[Bug 21038] F-Secure BlackLight Engine 2.2.x (Rootkit scanner) crashes after accepting license agreement (Wine on-disk placeholder dlls sections must be padded with data up to section virtual size)

WineHQ Bugzilla wine-bugs at winehq.org
Sat Jan 16 09:08:39 CST 2021 

https://bugs.winehq.org/show_bug.cgi?id=21038

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|-unknown                    |kernel32
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED
                URL|ftp://ftp.f-secure.com/anti |https://web.archive.org/web
                   |-virus/tools/fsbl.exe       |/20210116145628/ftp://ftp.f
                   |                            |-secure.com/anti-virus/tool
                   |                            |s/fsbl.exe
      Fixed by SHA1|                            |0c631ebb2354334eaf309bc0765
                   |                            |d3283654cf902

--- Comment #14 from Anastasius Focht <focht at gmx.net> ---
Hello Gijs,

--- quote ---
Is it possible this bug is fixed? With wine-6.0-rc6 there is a non-fatal page
fault after accepting the license agreement, but the app still starts.
--- quote ---

thanks for the reminder. Yes, it was fixed by commit
https://source.winehq.org/git/wine.git/commitdiff/0c631ebb2354334eaf309bc0765d3283654cf902
("kernel32: Build with msvcrt.").

Part of Wine 5.19 release.

Thanks Alexandre.

There is bug 15437 ("Multiple programs using madCodeHook crash (in-memory PE
image of Wine builtins vs. ELF image on disk)") which references same commit
sha1. Bug 15437 is about EAT/IAT validation between on-disk image and mapped PE
images. The problem here is about PE section layout/requirements hence it makes
sense to keep it separate.

Although it was pretty clear which Wine releases/commits to check for (comment
#12), I wrote small autohotkey and shell script to automate the task. 

'bug21038.ahk':

---snip ---
FileDelete, c:\fsbl.fail

Run, fsbl.exe
WinWait, F-Secure BlackLight,,10
if ErrorLevel
{
    FileAppend,, c:\fsbl.fail
    Exit
}
Sleep, 1000
ControlClick,I accept the agreement
ControlClick,Next >

Loop, 5
{
    Sleep, 1000
    Process, Exist, winedbg.exe
    If ErrorLevel
    {
        FileAppend,, c:\fsbl.fail
        Process, Close, winedbg.exe
        Exit
    }
}
Process, Close, fsbl.exe 
--- snip ---

Shell script 'bug21038_test.sh' for running the autohotkey script against a
number of Wine releases:

--- snip ---
for ver in 2.0 3.0 4.0 5.{0..22} 6.0 ; do (echo "#####"
  export WINEPREFIX=~/wineprefix-bug21038 && rm -rf $WINEPREFIX
  export WINEARCH=win32
  wine_register_path $ver
  winetricks -q autohotkey &> /dev/null ;
  wine "c:\\Program Files\\AutoHotkey\\AutoHotkey.exe" bug21038.ahk 2>&1 | \
    egrep "(debugger|overflow)" ; \
    [ -f $WINEPREFIX/drive_c/fsbl.fail ] && echo "FSBL fail." || \
    echo "FSBL ok."
  wineserver -w) ;
  rm -f fsbl-*.log
done
--- snip ---

Output:

--- snip ---
$ bash bug21038_test.sh 
#####
Active Wine version: wine-2.0
wine: Unhandled page fault on read access to 0x00361000 at address 0x43ae2a
(thread 004e), starting debugger...
FSBL fail.
#####
Active Wine version: wine-3.0
wine: Unhandled page fault on read access to 0x003b1000 at address 0x44656d
(thread 0053), starting debugger...
FSBL fail.
#####
Active Wine version: wine-4.0
0053:err:seh:setup_exception_record stack overflow 1212 bytes in thread 0053
eip 7bc8463c esp 00240e74 stack 0x240000-0x241000-0x340000
FSBL fail.
#####
Active Wine version: wine-5.0
wine: Unhandled page fault on read access to 09E11000 at address 0044656D
(thread 0054), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.1
wine: Unhandled page fault on read access to 09FD1000 at address 0044656D
(thread 0054), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.2
wine: Unhandled page fault on read access to 01A71000 at address 0044656D
(thread 0054), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.3
wine: Unhandled page fault on read access to 09E31000 at address 0044656D
(thread 0054), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.4
wine: Unhandled page fault on read access to 09E31000 at address 0044656D
(thread 0054), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.5
wine: Unhandled page fault on read access to 0A171000 at address 0044656D
(thread 0054), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.6
wine: Unhandled page fault on read access to 0A171000 at address 0044656D
(thread 0054), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.7
wine: Unhandled page fault on read access to 0A171000 at address 0043AE2A
(thread 0055), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.8
wine: Unhandled page fault on read access to 0A1B1000 at address 0044656D
(thread 014c), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.9
wine: Unhandled page fault on read access to 09921000 at address 0044656D
(thread 014c), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.10
wine: Unhandled page fault on read access to 09921000 at address 0043AE2A
(thread 0164), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.11
wine: Unhandled page fault on read access to 09921000 at address 0043AE2A
(thread 0164), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.12
wine: Unhandled page fault on read access to 09DAC000 at address 00412535
(thread 015c), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.13
wine: Unhandled page fault on read access to 09DAC000 at address 00412535
(thread 015c), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.14
wine: Unhandled page fault on read access to 09CBC000 at address 00412535
(thread 015c), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.15
015c:err:virtual:virtual_setup_exception stack overflow 860 bytes in thread
015c addr 0xf7d7820f stack 0x220ca4 (0x220000-0x221000-0x320000)
FSBL fail.
#####
Active Wine version: wine-5.16
wine: Unhandled page fault on read access to 09B19000 at address 0044656D
(thread 015c), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.17
wine: Unhandled page fault on read access to 09C59000 at address 0044656D
(thread 0184), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.18
wine: Unhandled page fault on read access to 0152A000 at address 0044656D
(thread 01e8), starting debugger...
FSBL fail.
#####
Active Wine version: wine-5.19
FSBL ok.
#####
Active Wine version: wine-5.20
FSBL ok.
#####
Active Wine version: wine-5.21
FSBL ok.
#####
Active Wine version: wine-5.22
FSBL ok.
#####
Active Wine version: wine-6.0
FSBL ok.
--- snip ---

After that it was only a small step left to check Wine 5.19 shortlog.

$ wine --version
wine-6.0-40-g00401d22782

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list