Arbitrary DOS device name
Daniel Kucera
wine at danman.eu
Tue Feb 15 04:33:07 CST 2022
On 2022-02-15 10:19, Daniel Kucera wrote:
> On 2022-02-15 09:09, Daniel Kucera wrote:
>> On 2022-02-15 01:56, Zebediah Figura wrote:
>>> On 2/14/22 03:49, Daniel Kucera wrote:
>>>> On 2022-02-14 01:14, Daniel Kucera wrote:
>>>>> On 2022-02-14 00:20, Daniel Kucera wrote:
>>>>>> On 2022-02-01 22:39, Zebediah Figura wrote:
>>>>>>> On 2/1/22 13:25, danman at danman.eu wrote:
>>>>>>>> I checked with strace:
>>>>>>>>
>>>>>>>> openat(AT_FDCWD,
>>>>>>>> "/usr/lib/wine/../x86_64-linux-gnu/wine/dpinst64.exe.so",
>>>>>>>> O_RDONLY)
>>>>>>>> = -1
>>>>>>>> ENOENT (No such file or directory)
>>>>>>>> write(2, "0009:err:module:__wine_process_i"...,
>>>>>>>> 850009:err:module:__wine_process_init
>>>>>>>> L"C:\\windows\\system32\\dpinst64.exe" not found
>>>>>>>> ) = 85
>>>>>>>>
>>>>>>>> copied the lib:
>>>>>>>> sudo cp programs/dpinst64/dpinst64.exe.so
>>>>>>>> /usr/lib/x86_64-linux-gnu/wine/
>>>>>>>>
>>>>>>>> now I am getting:
>>>>>>>>
>>>>>>>> $ wine64 ~/.wine/drive_c/windows/system32/dpinst64.exe
>>>>>>>> 002b:err:module:__wine_process_init
>>>>>>>> L"C:\\windows\\system32\\dpinst64.exe" not supported on this
>>>>>>>> system
>>>>>>>>
>>>>>>>> The same with setup.exe:
>>>>>>>>
>>>>>>>> $ WINEDLLOVERRIDES=dpinst64.exe=b,n WINEDEBUG=dpinst+trace
>>>>>>>> wine64
>>>>>>>> Setup.EXE
>>>>>>>> 0032:fixme:shell:SHChangeNotify ignoring unsupported flags: 2001
>>>>>>>> 0040:err:module:__wine_process_init L"C:\\Program Files
>>>>>>>> (x86)\\Hantek6000\\Bin\\dpinst64.exe" not supported on this
>>>>>>>> system
>>>>>>>> 0042:err:module:__wine_process_init L"C:\\Program Files
>>>>>>>> (x86)\\Hantek6000\\Bin\\dpinst64.exe" not supported on this
>>>>>>>> system
>>>>>>>>
>>>>>>>
>>>>>>> If you're building with MinGW, you want to copy it as
>>>>>>> "dpinst64.exe",
>>>>>>> not "dpinst64.exe.so".
>>>>>>>
>>>>>>> Probably easier is just to run the wine binary from the build
>>>>>>> tree
>>>>>>> instead, e.g. "path/to/build/tree/wine64 Setup.EXE". That doesn't
>>>>>>> require installing anything at all.
>>>>>>
>>>>>> It took me a while to understand what's wrong there - the
>>>>>> setup.exe is
>>>>>> 32bit binary and I didn't run with wine64 so I have to recompile
>>>>>> 32bit
>>>>>> wine.
>>>>>> Now, when I am installing the software, I get following error:
>>>>>>
>>>>>> 0118:fixme:imm:ImeSetActiveContext (0x257560, 0): stub
>>>>>> 0118:fixme:imm:ImmReleaseContext (00020060, 00257560): stub
>>>>>> 0108:fixme:imm:ImeSetActiveContext (0x245220, 1): stub
>>>>>> 0108:fixme:imm:ImmReleaseContext (00020090, 00245220): stub
>>>>>> 0138:err:module:import_dll Library USBD.SYS (which is needed by
>>>>>> L"C:\\Program
>>>>>> Files\\Hantek6000\\Driver\\Win10\\Hantek6000BX86.sys")
>>>>>> not found
>>>>>> 0150:err:module:import_dll Library USBD.SYS (which is needed by
>>>>>> L"C:\\Program
>>>>>> Files\\Hantek6000\\Driver\\Others\\Hantek6000BX86.sys")
>>>>>> not found
>>>>>> 0108:fixme:shell:SHChangeNotify ignoring unsupported flags: 2001
>>>>>>
>>>>>> Is there something to do to "activate" usbd.sys support? Is it
>>>>>> implemented at all?
>>>>>>
>>>>>> Thank you for everything.
>>>>>>
>>>>>> Daniel.
>>>>>
>>>>> I've found out it is searching for usbd.sys in following paths:
>>>>> 0120:trace:module:load_dll looking for L"USBD.SYS" in
>>>>> L"C:\\users\\danman\\Temp;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem;C:\\windows\\system32\\WindowsPowershell\\v1.0"
>>>>> 0120:err:module:import_dll Library USBD.SYS (which is needed by
>>>>> L"C:\\Program Files\\Hantek6000\\Driver\\Others\\HANT~1W0.SYS") not
>>>>> found
>>>>>
>>>>> but it was in system32/drivers so I copied it to system32. Now I am
>>>>> getting ntdll error:
>>>>>
>>>>> $ WINEDEBUG=trace+dpinst wine Setup.EXE
>>>>> 0044:fixme:imm:ImeSetActiveContext (0x257540, 0): stub
>>>>> 0044:fixme:imm:ImmReleaseContext (00010020, 00257540): stub
>>>>> 0024:fixme:imm:ImeSetActiveContext (0x245240, 1): stub
>>>>> 0024:fixme:imm:ImmReleaseContext (0001005A, 00245240): stub
>>>>> 0024:fixme:shell:SHChangeNotify ignoring unsupported flags: 2001
>>>>> 0158:err:ntdll:NtQueryInformationToken Unhandled token information
>>>>> class 26
>>>>> 0150:fixme:imm:ImeSetActiveContext (0x245380, 1): stub
>>>>> 0150:fixme:imm:ImmReleaseContext (000D00C6, 00245380): stub
>>>>
>>>> I have patched my ntdll to respond to class 26 like this:
>>>>
>>>> diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
>>>> index 8e3afd07..5fcd2fba 100644
>>>> --- a/dlls/ntdll/unix/security.c
>>>> +++ b/dlls/ntdll/unix/security.c
>>>> @@ -503,6 +503,10 @@ NTSTATUS WINAPI NtQueryInformationToken( HANDLE
>>>> token, TOKEN_INFORMATION_CLASS c
>>>> SERVER_END_REQ;
>>>> break;
>>>>
>>>> + case TokenUIAccess:
>>>> + status = STATUS_SUCCESS;
>>>> + break;
>>>> +
>>>> default:
>>>> ERR( "Unhandled token information class %u\n", class );
>>>> return STATUS_NOT_IMPLEMENTED;
>>>>
>>>> Now I see something new - there is a driver install wizard showing
>>>> failed installation of the driver so there is probably something
>>>> wrong
>>>> with the installation, see this video:
>>>> https://www.youtube.com/watch?v=Ko9gg6wVsX8
>>>>
>>>> I can also see there is dpinst process while the wizard is on:
>>>> danman 498279 10.8 0.7 1938044 30568 ? Ss 09:29 0:01
>>>> C:\Program Files (x86)\Hantek6000\Bin\dpinst64.exe /F /EL /PATH
>>>> C:\Program Files (x86)\Hantek6000\Driver\Win10
>>>
>>> That's native dpinst, which is exactly what my builtin implementation
>>> is supposed to replace.
>>>
>>> That said, if you're getting FIXMEs from usbd.sys, that should mean
>>> that the driver has already been installed and even enumerated, so I
>>> suppose you must have used builtin dpinst at some point. So now all
>>> that remains is to run the program and see if it manages to find its
>>> custom character device.
>>
>> I run the software after each change and it still cannot find the
>> device.
>>
>> But the driver seems to be installed:
>>
>> danman at danman-VirtualBox:~/.wine/drive_c/Program Files
>> (x86)/Hantek6000$ find ~/.wine/drive_c/windows/ | grep -i hant
>> /home/danman/.wine/drive_c/windows/inf/Hantek6000B.inf
>> /home/danman/.wine/drive_c/windows/inf/Hantek6000B.pnf
>> /home/danman/.wine/drive_c/windows/system32/driverstore/filerepository/Hantek6000B.inf_8fc6bacdccaea0f2e123badfd166626c32bc0969
>> /home/danman/.wine/drive_c/windows/system32/driverstore/filerepository/Hantek6000B.inf_8fc6bacdccaea0f2e123badfd166626c32bc0969/Hantek6000B.inf
>> /home/danman/.wine/drive_c/windows/system32/driverstore/filerepository/Hantek6000B.inf_8fc6bacdccaea0f2e123badfd166626c32bc0969/Hantek6000B.cat
>> /home/danman/.wine/drive_c/windows/system32/driverstore/filerepository/Hantek6000B.inf_8fc6bacdccaea0f2e123badfd166626c32bc0969/Hantek6000BAMD64.SYS
>> /home/danman/.wine/drive_c/windows/system32/catroot/{f750e6c3-38ee-11d1-85e5-00c04fc295ee}/Hantek6000B.cat
>
> The inf file contains a definition of a service:
>
> [DSO6CDE.AddServiceAmd64]
> DisplayName = %SvcDesc%
> ServiceType = 1
> StartType = 3
> ErrorControl = 1
> ServiceBinary = %10%\System32\Drivers\Hantek6000BAMD64.SYS
>
> When I check my Windows installation, the service is present in
> registry (see attached export).
> But it is not present in Wine. So I tried to load the export.
> The service still hasn't been started on wine start so I changed Start
> DWORD from 3 to 2
>
> Now I see the service failing start:
>
> 003c:trace:service:process_send_start_message 0000000000158F60
> L"DSO6CDE" 0000000000000000 0
> 00d4:trace:service:service_handle_control L"winedevice" control
> 2147483648 data 00000000001487D2 data_size 16
> 00d4:trace:service:OpenSCManagerW (null) (null) 0x1
> 00a0:trace:service:svcctl_OpenSCManagerW ((null), (null), 1)
> 00d4:trace:service:OpenServiceW 0000000000148D40 L"DSO6CDE" 0x8001
> 00a0:trace:service:svcctl_OpenServiceW (L"DSO6CDE", 0x8001)
> 00d4:trace:service:CloseServiceHandle 0000000000148D40
> 00a0:trace:service:svcctl_CloseServiceHandle (&000000000015AC80)
> 00d4:trace:service:QueryServiceConfigW 0000000000148F60
> 0000000000000000 0 0000000000A1FA50
> 00a0:trace:service:svcctl_QueryServiceConfigW (0000000000FCF978)
> 00d4:trace:service:QueryServiceConfigW 0000000000148F60
> 000000000014A1E0 284 0000000000A1FA50
> 00a0:trace:service:svcctl_QueryServiceConfigW (0000000000FCF978)
> 00d4:trace:service:QueryServiceConfigW Image path =
> L"\\SystemRoot\\System32\\Drivers\\Hantek6000BAMD64.SYS"
> 00d4:trace:service:QueryServiceConfigW Group = L""
> 00d4:trace:service:QueryServiceConfigW Dependencies = L""
> 00d4:trace:service:QueryServiceConfigW Service account name =
> L"LocalSystem"
> 00d4:trace:service:QueryServiceConfigW Display name =
> L"@oem9.inf,%SvcDesc%;Hantek6000B Scope Service"
> 00d4:trace:service:SetServiceStatus 0000000000148F60 0x30 0x2 0 0 0 0
> 0x2710
> 00a0:trace:service:svcctl_SetServiceStatus (000000000015ADD0,
> 0000000000159F04)
> 00d4:err:ntoskrnl:ZwLoadDriver failed to create driver
> L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\DSO6CDE":
> c0000142
> 00d4:trace:service:SetServiceStatus 0000000000148F60 0x30 0x1 0 0 0 0 0
> 00a0:trace:service:svcctl_SetServiceStatus (000000000015ADD0,
> 0000000000159EA4)
> 00d4:trace:service:CloseServiceHandle 0000000000148F60
> 00dc:trace:service:svcctl_CloseServiceHandle (&000000000015ADD0)
> 003c:trace:service:service_start returning 1114
> 003c:fixme:service:scmdatabase_autostart_services Auto-start service
> L"DSO6CDE" failed to start: 1114
>
>
>
> And the program still cannot find the device.
Ok, the file was not in the correct location, I had to copy
Hantek6000BAMD64.SYS to system32/drivers
I suppose all this (creating service, copying to system32/drivers)
should be handled during the inf installation (maybe by dpinst?).
Now, the service is started correctly:
003c:trace:service:process_send_start_message 000000000015A790
L"DSO6CDE" 0000000000000000 0
00d8:trace:service:service_handle_control L"winedevice" control
2147483648 data 00000000001486E2 data_size 16
00d8:trace:service:OpenSCManagerW (null) (null) 0x1
00a8:trace:service:svcctl_OpenSCManagerW ((null), (null), 1)
00d8:trace:service:OpenServiceW 0000000000148650 L"DSO6CDE" 0x8001
00e0:trace:service:svcctl_OpenServiceW (L"DSO6CDE", 0x8001)
00d8:trace:service:CloseServiceHandle 0000000000148650
00a8:trace:service:svcctl_CloseServiceHandle (&000000000015B2E0)
00d8:trace:service:QueryServiceConfigW 0000000000148AA0 0000000000000000
0 0000000000A1FA50
00e0:trace:service:svcctl_QueryServiceConfigW (000000000144F978)
00d8:trace:service:QueryServiceConfigW 0000000000148AA0 000000000014A230
284 0000000000A1FA50
00a8:trace:service:svcctl_QueryServiceConfigW (00000000010EF978)
00d8:trace:service:QueryServiceConfigW Image path =
L"\\SystemRoot\\System32\\Drivers\\Hantek6000BAMD64.SYS"
00d8:trace:service:QueryServiceConfigW Group = L""
00d8:trace:service:QueryServiceConfigW Dependencies = L""
00d8:trace:service:QueryServiceConfigW Service account name =
L"LocalSystem"
00d8:trace:service:QueryServiceConfigW Display name =
L"@oem9.inf,%SvcDesc%;Hantek6000B Scope Service"
00d8:trace:service:SetServiceStatus 0000000000148AA0 0x30 0x2 0 0 0 0
0x2710
00e0:trace:service:svcctl_SetServiceStatus (000000000015BA00,
000000000015AE34)
00d8:trace:service:SetServiceStatus 0000000000148AA0 0x30 0x4 0x5 0 0 0
0
00a8:trace:service:svcctl_SetServiceStatus (000000000015BA00,
000000000015AE34)
003c:trace:service:service_start returning 0
with trace+all I can see it imports some functions from usbd.sys:
56994.783:00c8:00d4:trace:loaddll:build_module Loaded
L"C:\\windows\\System32\\Drivers\\USBD.SYS" at 00007FD8B7670000: builtin
56994.783:00c8:00d4:trace:module:load_dll Loaded module
L"\\??\\C:\\windows\\System32\\Drivers\\USBD.SYS" at 00007FD8B7670000
00d4: close_handle( handle=0050 )
00d4: close_handle() = 0
56994.783:00c8:00d4:trace:heap:RtlFreeHeap
(0000000000140000,30000062,000000000017F0E0): returning TRUE
56994.783:00c8:00d4:trace:virtual:NtProtectVirtualMemory
0xffffffffffffffff 0xb63180 00000018 00000004
56994.783:00c8:00d4:trace:virtual:get_vprot_range_size base 0xb63000,
size 0x2000, mask 0x20.
56994.783:00c8:00d4:trace:virtual:dump_view View: 0xb60000 - 0xb64fff
(image)
56994.783:00c8:00d4:trace:virtual:dump_view 0xb60000 - 0xb62fff
c-rWx
56994.783:00c8:00d4:trace:virtual:dump_view 0xb63000 - 0xb63fff
c-rW-
56994.783:00c8:00d4:trace:virtual:dump_view 0xb64000 - 0xb64fff
c-rWx
56994.783:00c8:00d4:trace:imports:import_dll ---
USBD_CreateConfigurationRequestEx USBD.SYS.4 = 00007FD8B7679348
56994.783:00c8:00d4:trace:imports:import_dll ---
USBD_ParseConfigurationDescriptorEx USBD.SYS.10 = 00007FD8B767936C
56994.783:00c8:00d4:trace:imports:import_dll --- USBD_GetUSBDIVersion
USBD.SYS.8 = 00007FD8B7679430
56994.783:00c8:00d4:trace:virtual:NtProtectVirtualMemory
0xffffffffffffffff 0xb63000 00001000 00000080
56994.783:00c8:00d4:trace:virtual:get_vprot_range_size base 0xb63000,
size 0x2000, mask 0x20.
56994.783:00c8:00d4:trace:virtual:dump_view View: 0xb60000 - 0xb64fff
(image)
56994.783:00c8:00d4:trace:virtual:dump_view 0xb60000 - 0xb64fff
c-rWx
56994.783:00c8:00d4:trace:heap:RtlAllocateHeap
(0000000000140000,30000062,00000020): returning 000000000017F6A0
56994.783:00c8:00d4:trace:module:build_module loaded
L"\\??\\C:\\windows\\System32\\Drivers\\Hantek6000BAMD64.SYS"
000000000017ED50 0000000000B60000
56994.783:00c8:00d4:trace:loaddll:build_module Loaded
L"C:\\windows\\System32\\Drivers\\Hantek6000BAMD64.SYS" at
0000000000B60000: native
56994.783:00c8:00d4:trace:module:load_dll Loaded module
L"\\??\\C:\\windows\\System32\\Drivers\\Hantek6000BAMD64.SYS" at
0000000000B60000
00d4: close_handle( handle=004c )
00d4: close_handle() = 0
But these functions are never called (no trace output from usbd) and the
program still cannot find the device.
Are there any udev settings needed for the device to be "visible" by
wine?
Is there some way how to trace a specific library (Hantek6000BAMD64.SYS)
and find out what is it doing/calling?
More information about the wine-devel
mailing list