[Bug 37487] Multiple applications need ntdll.NtOpenFile to support opening files through NT device paths '\\SystemRoot\\' (Quicken 2014, Tencent QQProtect Application 'QQProtect.sys', SmartGaga)

WineHQ Bugzilla wine-bugs at winehq.org
Fri Feb 12 05:29:48 CST 2021 

https://bugs.winehq.org/show_bug.cgi?id=37487

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|http://www.chip.de/download |https://web.archive.org/web
                   |s/Quicken-2014-Vollversion_ |/20210212084041/https://dlg
                   |68671713.html               |bit.winfuture.de/djQ7tSh5Sd
                   |                            |rBWqwLnqKALg/1613162398/317
                   |                            |2/software/Quicken/Quicken_
                   |                            |2014tb.exe

--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting, still present.

Quicken 2014 installer prerequisites:

* 'winetricks -q msxml3'
* 'winetricks -q dotnet40' (optional, for later bugs)

Trace log:

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files (x86)/Lexware/Quicken/2014

$ WINEDEBUG=+seh,+relay,+ntdll wine ./QwStart.exe >>log.txt 2>&1
...
0100:Call ntdll.RtlInitUnicodeString(0031ef8c,006cee98
L"\\SystemRoot\\SysWOW64\\ntdll.dll") ret=006cbb29
0100:Ret  ntdll.RtlInitUnicodeString() retval=0000003e ret=006cbb29
0100:Call
ntdll.NtOpenFile(0031efa4,80100000,0031ef6c,0031ef84,00000005,00000000)
ret=006cbb60
0100:Ret  ntdll.NtOpenFile() retval=c000003a ret=006cbb60
--- snip ---

The failure is not critical though, it tries more native NT path variants
later.

--- snip ---
...
0100:Call KERNEL32.GetModuleHandleW(006ce2e8 L"ntdll.dll") ret=006c1bb9
0100:Call ntdll.RtlInitUnicodeString(0031f66c,006ce2e8 L"ntdll.dll")
ret=7b01b8c4
0100:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7b01b8c4
0100:Call ntdll.LdrGetDllHandle(00000000,00000000,0031f66c,0031f668)
ret=7b01b8d2
0100:Ret  ntdll.LdrGetDllHandle() retval=00000000 ret=7b01b8d2
0100:Ret  KERNEL32.GetModuleHandleW() retval=7bc00000 ret=006c1bb9
0100:Call KERNEL32.GetModuleHandleW(006ce2fc L"kernel32.dll") ret=006c1bcd
0100:Call ntdll.RtlInitUnicodeString(0031f66c,006ce2fc L"kernel32.dll")
ret=7b01b8c4
0100:Ret  ntdll.RtlInitUnicodeString() retval=0000001a ret=7b01b8c4
0100:Call ntdll.LdrGetDllHandle(00000000,00000000,0031f66c,0031f668)
ret=7b01b8d2
0100:Ret  ntdll.LdrGetDllHandle() retval=00000000 ret=7b01b8d2
0100:Ret  KERNEL32.GetModuleHandleW() retval=7b600000 ret=006c1bcd
0100:Call KERNEL32.GetModuleHandleW(006ce318 L"user32.dll") ret=006c1be1
0100:Call ntdll.RtlInitUnicodeString(0031f66c,006ce318 L"user32.dll")
ret=7b01b8c4
0100:Ret  ntdll.RtlInitUnicodeString() retval=00000016 ret=7b01b8c4
0100:Call ntdll.LdrGetDllHandle(00000000,00000000,0031f66c,0031f668)
ret=7b01b8d2
0100:Ret  ntdll.LdrGetDllHandle() retval=00000000 ret=7b01b8d2
0100:Ret  KERNEL32.GetModuleHandleW() retval=10000000 ret=006c1be1
0100:Call
ntdll.NtQueryVirtualMemory(ffffffff,7bc00000,00000002,0031f5fc,00000008,0031f604)
ret=006cbdf3
0100:Ret  ntdll.NtQueryVirtualMemory() retval=80000005 ret=006cbdf3
0100:Call
ntdll.NtQueryVirtualMemory(ffffffff,7bc00000,00000002,0031f5fc,00000008,0031f604)
ret=006cbdf3
0100:Ret  ntdll.NtQueryVirtualMemory() retval=80000005 ret=006cbdf3
0100:Call ntdll.memset(01400920,00000000,0000004c) ret=006cbe5d
0100:Ret  ntdll.memset() retval=01400920 ret=006cbe5d
0100:Call
ntdll.NtQueryVirtualMemory(ffffffff,7bc00000,00000002,01400920,0000004c,0031f604)
ret=006cbe70
0100:Ret  ntdll.NtQueryVirtualMemory() retval=00000000 ret=006cbe70
0100:Call ntdll.RtlInitUnicodeString(0031f660,014008b0
L"\\??\\C:\\windows\\system32\\ntdll.dll") ret=006c5669
0100:Ret  ntdll.RtlInitUnicodeString() retval=00000044 ret=006c5669
0100:Call
ntdll.NtCreateFile(0031f650,80100000,0031f670,0031f668,00000000,00000000,00000005,00000001,00000060,00000000,00000000)
ret=006c56b1
0100:Ret  ntdll.NtCreateFile() retval=00000000 ret=006c56b1
--- snip ---

It then runs into bug 37488

--- snip ---
0100:Call
ntdll.NtCreateSection(0031f654,000f0005,00000000,00000000,00000008,08000000,000000a4)
ret=006c56d2
0100:Ret  ntdll.NtCreateSection() retval=00000000 ret=006c56d2
0100:Call ntdll.NtClose(000000a4) ret=006c56e0
0100:Ret  ntdll.NtClose() retval=00000000 ret=006c56e0
0100:Call
ntdll.NtMapViewOfSection(000000a8,ffffffff,0031f64c,00000000,00000000,00000000,0031f658,00000002,00000000,00000008)
ret=006c570a
0100:Ret  ntdll.NtMapViewOfSection() retval=00000000 ret=006c570a
0100:Call ntdll.NtClose(000000a8) ret=006c5712
0100:Ret  ntdll.NtClose() retval=00000000 ret=006c5712
0100:Call ntdll.NtAreMappedFilesTheSame(7bc00000,01420000) ret=006c5723
0100:Ret  ntdll.NtAreMappedFilesTheSame() retval=c00000d4 ret=006c5723
0100:Call ntdll.NtUnmapViewOfSection(ffffffff,01420000) ret=006c5733
0100:Ret  ntdll.NtUnmapViewOfSection() retval=00000000 ret=006c5733
0100:trace:seh:dispatch_exception code=c0000005 flags=0 addr=006C6CC6
ip=006c6cc6 tid=0100
0100:trace:seh:dispatch_exception  info[0]=00000000
0100:trace:seh:dispatch_exception  info[1]=01420000
0100:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception
(code=c0000005) raised
0100:trace:seh:dispatch_exception  eax=00000000 ebx=00000007 ecx=01420000
edx=00005a4d esi=00000000 edi=7bc00000 
--- snip ---

Stable download links via Internet Archive:

Quicken 2014 Deluxe:

https://web.archive.org/web/20210212084041/https://dlgbit.winfuture.de/djQ7tSh5SdrBWqwLnqKALg/1613162398/3172/software/Quicken/Quicken_2014tb.exe

Quicken 2015 free:

https://web.archive.org/web/20210212083345/https://securedl.cdn.chip.de/downloads/25033498/Quicken2015Free.exe?cid=68671712&platform=chip&1613118496-1613125996-17a5be-B-a2ce8eb43eb9b7c81ffd6b32e9b647d6.exe=

SmartGaga 1.1.646.1:

https://web.archive.org/web/20210212083145/https://dl.filehorse.com/win/desktop-enhancements/smartgaga/SmartGaGa-1.1.646.1.exe?st=UXb-Ylz8he_QMz7inrvzTA&e=1613205052&fn=Setup_AndroidFs442_1.1.646.1.exe

$ sha1sum Quicken_2014tb.exe 
d2374d907e2ee568f1f93dba48afd602723dcad6f  Quicken_2014tb.exe

$ du -sh Quicken_2014tb.exe 
319M    Quicken_2014tb.exe

$ wine --version
wine-6.1-315-gb922b5aeef1

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list