Autocad 2004 STATUS_INVALID_LDT_OFFSET
Jaap Stolk
jwstolk at gmail.com
Sat Jun 24 16:18:03 CDT 2006
On 6/24/06, Jaap Stolk <jwstolk at gmail.com> wrote:
> So the problem is somewhere in load_driver( ). Is there a way to
> narrow it down a bit more?
using objdump I got a bit closer.
(note that the exact error address my not be consistent, because I
added some more trace functions to the code while testing)
objdump ntoskrnl.exe.so -S > tmp.txt
ImagePath -> 0x1d7fa
0x1d7fa + 0x4fc = 0x1DCF6
0x1DCF6 -> static NTSTATUS driver_control(void)
also, combining the load address and the error location ends up somewhere there:
0x4062de4e - 0x40610000 = 0x1DE4E
1de21: 83 ec 0c sub $0xc,%esp
1de24: 52 push %edx
1de25: 8d 83 9c 02 ff ff lea 0xffff029c(%ebx),%eax
1de2b: 50 push %eax
1de2c: 8d 83 a4 01 ff ff lea 0xffff01a4(%ebx),%eax
1de32: 50 push %eax
1de33: 8d 83 c8 fe ff ff lea 0xfffffec8(%ebx),%eax
1de39: 50 push %eax
1de3a: 6a 01 push $0x1
1de3c: e8 c7 5f fe ff call 3e08 <_init+0x2c>
1de41: 83 c4 20 add $0x20,%esp
1de44: e9 3d ff ff ff jmp 1dd86 <driver_control+0x1ca>
1de49: 8b 45 b0 mov 0xffffffb0(%ebp),%eax
1de4c: 85 c0 test %eax,%eax
>>1de4e: 0f 84 1a ff ff ff je 1dd6e <driver_control+0x1b2>
1de54: 83 ec 08 sub $0x8,%esp
1de57: 56 push %esi
1de58: ff b5 50 fe ff ff pushl 0xfffffe50(%ebp)
1de5e: ff d0 call *%eax
(it's called form here:)
WINE_ERR("DispatchDeviceControl returned %lx\n", irp.IoStatus.Status);
1dd75: 8a 83 c8 fe ff ff mov 0xfffffec8(%ebx),%al
1dd7b: 83 e0 02 and $0x2,%eax
1dd7e: 84 c0 test %al,%al
1dd80: 0f 85 9b 00 00 00 jne 1de21 <driver_control+0x265>
looking at it form an other angle: I get two "raise exception".
The first one is just after user32.SetDeskWallPaper( ). I added the
wallpaper patch, but it's still happening. as it happens very early in
the log, it does not seem to be a problem.
I think the second one is causing the debugger to start:
000f:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=407503ae
000f:trace:ntoskrnl:driver_control returned from call with status 00000000
000f:trace:seh:raise_exception code=c0000096 flags=0 addr=0x4062e04c
000f:trace:seh:raise_exception eax=4062e04c ebx=4063d964 ecx=400d03e8
edx=0000004b esi=4074fd80 edi=00000000
000f:trace:seh:raise_exception ebp=4074fe08 esp=4074fc2c cs=0023
ds=002b es=002b fs=003b gs=0033 flags=00010212
000f:trace:seh:call_stack_handlers calling handler at 0x4033ce80
code=c0000096 flags=0
<snip 13 lines>
000f:Call ntdll.RtlInitAnsiString(4074f5a0,4039d8ed "winedos.dll") ret=403500a0
<snip 22 pages>
000f:trace:module:load_builtin_callback loaded winedos.dll 0x4020d888 0x40760000
from what I could google, code=c0000096 means that a privileged
instruction was found.
But I don't seen anything exotic at 0x1de4e.
I think this is related:
http://bugs.winehq.com/show_bug.cgi?id=3438
but winedos.dll is started after the problem, so i don't think it's causing it.
I'm still not sure how to track the error location to the correct line
of source code, I recompiled ntoskrnl with -ggdb, but it already had
-g, so it should contain the source line numbers right?
How does wine normally handle privileged instruction ? I'm sure the
safedisc code uses every privileged instruction it can, and i would
not be surprised if it was throwing exceptions as a normal code path,
and i suspect some of it's drivers are supposed to run in ring 0 mode.
More information about the wine-devel
mailing list