[Bug 50208] Multiple kernel drivers need NtQuerySystemInformation(SystemModuleInformation) to return correct ImageBaseAddress and ImageSize for modules (Sentinel HASP 'hardlock.sys', SmartGaga 'AndroidKernelX64.sys')
WineHQ Bugzilla
wine-bugs at winehq.org
Mon Jan 3 14:57:22 CST 2022
https://bugs.winehq.org/show_bug.cgi?id=50208
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Multiple kernel drivers |Multiple kernel drivers
|need |need
|NtQuerySystemInformation(Sy |NtQuerySystemInformation(Sy
|stemModuleInformation) to |stemModuleInformation) to
|return correct |return correct
|ImageBaseAddress and |ImageBaseAddress and
|ImageSize for modules |ImageSize for modules
|(Sentinel HASP |(Sentinel HASP
|'hardlock.sys') |'hardlock.sys', SmartGaga
| |'AndroidKernelX64.sys')
--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
revisiting, still present.
Also encountered with SmartGaga (Android Emulator) v1.1.x
'androidkernelx64.sys' driver
--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+server wine wineboot >>log.txt 2>&1
...
005c:Call
ntoskrnl.exe.ZwQuerySystemInformation(0000000b,00c5f390,00000000,00c5f390)
ret=00e4afa6
005c:Call ntdll.NtQuerySystemInformation(0000000b,00c5f390,00000000,00c5f390)
ret=17004226f
005c:Ret ntdll.NtQuerySystemInformation() retval=c0000004 ret=17004226f
005c:Ret ntoskrnl.exe.ZwQuerySystemInformation() retval=c0000004 ret=00e4afa6
005c:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000001,00000380,2154554e)
ret=00e4afd5
005c:Call ntdll.RtlAllocateHeap(009e0000,00000000,00000380) ret=003e2ede
005c:Ret ntdll.RtlAllocateHeap() retval=009e1640 ret=003e2ede
005c:trace:ntoskrnl:ExAllocatePoolWithTag 896 pool 1 -> 00000000009E1640
005c:Ret ntoskrnl.exe.ExAllocatePoolWithTag() retval=009e1640 ret=00e4afd5
005c:Call
ntoskrnl.exe.ZwQuerySystemInformation(0000000b,009e1640,00000380,00c5f390)
ret=00e4aff5
005c:Call ntdll.NtQuerySystemInformation(0000000b,009e1640,00000380,00c5f390)
ret=17004226f
005c:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=17004226f
005c:Ret ntoskrnl.exe.ZwQuerySystemInformation() retval=00000000 ret=00e4aff5
005c:Call ntoskrnl.exe.ExFreePoolWithTag(009e1640,00000000) ret=00e4b040
005c:trace:ntoskrnl:ExFreePoolWithTag 00000000009E1640
005c:Call KERNEL32.HeapFree(009e0000,00000000,009e1640) ret=17004226f
005c:Ret KERNEL32.HeapFree() retval=00000001 ret=17004226f
005c:Ret ntoskrnl.exe.ExFreePoolWithTag() retval=00000001 ret=00e4b040
005c:trace:seh:dispatch_exception code=c0000005 flags=0 addr=0000000000E4B0BB
ip=0000000000E4B0BB tid=005c
005c:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception
(code=c0000005) raised
005c:trace:seh:dispatch_exception rax=0000000000005a4d rbx=0000000000e8c3b8
rcx=000000017000e254 rdx=0000000000000000
005c:trace:seh:dispatch_exception rsi=00000000c0000001 rdi=0000000010000000
rbp=0000000000c5f5f0 rsp=0000000000c5f390
005c:trace:seh:dispatch_exception r8=0000000000000000 r9=0000000000000040
r10=00007ffbeaa02680 r11=0000000000000000
005c:trace:seh:dispatch_exception r12=0000000000173ef8 r13=000000000000ffff
r14=0000000000173d90 r15=0000000000000000
005c:trace:seh:call_vectored_handlers calling handler at 00000000003DD440
code=c0000005 flags=0
005c:trace:seh:call_vectored_handlers handler at 00000000003DD440 returned 0
005c:trace:seh:call_handler calling handler 0000000000DA140C
(rec=0000000000C5F160, frame=0000000000C5F4F0 context=0000000000C5E750,
dispatch=0000000000C5E618)
005c:trace:seh:call_handler handler at 0000000000DA140C returned 1
005c:trace:seh:call_stack_handlers found wine frame 0000000000C5FE90 rsp
0000000000C5FFE0 handler 000000017005FE00
005c:trace:seh:call_teb_handler calling TEB handler 000000017005FE00
(rec=0000000000C5F160, frame=0000000000C5FE90 context=0000000000C5E750,
dispatch=0000000000C5E618)
--- snip ---
--- snip ---
0000000000E4B0B6 | mov eax,5A4D |
0000000000E4B0BB | cmp ax,word ptr ds:[rdi] | ImageBaseAddress *boom*
0000000000E4B0BE | jne androidkernelx64.E4B1F6 |
0000000000E4B0C4 | mov eax,dword ptr ds:[rdi+3C] |
0000000000E4B0C7 | add rax,rdi |
0000000000E4B0CA | cmp dword ptr ds:[rax],4550 |
0000000000E4B0D0 | jne androidkernelx64.E4B1F6 |
--- snip ---
--- snip ---
Base Module Path
0000000000250000 sechost.dll Z:\home\focht\projects\wine\mainline...
0000000000280000 ucrtbase.dll Z:\home\focht\projects\wine\mainline...
0000000000340000 msvcrt.dll Z:\home\focht\projects\wine\mainline...
00000000003D0000 ntoskrnl.exe Z:\home\focht\projects\wine\mainline...
0000000000AF0000 rpcrt4.dll Z:\home\focht\projects\wine\mainline...
0000000000DA0000 androidkernelx64.sys C:\Program Files (x86)\SmartGaGa\Pro...
0000000000EB0000 hal.dll Z:\home\focht\projects\wine\mainline...
000000007B000000 kernelbase.dll Z:\home\focht\projects\wine\mainline...
000000007B600000 kernel32.dll Z:\home\focht\projects\wine\mainline...
0000000140000000 winedevice.exe Z:\home\focht\projects\wine\mainline...
0000000170000000 ntdll.dll Z:\home\focht\projects\wine\mainline...
0000000180000000 advapi32.dll Z:\home\focht\projects\wine\mainline...
--- snip ---
The driver tries to access the PE header struct for each module returned by
'NtQuerySystemInformation(SystemModuleInformation)'. This causes a page fault
because nothing is mapped at the hard-coded defaults.
rdi=0x10000000 = hard-coded ImageBaseAddress 'ntoskrnl.exe'
'AndroidKernel.log':
--- snip ---
[424][436][21:20:10.566]: DriverEntry: PsCalcProcessMD5 C:\Program Files
(x86)\SmartGaGa\ProjectTitan\Engine\AndroidKernelX64.sys Fail!
--- snip ---
Stable download link via Internet Archive for documentation.
https://web.archive.org/web/20210212083145/https://dl.filehorse.com/win/desktop-enhancements/smartgaga/SmartGaGa-1.1.646.1.exe?st=UXb-Ylz8he_QMz7inrvzTA&e=1613205052&fn=Setup_AndroidFs442_1.1.646.1.exe
https://www.virustotal.com/gui/file/a2928782e205ebe45317c54378136263fb69a4ead4a630d4ba458039272ae359
$ sha1sum Setup_AndroidFs442_1.1.646.1.exe
8cec18338e1e931433ac37f63d26a701dfcbd0dd Setup_AndroidFs442_1.1.646.1.exe
$ du -sh Setup_AndroidFs442_1.1.646.1.exe
203M Setup_AndroidFs442_1.1.646.1.exe
$ wine --version
wine-7.0-rc4
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list