ntdll:info win32k.sys is sometimes loaded at 0x00000000

Francois Gouget fgouget at codeweavers.com
Thu Nov 26 09:49:37 CST 2020 

So we get ntdll:info failures because win32k.sys appears to sometimes be 
loaded at the NULL address. This seems to impact only two VMs: wvistau64 
and w7pro64.

https://test.winehq.org/data/tests/ntdll:info.html


Checking the win32k.sys load addresses I get:
https://testbot.winehq.org/JobDetails.pl?Key=82496

32-bit
BF800000 wxppro
BF800000 w2003std
00000000 wvistau64
00010000 w2008s64
92F60000 w7u
00080000 win7u-64 (personal VMware VM)
00000000 w7pro64
8EA28000 w8
0002A000 w864
3E760000 w10pro64

64-bit
FFFFF96000000000 wvistau64
FFFFF96000010000 w2008s64
FFFFF96000000000 w7pro64
FFFFF9600002A000 w864
FFFFF8AD3E760000 w10pro64

So the lower 32 bits of the 64 bit load address always match the 32 bit 
load address for 32-bit processes. Except that for 64-bit processes 
this is not a NULL pointer because the upper 32 bits are non-zero.

Could it be that on Windows 7 and lower 64-bit OSes the 32-bit 
win32k.sys load address is accidentally NULL because Microsoft 
overlooked this? Maybe because of the (then) new ASLR code?

Would the following patch be ok?

commit 41ebdf0560a41b130a798ca1f14ffcd6f6feaaa9
Author: Francois Gouget <fgouget at free.fr>
Date:   Wed Nov 25 20:15:09 2020 +0100

    ntdll/tests: win32k.sys is sometimes loaded at 0x0 on 64-bit Win <= 7.
    
    Signed-off-by: Francois Gouget <fgouget at codeweavers.com>

diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c
index 5db7a800cbe..ed8a9354bdc 100644
--- a/dlls/ntdll/tests/info.c
+++ b/dlls/ntdll/tests/info.c
@@ -490,7 +490,9 @@ static void test_query_module(void)
         const SYSTEM_MODULE *module = &info->Modules[i];
 
         ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex);
-        ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i);
+        ok(module->ImageBaseAddress ||
+           (!module->ImageBaseAddress && strstr((char*)module->Name, "\\win32k.sys")), /* 64-bit Vista and Win7 */
+           "%u: got NULL address for %s\n", i, module->Name);
         ok(module->ImageSize, "%u: got 0 size\n", i);
         ok(module->LoadCount, "%u: got 0 load count\n", i);
     }
@@ -516,7 +518,9 @@ static void test_query_module(void)
         const SYSTEM_MODULE *module = &infoex->BaseInfo;
 
         ok(module->LoadOrderIndex == i, "%u: got index %u\n", i, module->LoadOrderIndex);
-        ok(!!module->ImageBaseAddress, "%u: got NULL address\n", i);
+        ok(module->ImageBaseAddress ||
+           (!module->ImageBaseAddress && strstr((char*)module->Name, "\\win32k.sys")), /* 64-bit Vista and Win7 */
+           "%u: got NULL address for %s\n", i, module->Name);
         ok(module->ImageSize, "%u: got 0 size\n", i);
         ok(module->LoadCount, "%u: got 0 load count\n", i);
 

-- 
Francois Gouget <fgouget at codeweavers.com>

More information about the wine-devel mailing list