoadConfig] HybridMetadataPointer 0x0 | DynamicValueRelocTable 0x0
[LoadConfig] FailFastIndirectProc 0x0 | FailFastPointer 0x0
[LoadConfig] UnknownZero1 0x0
[File Heuristics] -> Flag #1 : 00000100000001001100000000000100 (0x0404C004)
[Entrypoint Section Entropy] : 6.31 (section #0) ".text " | Size : 0x2C1F3
(180723) byte(s)
[DllCharacteristics] -> Flag : (0x8000) -> TSA
[SectionCount] 4 (0x4) | ImageSize 0x97000 (618496) byte(s)
[VersionInfo] Company Name : Essential Objects. Inc.
[VersionInfo] Product Name : EO.Total
[VersionInfo] Product Version : 21.0.85.0
[VersionInfo] File Description : Essential Objects Worker Process
[VersionInfo] File Version : 21.0.85.0
[VersionInfo] Original FileName : eowp.exe
[VersionInfo] Internal Name : eowp.exe
[VersionInfo] Legal Copyrights : Copyright (C) 2016
[ModuleReport] [IAT] Modules -> PSAPI.DLL | KERNEL32.dll | USER32.dll
[Debug Info] (record 1 of 4) (file offset 0x3544C)
Characteristics : 0x0 | TimeDateStamp : 0x6071FED3 (Sat 10th Apr 2021 19:38:59
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x4C (76)
AddressOfRawData : 0x36F90 | PointerToRawData : 0x35590
CvSig : 0x53445352 | SigGuid 62848200-1F7D-4E91-87BF2FFC415F7374
Age : 0x1 (1) | Pdb : C:\Development\EO\Products\All\out\Release\eowp.pdb
[Debug Info] (record 2 of 4) (file offset 0x35468)
Characteristics : 0x0 | TimeDateStamp : 0x6071FED3 (Sat 10th Apr 2021 19:38:59
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 12 (0xC) -> Undocumented | Size : 0x14 (20)
AddressOfRawData : 0x36FDC | PointerToRawData : 0x355DC
[Debug Info] (record 3 of 4) (file offset 0x35484)
Characteristics : 0x0 | TimeDateStamp : 0x6071FED3 (Sat 10th Apr 2021 19:38:59
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 13 (0xD) -> Undocumented | Size : 0x290 (656)
AddressOfRawData : 0x36FF0 | PointerToRawData : 0x355F0
[Debug Info] (record 4 of 4) (file offset 0x354A0)
Characteristics : 0x0 | TimeDateStamp : 0x6071FED3 (Sat 10th Apr 2021 19:38:59
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 14 (0xE) -> Undocumented | Size : 0x0 (0)
AddressOfRawData : 0x0 | PointerToRawData : 0x0
[Raw/Hidden Debug Record] (File Offset 0x8D704)
CvSig : 0x53445352 | SigGuid D6016D2F-4805-4F61-A0EE7B755B507544
Age : 0x1 (1) | Pdb :
C:\Development\EO\OpenSource\zlib-1.2.11\contrib\vstudio\vc14\x86\ZlibDllReleaseWithoutAsm\zlibwapi.pdb
[CdKeySerial] found "Invalid code" @ VA: 0x0008ECC8 / Offset: 0x0008D0C8
[CdKeySerial] found "Invalid code" @ VA: 0x0008ED00 / Offset: 0x0008D100
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.530 Second(s) [000000212h (530) tick(s)] [506 of 580 scan(s)
done]
--- snip ---
$ wine --version
wine-6.23-79-g316a358b0f7
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list