[Bug 50599] New: Game Protect Kit (GPK) 'SDGame32.sys' kernel driver crashes on unimplemented function 'ntoskrnl.exe.KdDisableDebugger' (Dragon Nest)
WineHQ Bugzilla
wine-bugs at winehq.org
Sun Jan 31 14:34:21 CST 2021
https://bugs.winehq.org/show_bug.cgi?id=50599
Bug ID: 50599
Summary: Game Protect Kit (GPK) 'SDGame32.sys' kernel driver
crashes on unimplemented function
'ntoskrnl.exe.KdDisableDebugger' (Dragon Nest)
Product: Wine
Version: 6.1
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntoskrnl
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
continuation of bug 50417 ("Multiple game launchers protected by Game Protect
Kit (GPK) crash on startup (dummy PEB->KernelCallbackTable needed)(Dragon Nest,
Age of Wushu)").
Download links:
Small "web" downloader:
https://web.archive.org/web/20201228204714/http://dn.clientdown.sdo.com.sd.qcloudcdn.com/Dn_Download/DN_407_downloader_signed.exe
Full client:
http://dn.clientdown.sdo.com/Ver.407Full/DragonNest_v407_Setup.exe
http://dn.clientdown.sdo.com/Ver.407Full/DragonNest_v407.7z.001
http://dn.clientdown.sdo.com/Ver.407Full/DragonNest_v407.7z.002
http://dn.clientdown.sdo.com/Ver.407Full/DragonNest_v407.7z.003
Relevant part of trace log:
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/DragonNest
$ WINEDEBUG=+seh,+relay,+loaddll,+ntoskrnl,+service wine ./DNLauncher.exe
>>log.txt 2>&1
...
003c:trace:service:load_service_config Image path = L"C:\\Program
Files\\DragonNest\\GPK\\SDGame32.sys"
003c:trace:service:load_service_config Group = (null)
003c:trace:service:load_service_config Service account name = L"LocalSystem"
003c:trace:service:load_service_config Display name = L"SDGame32"
003c:trace:service:load_service_config Service dependencies : (none)
003c:trace:service:load_service_config Group dependencies : (none)
...
0024:Call advapi32.CreateServiceW(001f1f40,02e6fe00 L"SDGame32",02e6fe00
L"SDGame32",000f01ff,00000001,00000003,00000001,0121c8fc L"C:\\Program
Files\\DragonNest\\GPK\\SDGame32.sys",00000000,00000000,00000000,00000000,00000000)
ret=02fa6372
...
0024:trace:service:CreateServiceW 001F1F40 L"SDGame32" L"SDGame32"
...
0110:trace:service:svcctl_CreateServiceWOW64W (L"SDGame32", L"SDGame32",
0xf01ff, L"C:\\Program Files\\DragonNest\\GPK\\SDGame32.sys")
0110:trace:service:create_serviceW (L"SDGame32", L"SDGame32", 0xf01ff,
L"C:\\Program Files\\DragonNest\\GPK\\SDGame32.sys")
...
0130:trace:ntoskrnl:load_driver loading driver L"C:\\Program
Files\\DragonNest\\GPK\\SDGame32.sys"
0130:Call KERNEL32.LoadLibraryW(00043f40 L"C:\\Program
Files\\DragonNest\\GPK\\SDGame32.sys") ret=0032606e
...
0130:trace:loaddll:build_module Loaded L"C:\\Program
Files\\DragonNest\\GPK\\SDGame32.sys" at 0000000000D60000: native
0130:Call LDR notification callback
(proc=00000000003274E0,reason=1,data=0000000000C3F2D0,context=0000000000000000)
....
0130:trace:ntoskrnl:ldr_notify_callback loading L"SDGame32.sys"
...
0130:trace:ntoskrnl:ldr_notify_callback relocating from
0000000140000000-0000000140232000 to 0000000000D60000-0000000000F92000
...
0130:Ret LDR notification callback
(proc=00000000003274E0,reason=1,data=0000000000C3F2D0,context=0000000000000000)
...
0130:Ret KERNEL32.LoadLibraryW() retval=00d60000 ret=0032606e
...
0130:Call driver init 0000000000D70A60
(obj=0000000000043D90,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\SDGame32")
...
0130:Call ntoskrnl.exe.MmGetSystemRoutineAddress(00c3f790) ret=00f8e5b3
....
0130:trace:ntoskrnl:MmGetSystemRoutineAddress L"PsReferenceProcessFilePointer"
-> 00000000003184B0
0130:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=003184b0 ret=00f8e5b3
...
0130:Call ntoskrnl.exe.ObGetFilterVersion() ret=00f8ce82
0130:fixme:ntoskrnl:ObGetFilterVersion stub:
0130:Ret ntoskrnl.exe.ObGetFilterVersion() retval=00000100 ret=00f8ce82
0130:Call ntoskrnl.exe.RtlInitUnicodeString(00c3f6b0,00d6c4a0 L"SD321000-2015")
ret=00f8cec3
...
0130:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=0000001c ret=00f8cec3
0130:Call ntoskrnl.exe.ObRegisterCallbacks(00c3f6c0,00d6e0b0) ret=00f8ceeb
0130:fixme:ntoskrnl:ObRegisterCallbacks callback 0000000000C3F6C0, handle
0000000000D6E0B0.
0130:Ret ntoskrnl.exe.ObRegisterCallbacks() retval=00000000 ret=00f8ceeb
...
0130:Call
ntoskrnl.exe.PsCreateSystemThread(00c3f7f0,00000000,00000000,00000000,00000000,00d632f0,00042610)
ret=00f8e5df
0130:Call
ntdll.RtlCreateUserThread(ffffffffffffffff,00000000,00000000,00000000,00000000,00000000,00d632f0,00042610,00c3f7f0,00000000)
ret=0032464d
0130:Ret ntdll.RtlCreateUserThread() retval=00000000 ret=0032464d
0130:Ret ntoskrnl.exe.PsCreateSystemThread() retval=00000000 ret=00f8e5df
...
0130:Call
ntoskrnl.exe.IoCreateDevice(00043d90,00000000,00c3f780,00008303,00000000,6f725000,00c3f7f8)
ret=00f8e658
0130:Ret KERNEL32.IsBadStringPtrW() retval=00000000 ret=003277c8
0130:trace:ntoskrnl:IoCreateDevice (0000000000043D90, 0,
L"\\Device\\SDGGameLoader", 33539, 0, 0, 0000000000C3F7F8)
...
0130:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=00f8e658
...
0130:Call ntoskrnl.exe.PsSetCreateProcessNotifyRoutine(00d62340,00000000)
ret=00f8e743
0130:fixme:ntoskrnl:PsSetCreateProcessNotifyRoutine stub: 0000000000D62340 0
0130:Ret ntoskrnl.exe.PsSetCreateProcessNotifyRoutine() retval=00000000
ret=00f8e743
0130:Call ntoskrnl.exe.PsGetCurrentProcessId() ret=00f8e74e
0130:Ret ntoskrnl.exe.PsGetCurrentProcessId() retval=00000120 ret=00f8e74e
...
0130:trace:ntoskrnl:IoCreateSymbolicLink L"\\DosDevices\\SDGGameLoader" ->
L"\\Device\\SDGGameLoader"
...
0130:Ret driver init 0000000000D70A60
(obj=0000000000043D90,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\SDGame32")
retval=00000000
...
0130:trace:ntoskrnl:init_driver init done for L"SDGame32" obj 0000000000043D90
0130:trace:ntoskrnl:init_driver - DriverInit = 0000000000D70A60
0130:trace:ntoskrnl:init_driver - DriverStartIo = 0000000000000000
0130:trace:ntoskrnl:init_driver - DriverUnload = 0000000000D63710
0130:trace:ntoskrnl:init_driver - MajorFunction[0] = 0000000000D626A0
0130:trace:ntoskrnl:init_driver - MajorFunction[1] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[2] = 0000000000D626A0
0130:trace:ntoskrnl:init_driver - MajorFunction[3] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[4] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[5] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[6] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[7] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[8] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[9] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[10] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[11] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[12] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[13] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[14] = 0000000000D626A0
0130:trace:ntoskrnl:init_driver - MajorFunction[15] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[16] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[17] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[18] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[19] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[20] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[21] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[22] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[23] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[24] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[25] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[26] = 0000000000320FA0
0130:trace:ntoskrnl:init_driver - MajorFunction[27] = 0000000000320FA0
....
0138:Starting thread proc 0000000000D632F0 (arg=0000000000042610)
0138:Call KERNEL32.BaseThreadInitThunk(00000000,00d632f0,00042610) ret=7bc57a22
0138:Call ntoskrnl.exe.KeDelayExecutionThread(00000000,00000000,0109fcb0)
ret=00f8cfbd
0138:trace:ntoskrnl:KeDelayExecutionThread mode 0, alertable 0, timeout
000000000109FCB0.
0138:Call ntdll.NtDelayExecution(00000000,0109fcb0) ret=0032c924
0138:Ret ntdll.NtDelayExecution() retval=00000000 ret=0032c924
0138:Ret ntoskrnl.exe.KeDelayExecutionThread() retval=00000000 ret=00f8cfbd
0138:trace:seh:dispatch_exception code=80000100 flags=1 addr=000000007B012AF2
ip=000000007B012AF2 tid=0138
0138:trace:seh:dispatch_exception info[0]=000000000034f000
0138:trace:seh:dispatch_exception info[1]=0000000000351090
wine: Call from 000000007B012AF2 to unimplemented function
ntoskrnl.exe.KdDisableDebugger, aborting
0138:trace:seh:call_vectored_handlers calling handler at 000000000031D2F0
code=80000100 flags=1
0138:trace:seh:call_vectored_handlers handler at 000000000031D2F0 returned 0
0138:trace:seh:call_vectored_handlers calling handler at 000000007B011BA0
code=80000100 flags=1
0138:trace:seh:call_vectored_handlers handler at 000000007B011BA0 returned 0
...
wine: Unimplemented function ntoskrnl.exe.KdDisableDebugger called at address
000000007B012AF2 (thread 0138), starting debugger...
--- snip ---
Microsoft docs:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-kddisabledebugger
Wine source:
https://source.winehq.org/git/wine.git/blob/47ac628b4a4e476c1b044765c95d5be2a7101d14:/dlls/ntoskrnl.exe/ntoskrnl.exe.spec#l518
--- snip ---
518 @ stub KdDisableDebugger
--- snip ---
I think returning 'STATUS_DEBUGGER_INACTIVE' is the most sensible thing:
--- snip ---
...
0138:Call ntoskrnl.exe.KdDisableDebugger() ret=00f8cfd3
0138:trace:ntoskrnl:KdDisableDebugger .
0138:Ret ntoskrnl.exe.KdDisableDebugger() retval=c0000354 ret=00f8cfd3
...
0138:Call
ntoskrnl.exe.ObOpenObjectByName(0109fc80,0034d0d0,00000000,00000000,00000000,00000000,0109fcb8)
ret=00f8d006
...
0138:trace:ntoskrnl:ObOpenObjectByName attr(0000000000000000 L"\\Driver\\NtIce"
40) 000000000034D0D0 0 0000000000000000 0 0000000000000000 000000000109FCB8
...
0138:trace:ntoskrnl:ObReferenceObjectByName mostly-stub:L"\\Driver\\NtIce" 64
0000000000000000 0 000000000034D0D0 0 0000000000000000 000000000109FB68
0138:fixme:ntoskrnl:ObReferenceObjectByName Unhandled ObjectType
...
0138:fixme:ntoskrnl:ObReferenceObjectByName Object (L"\\Driver\\NtIce") not
found, may not be tracked.
0138:Ret ntoskrnl.exe.ObOpenObjectByName() retval=c0000002 ret=00f8d006
...
0138:Call
ntoskrnl.exe.ObOpenObjectByName(0109fc80,0034d0d0,00000000,00000000,00000000,00000000,0109fcc0)
ret=00f8d081
...
0138:trace:ntoskrnl:ObOpenObjectByName attr(0000000000000000 L"\\Driver\\Syser"
40) 000000000034D0D0 0 0000000000000000 0 0000000000000000 000000000109FCC0
...
0138:trace:ntoskrnl:ObReferenceObjectByName mostly-stub:L"\\Driver\\Syser" 64
0000000000000000 0 000000000034D0D0 0 0000000000000000 000000000109FB68
0138:fixme:ntoskrnl:ObReferenceObjectByName Unhandled ObjectType
...
0138:fixme:ntoskrnl:ObReferenceObjectByName Object (L"\\Driver\\Syser") not
found, may not be tracked.
0138:Ret ntoskrnl.exe.ObOpenObjectByName() retval=c0000002 ret=00f8d081
...
0138:Call
ntoskrnl.exe.ObOpenObjectByName(0109fc80,0034d0d0,00000000,00000000,00000000,00000000,0109fcc8)
ret=00f8d0fc
...
0138:trace:ntoskrnl:ObOpenObjectByName attr(0000000000000000
L"\\Driver\\FILEMON" 40) 000000000034D0D0 0 0000000000000000 0 0000000000000000
000000000109FCC8
...
0138:trace:ntoskrnl:ObReferenceObjectByName mostly-stub:L"\\Driver\\FILEMON" 64
0000000000000000 0 000000000034D0D0 0 0000000000000000 000000000109FB68
0138:fixme:ntoskrnl:ObReferenceObjectByName Unhandled ObjectType
...
0138:fixme:ntoskrnl:ObReferenceObjectByName Object (L"\\Driver\\FILEMON") not
found, may not be tracked.
0138:Ret ntoskrnl.exe.ObOpenObjectByName() retval=c0000002 ret=00f8d0fc
...
0138:Call
ntoskrnl.exe.ObOpenObjectByName(0109fc80,0034d0d0,00000000,00000000,00000000,00000000,0109fcd0)
ret=00f8d177
...
0138:trace:ntoskrnl:ObOpenObjectByName attr(0000000000000000
L"\\Driver\\FILEMON701" 40) 000000000034D0D0 0 0000000000000000 0
0000000000000000 000000000109FCD0
...
0138:trace:ntoskrnl:ObReferenceObjectByName mostly-stub:L"\\Driver\\FILEMON701"
64 0000000000000000 0 000000000034D0D0 0 0000000000000000 000000000109FB68
0138:fixme:ntoskrnl:ObReferenceObjectByName Unhandled ObjectType
...
0138:fixme:ntoskrnl:ObReferenceObjectByName Object (L"\\Driver\\FILEMON701")
not found, may not be tracked.
0138:Ret ntoskrnl.exe.ObOpenObjectByName() retval=c0000002 ret=00f8d177
0138:Call ntoskrnl.exe.KeDelayExecutionThread(00000000,00000000,0109fcb0)
ret=00f8cfbd
0138:trace:ntoskrnl:KeDelayExecutionThread mode 0, alertable 0, timeout
000000000109FCB0.
0138:Call ntdll.NtDelayExecution(00000000,0109fcb0) ret=0032c964
--- snip ---
$ sha1sum DN_407_downloader_signed.exe
a42ec8020a3301f621806423154eb69153727a48 DN_407_downloader_signed.exe
$ du -sh DN_407_downloader_signed.exe
3.6M DN_407_downloader_signed.exe
$ sha1sum DragonNest_v407*
833939e2f029e6ec4b20a1048901742087ac24a2 DragonNest_v407.7z.001
9b94d45f95b3e145f1a370b76d51cee9676395f0 DragonNest_v407.7z.002
f2b46a763099848f8e26253811ebc4caf336c11f DragonNest_v407.7z.003
4afc1de3968cf4f3c710a11b7be83f18cb0353d8 DragonNest_v407_Setup.exe
$ du -sh DragonNest_v407*
4.0G DragonNest_v407.7z.001
4.0G DragonNest_v407.7z.002
2.2G DragonNest_v407.7z.003
9.5M DragonNest_v407_Setup.exe
$ wine --version
wine-6.1-1-g2b9a47e827c
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list