[Bug 19505] Multiple MDI-based applications crash on startup due to insertion of system menu into MDI frame menu (AMIS Daisy Book Reader, EEP v5-v16 - Eisenbahn.exe)

Mon Feb 15 16:31:49 CST 2021

https://bugs.winehq.org/show_bug.cgi?id=19505

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Multiple MDI-based          |Multiple MDI-based
                   |applications crash on       |applications crash on
                   |startup due to insertion of |startup due to insertion of
                   |system menu into MDI frame  |system menu into MDI frame
                   |menu (AMIS Daisy Book       |menu (AMIS Daisy Book
                   |Reader, EEP 5)              |Reader, EEP v5-v16 -
                   |                            |Eisenbahn.exe)

--- Comment #19 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting, still present. I encountered this problem again while investigating
a crash related to the DRM scheme of EEP 14.0 - Eisenbahn.exe (Basic-Version)
with mainline Wine.

https://store.steampowered.com/app/722190/EEP_14/

It was 2,39 EUR on Steam = cheap enough for one debug session so I looked into
it. This bug is a follow-up to the DRM problem.

Adjusting the summary accordingly. It's likely present even with latest EEP 16. 

--- snip ---
$ pwd
/home/focht/wine-games/wineprefix64-steam/drive_c/Program Files (x86)/Steam

$ WINEDEBUG=+pid,+seh,+relay wine ./steam.exe \
      -no-cef-sandbox -applaunch 722190 >>log_ 2>&1 
...
041c:0420:Call window proc 0000000008DEE6A0
(hwnd=00000000000202FA,msg=WM_GETTEXT,wp=00000100,lp=0021c910)
...
041c:0420:Call user32.DefMDIChildProcA(000202fa,0000000d,00000100,0021c910)
ret=08f5f1b2
041c:0420:Ret  user32.DefMDIChildProcA() retval=00000000 ret=08f5f1b2
041c:0420:Ret  window proc 0000000008DEE6A0
(hwnd=00000000000202FA,msg=WM_GETTEXT,wp=00000100,lp=0021c910) retval=00000000
041c:0420:Ret  user32.GetWindowTextA() retval=00000000 ret=08f83457
041c:0420:Call KERNEL32.lstrcmpA(0021c910 "",0021ca70 "") ret=08f83469
...
041c:0420:Ret  KERNEL32.lstrcmpA() retval=00000000 ret=08f83469
041c:0420:Call user32.GetWindowRect(000102dc,0021ec70) ret=1401f7cb1
041c:0420:Ret  user32.GetWindowRect() retval=00000001 ret=1401f7cb1
...
041c:0420:Call user32.GetMenu(000102dc) ret=08f74aa9
041c:0420:Ret  user32.GetMenu() retval=00010250 ret=08f74aa9
...
041c:0420:Call
user32.ModifyMenuA(00010250,00000000,00000400,00000000,140967100) ret=1401e9fe9
...
041c:0420:Call ntdll.strlen(140967100 "&File") ret=7b027564
041c:0420:Ret  ntdll.strlen() retval=00000005 ret=7b027564
041c:0420:Ret  user32.ModifyMenuA() retval=00000001 ret=1401e9fe9
...
041c:0420:Call user32.GetMenu(000102dc) ret=08f74aa9
041c:0420:Ret  user32.GetMenu() retval=00010250 ret=08f74aa9
...
041c:0420:Call
user32.ModifyMenuA(00010250,00000001,00000400,00000001,140967100) ret=1401ea02c
...
041c:0420:Call ntdll.strlen(140967100 "&Insert") ret=7b027564
041c:0420:Ret  ntdll.strlen() retval=00000007 ret=7b027564
041c:0420:Ret  user32.ModifyMenuA() retval=00000001 ret=1401ea02c
...
041c:0420:Call user32.GetMenu(000102dc) ret=08f74aa9
041c:0420:Ret  user32.GetMenu() retval=00010250 ret=08f74aa9
...
041c:0420:Call
user32.ModifyMenuA(00010250,00000002,00000400,00000002,140967100) ret=1401ea06f
...
041c:0420:Call ntdll.strlen(140967100 "&View") ret=7b027564
041c:0420:Ret  ntdll.strlen() retval=00000005 ret=7b027564
041c:0420:Ret  user32.ModifyMenuA() retval=00000001 ret=1401ea06f
...
041c:0420:Call user32.GetMenu(000102dc) ret=08f74aa9
041c:0420:Ret  user32.GetMenu() retval=00010250 ret=08f74aa9
...
041c:0420:Call user32.GetSubMenu(00010250,00000002) ret=1401ea0b0
041c:0420:Ret  user32.GetSubMenu() retval=00010254 ret=1401ea0b0
...
041c:0420:Call user32.ModifyMenuA(00010254,0000000a,00000400,00008fea,00dc51b8)
ret=1401ea0e6
...
041c:0420:Call ntdll.strlen(00dc51b8 "View 2D window") ret=7b027564
041c:0420:Ret  ntdll.strlen() retval=0000000e ret=7b027564
041c:0420:Ret  user32.ModifyMenuA() retval=00000000 ret=1401ea0e6
041c:0420:Call user32.GetMenu(000102dc) ret=08f74aa9
041c:0420:Ret  user32.GetMenu() retval=00010250 ret=08f74aa9
...
041c:0420:Call user32.GetSubMenu(00010250,00000002) ret=1401ea102
041c:0420:Ret  user32.GetSubMenu() retval=00010254 ret=1401ea102
...
041c:0420:Call user32.GetSubMenu(00010254,0000000a) ret=1401ea119
041c:0420:Ret  user32.GetSubMenu() retval=00000000 ret=1401ea119
...
041c:0420:Call ucrtbase.memcmp(00e9d670,140658f88,0000000d) ret=14023d977
041c:0420:Ret  ucrtbase.memcmp() retval=00000000 ret=14023d977
041c:0420:Call ucrtbase.memcmp(00e9e8f0,140659118,0000000b) ret=14023da77
041c:0420:Ret  ucrtbase.memcmp() retval=00000000 ret=14023da77
041c:0420:trace:seh:dispatch_exception code=c0000005 flags=0
addr=00000001401EA14A ip=00000001401EA14A tid=0420
041c:0420:trace:seh:dispatch_exception  info[0]=0000000000000000
041c:0420:trace:seh:dispatch_exception  info[1]=0000000000000008
041c:0420:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception
(code=c0000005) raised
041c:0420:trace:seh:dispatch_exception  rax=0000000040967100
rbx=000000004082fc80 rcx=0000000000000000 rdx=0000000000000000
041c:0420:trace:seh:dispatch_exception  rsi=000000004082fc80
rdi=0000000000000000 rbp=0000000040000000 rsp=000000000021cec0
041c:0420:trace:seh:dispatch_exception   r8=0000000000000400 
r9=0000000000000000 r10=000000000021c8c5 r11=0000000000000000
041c:0420:trace:seh:dispatch_exception  r12=000000000cdcacf0
r13=00000000ffffffff r14=0000000000000000 r15=0000000000000001
041c:0420:trace:seh:call_vectored_handlers calling handler at 000000007B011FE0
code=c0000005 flags=0
041c:0420:trace:seh:call_vectored_handlers handler at 000000007B011FE0 returned
0
...
041c:0420:trace:seh:call_handler calling handler 00000001405C1FE7
(rec=00000000001245A0, frame=000000000021FD70 context=0000000000123B90,
dispatch=0000000000123A58)
041c:0420:Call ntdll.__C_specific_handler(001245a0,0021fd70,001240b0,00123a58)
ret=7bc52686
041c:0420:trace:seh:__C_specific_handler 00000000001245A0 000000000021FD70
00000000001240B0 0000000000123A58
041c:0420:trace:seh:dump_scope_table scope table at 0000000140798550
041c:0420:trace:seh:dump_scope_table   0: 00000001405193C8-00000001405194D0
handler 0000000140600986 target 00000001405194D0
041c:0420:trace:seh:dump_scope_table   1: 00000001405194FF-0000000140519511
handler 0000000140600986 target 00000001405194D0
041c:0420:trace:seh:__C_specific_handler calling filter 0000000140600986 ptrs
0000000000123938 frame 000000000021FD70
041c:0420:Call ucrtbase._seh_filter_exe(c0000005,00123938) ret=14060099c
041c:0420:trace:seh:_XcptFilter (c0000005,0000000000123938)
041c:0420:Ret  ucrtbase._seh_filter_exe() retval=00000000 ret=14060099c
041c:0420:Ret  ntdll.__C_specific_handler() retval=00000001 ret=7bc52686
041c:0420:trace:seh:call_handler handler at 00000001405C1FE7 returned 1
041c:0420:trace:seh:RtlVirtualUnwind type 1 rip 000000007B62A009 rsp
000000000021FDB0
...
041c:0420:err:virtual:virtual_setup_exception stack overflow 2000 bytes in
thread 0420 addr 0x7bc521fd stack 0x120830 (0x120000-0x121000-0x220000)
0420: *killed* exit_code=0
--- snip ---

The 64-bit versions of the game will end up with stack overflow during
unwinding. The old 32-bit versions of the game trigger the crash reporter.

Most likely related:

https://github.com/ValveSoftware/Proton/issues/3031

As already mentioned, there is a preceding crash with mainline Wine in the DRM
scheme of EEP, related to the process memory organization. It's not encountered
with Wine-Staging and derivative projects (Proton et al). I will probably
create an extra bug later instead of commenting in messed up threads. On the
other hand there is Janrupf (from the Proton issue) trying out x64dbg after
getting a helping hand of mine on IRC. Maybe I wait a bit to not spoil the
fun/challenge for him - it's not that hard to figure out ;-)

$ wine --version
wine-6.2

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.