[Bug 52446] New: Normal dlls with native subsystem id are no longer processed when importing system dlls with uppercase names
WineHQ Bugzilla
wine-bugs at winehq.org
Sat Jan 22 16:37:14 CST 2022
https://bugs.winehq.org/show_bug.cgi?id=52446
Bug ID: 52446
Summary: Normal dlls with native subsystem id are no longer
processed when importing system dlls with uppercase
names
Product: Wine
Version: 7.0
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntdll
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
this is a regression found during testing of bug 50433 ("'MsiBreak' custom
action debugging aid should use custom action's name from 'CustomAction' table
(currently uses 'Target' field)").
--- snip ---
$ WINEDEBUG=+seh,+relay,+ntdll,+loaddll,+server wine msiexec -i AcroPro.msi
>>log.txt 2>&1
...
0104:trace:msi:ACTION_CustomAction Handling custom action L"CreatePortMonitor"
(c41 L"AdobeIsf" L"SetupPortMonitor")
...
0248:Ret PE DLL (proc=0236618A,module=02360000
L"msi40ea.tmp",reason=PROCESS_ATTACH,res=00000000) retval=1
...
0248:Ret kernelbase.LoadLibraryW() retval=02360000 ret=7bc3acd4
0248:Ret KERNEL32.LoadLibraryW() retval=02360000 ret=100225a8
...
0104:trace:msi:wait_thread_handle waiting for L"CreatePortMonitor"
...
0248:Call KERNEL32.LoadLibraryW(00474ef0
L"C:\\windows\\system32\\AdobePDF.dll") ret=025d7344
0248:Call kernelbase.LoadLibraryW(00474ef0
L"C:\\windows\\system32\\AdobePDF.dll") ret=7bc3acd4
...
0248: get_mapping_info( handle=00f0, access=0000000c )
0248: get_mapping_info() = 0 { size=0000a000, flags=01800000, shared_file=0000,
total=152,
image={base=50400000,stack_size=00100000,stack_commit=00001000,entry_point=00004438,map_size=0000a000,zerobits=00000000,subsystem=00000001,subsystem_minor=0000,subsystem_major=0004,osversion_major=0004,osversion_minor=0000,image_charact=210e,dll_charact=0000,machine=014c,contains_code=1,image_flags=00,loader_flags=00000000,header_size=00000400,file_size=00005600,checksum=0000e958},
name=L"\\??\\C:\\windows\\syswow64\\AdobePDF.dll" }
...
0248:trace:loaddll:build_module Loaded L"C:\\windows\\syswow64\\MSVCR71.dll" at
02600000: builtin
0248: close_handle( handle=00f4 )
0248: close_handle() = 0
0248:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\AdobePDF.dll"
at 50400000: native
0248: close_handle( handle=00f0 )
0248: close_handle() = 0
0248:Call PE DLL (proc=02666D60,module=02600000
L"MSVCR71.dll",reason=PROCESS_ATTACH,res=00000000)
...
0248:Ret PE DLL (proc=02666D60,module=02600000
L"MSVCR71.dll",reason=PROCESS_ATTACH,res=00000000) retval=1
0248:Ret ntdll.LdrLoadDll() retval=00000000 ret=7b01b8e3
...
0248:Ret kernelbase.LoadLibraryW() retval=50400000 ret=7bc3acd4
0248:Ret KERNEL32.LoadLibraryW() retval=50400000 ret=025d7344
0248:Call KERNEL32.GetProcAddress(50400000,025db5ef "InitializePrintMonitor2")
ret=025d73bf
...
0248:Ret KERNEL32.GetProcAddress() retval=00000000 ret=025d73bf
0248:Call KERNEL32.GetProcAddress(50400000,025db607 "InitializePrintMonitorUI")
ret=025d73cf
...
0248:Ret KERNEL32.GetProcAddress() retval=00000000 ret=025d73cf
0248:Call KERNEL32.GetProcAddress(50400000,025da1ac "InitializePrintMonitor")
ret=025d73de
...
0248:Ret KERNEL32.GetProcAddress() retval=50404423 ret=025d73de
0248:Call KERNEL32.GetProcAddress(50400000,025db620 "InitializeMonitorEx")
ret=025d73ee
...
0248:Ret KERNEL32.GetProcAddress() retval=00000000 ret=025d73ee
0248:Call KERNEL32.GetProcAddress(50400000,025db634 "InitializeMonitor")
ret=025d73fe
...
0248:Ret KERNEL32.GetProcAddress() retval=00000000 ret=025d73fe
--- snip ---
Note, dll notifications were not called for 'AdobePDF.dll'.
At this point spooler calls 'InitializePrintMonitor' export.
--- snip ---
...
0248:Call advapi32.RegCreateKeyW(80000002,00472da8
L"System\\CurrentControlSet\\Control\\Print\\Monitors\\Adobe PDF
Port",504060b8) ret=50404368
...
0248:Ret advapi32.RegCreateKeyW() retval=00000000 ret=50404368
0248:Call ntdll.RtlEnterCriticalSection(504060e0) ret=504020b7
0248: create_semaphore( access=001f0003, initial=00000000, max=00000001,
objattr={} )
0248: create_semaphore() = 0 { handle=00f0 }
0248: select( flags=2, cookie=0235ebe4, timeout=+4.9999870, size=8,
prev_apc=0000, result={}, data={WAIT_ALL,handles={00f0}}, contexts={} )
0248: select() = PENDING { call={APC_NONE}, apc_handle=0000, signaled=0,
contexts={} }
0248: *wakeup* signaled=TIMEOUT
0248:err:sync:RtlpWaitForCriticalSection section 504060E0 "?" wait timed out in
thread 0248, blocked by 0000, retrying (60 sec)
0248: select( flags=2, cookie=0235ebe4, timeout=+59.9999082, size=8,
prev_apc=0000, result={}, data={WAIT_ALL,handles={00f0}}, contexts={} )
0248: select() = PENDING { call={APC_NONE}, apc_handle=0000, signaled=0,
contexts={} }
0248: *killed* exit_code=0
...
0220:Ret PE DLL (proc=006B1900,module=00630000
L"ucrtbase.dll",reason=THREAD_DETACH,res=00000000) retval=1
0220: *killed* exit_code=0
0248: *wakeup* signaled=TIMEOUT
0248:err:sync:RtlpWaitForCriticalSection section 504060E0 "?" wait timed out in
thread 0248, blocked by 0000, retrying (60 sec)
0248: select( flags=2, cookie=0235ebe4, timeout=+59.9999082, size=8,
prev_apc=0000, result={}, data={WAIT_ALL,handles={00f0}}, contexts={} )
0248: select() = PENDING { call={APC_NONE}, apc_handle=0000, signaled=0,
contexts={} }
0104: *wakeup* signaled=1
--- snip ---
Due to loader not calling loader notifications for 'AdobePDF.dll', the critical
section 0x504060e0 was not initialized, leading to infinite hang.
The problem was introduced by commit
https://source.winehq.org/git/wine.git/commitdiff/250c113169217933b1fffa8024fa958f71b8aee7
("ntdll: Factor out is_import_dll_system() function."), part of Wine 6.21
release.
The refactoring inadvertently changed the case sensitivity for comparision of
imported dlls against the system dlls from case-insensive ('wcsicmp') to
case-sensive ('strcmp'). This breaks the detection for dlls which are marked as
'native subsystem' but are in fact regular dlls if they import dlls with
upper/camel case.
Dump of 'AdobePDF.dll' headers:
--- snip ---
...
->File Header
Machine: 0x014C (I386)
NumberOfSections: 0x0005
TimeDateStamp: 0x41BEBC76 (GMT: Tue Dec 14 10:12:06 2004)
PointerToSymbolTable: 0x00000000
NumberOfSymbols: 0x00000000
SizeOfOptionalHeader: 0x00E0
Characteristics: 0x210E
(EXECUTABLE_IMAGE)
(LINE_NUMS_STRIPPED)
(LOCAL_SYMS_STRIPPED)
(32BIT_MACHINE)
(DLL)
->Optional Header
Magic: 0x010B (HDR32_MAGIC)
MajorLinkerVersion: 0x07
MinorLinkerVersion: 0x0A -> 7.10
SizeOfCode: 0x00004200
SizeOfInitializedData: 0x00001000
SizeOfUninitializedData: 0x00000000
AddressOfEntryPoint: 0x00004438
BaseOfCode: 0x00001000
BaseOfData: 0x00006000
ImageBase: 0x50400000
SectionAlignment: 0x00001000
FileAlignment: 0x00000200
MajorOperatingSystemVersion: 0x0004
MinorOperatingSystemVersion: 0x0000 -> 4.00
MajorImageVersion: 0x0004
MinorImageVersion: 0x0000 -> 4.00
MajorSubsystemVersion: 0x0004
MinorSubsystemVersion: 0x0000 -> 4.00
Win32VersionValue: 0x00000000
SizeOfImage: 0x0000951A
SizeOfHeaders: 0x00000400
CheckSum: 0x0000E958
Subsystem: 0x0001 (NATIVE)
DllCharacteristics: 0x0000
SizeOfStackReserve: 0x00100000
SizeOfStackCommit: 0x00001000
SizeOfHeapReserve: 0x00100000
SizeOfHeapCommit: 0x00001000
LoaderFlags: 0x00000000
NumberOfRvaAndSizes: 0x00000010
---- snip ---
-> native subsystem
Dump of 'AdobePDF.dll' import table, showing the dll names are uppercase:
--- snip ---
1. ImageImportDescriptor:
OriginalFirstThunk: 0x00004864
TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970)
ForwarderChain: 0x00000000
Name: 0x00004948 ("SPOOLSS.DLL")
FirstThunk: 0x0000117C
Ordinal/Hint API name
------------ ---------------------------------------
0x003A "ImpersonatePrinterClient"
...
0x0032 "GetJobW"
2. ImageImportDescriptor:
OriginalFirstThunk: 0x000047FC
TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970)
ForwarderChain: 0x00000000
Name: 0x00004A76 ("MSVCR71.dll")
FirstThunk: 0x00001114
Ordinal/Hint API name
------------ ---------------------------------------
0x00F1 "_except_handler3"
...
0x0189 "_mbschr"
3. ImageImportDescriptor:
OriginalFirstThunk: 0x0000473C
TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970)
ForwarderChain: 0x00000000
Name: 0x00004DAA ("KERNEL32.dll")
FirstThunk: 0x00001054
Ordinal/Hint API name
------------ ---------------------------------------
0x01C0 "GetSystemTimeAsFileTime"
...
0x0394 "WriteFile"
4. ImageImportDescriptor:
OriginalFirstThunk: 0x00004884
TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970)
ForwarderChain: 0x00000000
Name: 0x00004EFE ("USER32.dll")
FirstThunk: 0x0000119C
Ordinal/Hint API name
------------ ---------------------------------------
0x0202 "PostMessageW"
...
0x01DE "MessageBoxA"
5. ImageImportDescriptor:
OriginalFirstThunk: 0x000046E8
TimeDateStamp: 0x00000000 (GMT: Thu Jan 01 00:00:00 1970)
ForwarderChain: 0x00000000
Name: 0x0000507A ("ADVAPI32.dll")
FirstThunk: 0x00001000
Ordinal/Hint API name
------------ ---------------------------------------
0x01D8 "RegEnumKeyW"
...
0x01C9 "RegCloseKey"
--- snip ---
Stable download link via Internet Archive:
https://web.archive.org/web/20061114115407/http://ardownload.adobe.com/pub/adobe/acrobat/win/7x/7.0/misc/AcTR7EFG.exe
https://www.virustotal.com/gui/file/d9270dc2abfb3c0e216af188343dbd0058c60253d31f6989f9bf0484dc4a650c
$ sha1sum AcTR7EFG.exe
4f1ff389ea71f21d624083d65bbe5a74e4760079 AcTR7EFG.exe
$ du -sh AcTR7EFG.exe
116M AcTR7EFG.exe
$ wine --version
wine-7.0-119-gc09a5da1575
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list