[Bug 17277] ZFlash numerical control app needs address space between 0x100000-0x800000 (1-8 MiB) which conflicts with process heap location

WineHQ Bugzilla wine-bugs at winehq.org
Sun May 23 04:54:18 CDT 2021 

https://bugs.winehq.org/show_bug.cgi?id=17277

--- Comment #10 from Anastasius Focht <focht at gmx.net> ---
Hello André,

--- quote ---
Does it work in recent Wine versions, because a related bug seems fixed (See
Also) Or is this abandoned meanwhile?
--- quote ---

No, nothing has changed with regards to default process heap location. The test
app still crashes as expected.

Proof:

--- snip ---
$ WINEDEBUG=+pid,+seh,+loaddll,+process,+relay,+module wine ./ZLoader.exe
test.exe >>log.txt 2>&1

...
0020:0024:Call
ntdll.NtCreateUserProcess(0021f828,0021f82c,001fffff,001fffff,0021f6ac,0021f694,00000200,00000001,00472320,0021f748,0021f6c4)
ret=7b038367
...
0104:0108:trace:module:map_image_into_view mapping PE file
L"\\??\\Z:\\home\\focht\\Downloads\\z\\Test.exe" at 0x800000-0x818000
...
0104:0108:trace:module:map_image_into_view mapping PE file
L"\\??\\C:\\windows\\system32\\ntdll.dll" at 0x7bc00000-0x7bc80000
...
0020:0024:trace:process:NtCreateUserProcess
L"\\??\\Z:\\home\\focht\\Downloads\\z\\Test.exe" pid 0104 tid 0108 handles
0x6c/0x70
0020:0024:Ret  ntdll.NtCreateUserProcess() retval=00000000 ret=7b038367
...
0020:0024:trace:process:CreateProcessInternalW started process pid 0104 tid
0108
...
0020:0024:Ret  KERNEL32.CreateProcessA() retval=00000001 ret=00401188
0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00030000,0021fe60,0000001c)
ret=00401228
0020:0024:Call
ntdll.NtQueryVirtualMemory(0000006c,00030000,00000000,0021fe60,0000001c,0021f9b0)
ret=7b02a0ef
0020:0024:Ret  ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef
0020:0024:Ret  KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228
0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00110000,0021fe60,0000001c)
ret=00401228
0020:0024:Call
ntdll.NtQueryVirtualMemory(0000006c,00110000,00000000,0021fe60,0000001c,0021f9b0)
ret=7b02a0ef
0020:0024:Ret  ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef
0020:0024:Ret  KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228
0020:0024:Call KERNEL32.VirtualFreeEx(0000006c,00110000,00000000,00008000)
ret=00401258
0020:0024:Call ntdll.NtFreeVirtualMemory(0000006c,0021f9c4,0021f9c8,00008000)
ret=7b029f8b
0020:0024:Ret  ntdll.NtFreeVirtualMemory() retval=00000000 ret=7b029f8b
0020:0024:Ret  KERNEL32.VirtualFreeEx() retval=00000001 ret=00401258
0020:0024:Call ntdll.RtlAllocateHeap(00cd0000,00000000,00001030) ret=00406d12
0020:0024:Ret  ntdll.RtlAllocateHeap() retval=00cd0c48 ret=00406d12
0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00114000,0021fe60,0000001c)
ret=00401228
0020:0024:Call
ntdll.NtQueryVirtualMemory(0000006c,00114000,00000000,0021fe60,0000001c,0021f9b0)
ret=7b02a0ef
0020:0024:Ret  ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef
0020:0024:Ret  KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228
0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00120000,0021fe60,0000001c)
ret=00401228
0020:0024:Call
ntdll.NtQueryVirtualMemory(0000006c,00120000,00000000,0021fe60,0000001c,0021f9b0)
ret=7b02a0ef
0020:0024:Ret  ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef
0020:0024:Ret  KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228
0020:0024:Call KERNEL32.VirtualFreeEx(0000006c,00120000,00000000,00008000)
ret=00401258
0020:0024:Call ntdll.NtFreeVirtualMemory(0000006c,0021f9c4,0021f9c8,00008000)
ret=7b029f8b
0020:0024:Ret  ntdll.NtFreeVirtualMemory() retval=00000000 ret=7b029f8b
0020:0024:Ret  KERNEL32.VirtualFreeEx() retval=00000001 ret=00401258
0020:0024:Call KERNEL32.VirtualQueryEx(0000006c,00121000,0021fe60,0000001c)
ret=00401228
0020:0024:Call
ntdll.NtQueryVirtualMemory(0000006c,00121000,00000000,0021fe60,0000001c,0021f9b0)
ret=7b02a0ef
0020:0024:Ret  ntdll.NtQueryVirtualMemory() retval=00000000 ret=7b02a0ef
0020:0024:Ret  KERNEL32.VirtualQueryEx() retval=0000001c ret=00401228
0020:0024:Call
KERNEL32.VirtualAllocEx(0000006c,00100000,00700000,00002000,00000040)
ret=004012ba
0020:0024:Call
ntdll.NtAllocateVirtualMemory(0000006c,0021f9ac,00000000,0021f9c8,00002000,00000040)
ret=7b029dda
0020:0024:Ret  ntdll.NtAllocateVirtualMemory() retval=00000000 ret=7b029dda
0020:0024:Ret  KERNEL32.VirtualAllocEx() retval=00100000 ret=004012ba
0020:0024:Call user32.MessageBoxA(00000000,00422094 "ZLoader now will resume
the thread",0042203c "ZLoader",00000040) ret=004012d7
...
0020:0024:Ret  user32.MessageBoxA() retval=00000001 ret=004012d7
0020:0024:Call KERNEL32.ResumeThread(00000070) ret=004010b2
0020:0024:Call ntdll.NtResumeThread(00000070,0021fe44) ret=7b04c713
0020:0024:Ret  ntdll.NtResumeThread() retval=00000000 ret=7b04c713
0020:0024:Ret  KERNEL32.ResumeThread() retval=00000001 ret=004010b2
0020:0024:Call KERNEL32.CloseHandle(00000070) ret=004010c8
0020:0024:Call ntdll.NtClose(00000070) ret=7b036f50
...
0104:0108:trace:seh:dispatch_exception code=c0000005 flags=0 addr=7BC20290
ip=7bc20290 tid=0108
0104:0108:trace:seh:dispatch_exception  info[0]=00000000
0104:0108:trace:seh:dispatch_exception  info[1]=00110290
0104:0108:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception
(code=c0000005) raised
0104:0108:trace:seh:dispatch_exception  eax=7ffd1000 ebx=7ffd1000 ecx=00000002
edx=7ffd1044 esi=7ffd1000 edi=00110000
0104:0108:trace:seh:dispatch_exception  ebp=0101ef18 esp=0101eccc cs=0023
ds=002b es=002b fs=0063 gs=006b flags=00010206
0104:0108:err:seh:NtRaiseException Unhandled exception code c0000005 flags 0
addr 0x7bc20290
...
0020:0024:Call user32.MessageBoxA(00000000,0042201c "ZLoader will end",0042203c
"ZLoader",00000040) ret=004010fa
--- snip ---

Crash location in debuggee:

--- snip ---
<ntdll._init_user_process_params>:

7BC20270 | push ebp                          | 
7BC20271 | mov ebp,esp                       |
7BC20273 | push ebx                          |
7BC20274 | push edi                          |
7BC20275 | push esi                          |
7BC20276 | sub esp,240                       |
7BC2027C | mov eax,dword ptr fs:[18]         | ntdll/env.c:638
7BC20282 | mov dword ptr ss:[ebp-14],eax     |
7BC20285 | mov eax,dword ptr ds:[eax+30]     | ntdll/env.c:638
7BC20288 | mov ecx,2                         |
7BC2028D | mov edi,dword ptr ds:[eax+10]     | params 0x110000
7BC20290 | mov ebx,dword ptr ds:[edi+290]    | ntdll/env.c:642 -> *boom*
7BC20296 | cmp ebx,2                         | ntdll/env.c:643
7BC20299 | cmova ecx,ebx                     |
7BC2029C | push ecx                          |
7BC2029D | push 0                            |
7BC2029F | push dword ptr ds:[eax+18]        |
7BC202A2 | call <ntdll._RtlAllocateHeap at 12>  |
...
--- snip ---

Corresponding source:

https://source.winehq.org/git/wine.git/blob/9561af9a7d8d77e2f98341e278c842226cae47ed:/dlls/ntdll/env.c#l629

--- snip ---
 629 /***********************************************************************
 630  *           init_user_process_params
 631  *
 632  * Fill the initial RTL_USER_PROCESS_PARAMETERS structure from the server.
 633  */
 634 void init_user_process_params(void)
 635 {
 636     WCHAR *env;
 637     SIZE_T env_size;
 638     RTL_USER_PROCESS_PARAMETERS *new_params, *params =
NtCurrentTeb()->Peb->ProcessParameters;
 639     UNICODE_STRING curdir;
 640 
 641     /* environment needs to be a separate memory block */
 642     env_size = params->EnvironmentSize;
 643     if ((env = RtlAllocateHeap( GetProcessHeap(), 0, max( env_size,
sizeof(WCHAR) ))))
 644     {
 645         if (env_size) memcpy( env, params->Environment, env_size );
 646         else env[0] = 0;
 647     }
--- snip ---

https://source.winehq.org/git/wine.git/blob/9561af9a7d8d77e2f98341e278c842226cae47ed:/dlls/ntdll/unix/virtual.c#l148

$ wine --version
wine-6.9

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list