[Bug 51375] New: SCM erroneously tries to start 64-bit kernel drivers as 32-bit service due to incorrect handling of 'IMAGE_FILE_DLL' image characteristics in 'kernel32.dll.GetBinaryTypeW' (Protect DiSC 'acedrv11.sys')
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Jul 1 03:40:10 CDT 2021
https://bugs.winehq.org/show_bug.cgi?id=51375
Bug ID: 51375
Summary: SCM erroneously tries to start 64-bit kernel drivers
as 32-bit service due to incorrect handling of
'IMAGE_FILE_DLL' image characteristics in
'kernel32.dll.GetBinaryTypeW' (Protect DiSC
'acedrv11.sys')
Product: Wine
Version: 6.11
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: kernel32
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says.
https://web.archive.org/web/20210701055235/https://dl.4players.de/f1/pc/cobra_11_nitro/BurningWheelsDemo.exe
'acedrv11.sys' kernel service from 'Protect DiSC' DRM scheme (continuation of
bug 39734) fails to load. It's a 64-bit driver with 'WOW64=1' service entry
value set by 32-bit driver installer.
--- snip ---
$ pwd
/home/focht/.wine/drive_c/windows/system32/drivers
$ winedump acedrv11.sys
Contents of acedrv11.sys: 335288 bytes
File Header
Machine: 8664 (AMD64)
Number of Sections: 7
TimeDateStamp: 4890016E (Wed Jul 30 07:51:42 2008) offset 256
PointerToSymbolTable: 00000000
NumberOfSymbols: 00000000
SizeOfOptionalHeader: 00F0
Characteristics: 0022
EXECUTABLE_IMAGE
LARGE_ADDRESS_AWARE
Optional Header (64bit)
Magic 0x20B 523
linker version 8.00
size of code 0x24200 147968
size of initialized data 0x2a00 10752
size of uninitialized data 0x0 0
entrypoint RVA 0x29008 167944
base of code 0x1000 4096
image base 0x300000
section align 0x1000 4096
file align 0x200 512
required OS version 6.00
image version 6.00
subsystem version 5.02
Win32 Version 0x0 0
size of image 0x56000 352256
size of headers 0x400 1024
checksum 0x5db88 383880
Subsystem 0x1 (Native)
DLL characteristics: 0x0000
stack reserve size 0x40000
stack commit size 0x1000
heap reserve size 0x100000
heap commit size 0x1000
loader flags 0x0 0
RVAs & sizes 0x10 16
...
--- snip ---
--- snip ---
$ WINEDEBUG=+seh,+relay,+server,+ntoskrnl,+loaddll,+module wine net start
acedrv11 >>log.txt 2>&1
...
00d8:Call KERNEL32.GetBinaryTypeW(00168450
L"C:\\windows\\system32\\drivers\\acedrv11.sys",013df330) ret=140006426
...
00d8:trace:module:GetBinaryTypeW
L"C:\\windows\\system32\\drivers\\acedrv11.sys"
...
00d8:Call ntdll.NtQuerySection(00000158,00000001,013df0f0,00000040,00000000)
ret=7b61b6dd
00d8: get_mapping_info( handle=0158, access=00000001 )
00d8: get_mapping_info() = 0 { size=00056000, flags=01800000, shared_file=0000,
total=176,
image={base=00300000,entry_point=00329008,map_size=00056000,stack_size=00040000,stack_commit=00001000,zerobits=00000000,subsystem=00000001,subsystem_minor=0002,subsystem_major=0005,osversion_major=0006,osversion_minor=0000,image_charact=0022,dll_charact=0000,machine=8664,contains_code=1,image_flags=00,loader_flags=00000000,header_size=00000400,file_size=00051db8,checksum=0005db88},
name=L"" }
00d8:Ret ntdll.NtQuerySection() retval=00000000 ret=7b61b6dd
...
00d8:Ret KERNEL32.GetBinaryTypeW() retval=00000000 ret=140006426
00d8:Call KERNEL32.GetSystemDirectoryW(013df390,00000104) ret=1400065ed
00d8:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=1400065ed
...
00d8:Call KERNEL32.CreateProcessW(00000000,00168630
L"C:\\windows\\syswow64\\winedevice.exe",00000000,00000000,100000000,00000400,00176aa0,00000000,013df080,013df020)
ret=140006b7e
...
00d8:Ret KERNEL32.CreateProcessW() retval=00000001 ret=140006b7e
...
0114:trace:ntoskrnl:open_driver opened service for driver
L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\acedrv11"
...
0114:trace:ntoskrnl:load_driver loading driver
L"C:\\windows\\system32\\drivers\\acedrv11.sys"
...
0114:Call KERNEL32.LoadLibraryExW(0042df50
L"C:\\windows\\system32\\drivers\\acedrv11.sys",00000000,00001100) ret=00394979
...
0114:Call kernelbase.LoadLibraryExW(0042df50 L"C:\\windows\\system32\\drivers
...
0114:Call ntdll.LdrLoadDll(0042e290
L"C:\\windows\\system32\\drivers;C:\\windows\\syswow64;C:\\windows\\system32\\",00001100,00fcfb14,00fcfafc)
ret=7b01c045
0034:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7bc42e5f
0114:trace:module:load_dll looking for
L"C:\\windows\\system32\\drivers\\acedrv11.sys" in
L"C:\\windows\\system32\\drivers;C:\\windows\\syswow64;C:\\windows\\system32\\"
...
0114:warn:module:load_dll Failed to load module
L"C:\\windows\\system32\\drivers\\acedrv11.sys"; status=c0000135
...
0114:Ret ntdll.LdrLoadDll() retval=c0000135 ret=7b01c045
...
0114:Ret kernelbase.LoadLibraryExW() retval=00000000 ret=7bc3aa34
...
0114:Ret KERNEL32.LoadLibraryExW() retval=00000000 ret=00394979
...
0114:err:ntoskrnl:ZwLoadDriver failed to create driver
L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\acedrv11": c0000142
--- snip ---
Workaround: Remove 'WOW64=1' registry key from service (leads to fallback with
'false' setting).
This is actually a regression:
https://source.winehq.org/git/wine.git/commitdiff/1e1f110c99fba4c33ebe85bf112c9d37899d3a0c
("kernel32: Return failure in GetBinaryType() for DLL files.")
--- snip ---
166 BOOL WINAPI GetBinaryTypeW( LPCWSTR name, LPDWORD type )
167 {
168 HANDLE hfile, mapping;
169 NTSTATUS status;
170 const WCHAR *ptr;
171
172 TRACE("%s\n", debugstr_w(name) );
173
174 if (type == NULL) return FALSE;
175
176 hfile = CreateFileW( name, GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, 0, 0 );
177 if ( hfile == INVALID_HANDLE_VALUE )
178 return FALSE;
179
180 status = NtCreateSection( &mapping, STANDARD_RIGHTS_REQUIRED |
SECTION_QUERY,
181 NULL, NULL, PAGE_READONLY, SEC_IMAGE, hfile
);
182 CloseHandle( hfile );
183
184 switch (status)
185 {
186 case STATUS_SUCCESS:
187 {
188 SECTION_IMAGE_INFORMATION info;
189
190 status = NtQuerySection( mapping, SectionImageInformation,
&info, sizeof(info), NULL );
191 CloseHandle( mapping );
192 if (status) return FALSE;
193 if (!(info.ImageCharacteristics & IMAGE_FILE_DLL)) return
FALSE;
194 switch (info.Machine)
...
--- snip ---
The condition is reversed. The function shall fail if the driver binary has
'IMAGE_FILE_DLL' image characteristics set.
$ sha1sum BurningWheelsDemo.exe
6dc03653b97a0336a5c57fc4b04af61e3ebcee5e BurningWheelsDemo.exe
$ du -sh BurningWheelsDemo.exe
286M BurningWheelsDemo.exe
$ wine --version
wine-6.11-235-g7f1623bc626
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list