Program crash when moving a scrollbar

Norbert Feulner feulner.norbert at
Mon Mar 1 04:57:06 CST 2004

Program crash when moving a scrollbar

One of my windows programs crashes when moving the scrollbar. This
leads to the following dump:

Unhandled exception: page fault on write access to 0x00004740 in 32-bit code (0x4079bf67).
In 32-bit mode.
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:11df GS:0017
 EIP:4079bf67 ESP:40f740b8 EBP:40f740c0 EFLAGS:00010202(  R- 00  I   - - 1 )
 EAX:403f7bc4 EBX:40823eb0 ECX:00000002 EDX:00000041
 ESI:00004740 EDI:40f74744
Stack dump:
0x40f740b8 (_end+0xff550):  000000e3 40f74744 40f7417c 4079c4ca
0x40f740c8 (_end+0xff560):  00010029 00000002 00004740 40f74744
0x40f740d8 (_end+0xff570):  00000000 00000000 00000000 00000000
0x40f740e8 (_end+0xff580):  408e543c 0000ffff 00000000 40f74114
0x40f740f8 (_end+0xff590):  408b4028 4021f0f9 40582dbc 40f7411c
0x40f74108 (_end+0xff5a0):  40504177 408e4c40 408e543c 4021f01f
0x40f74118 (_end+0xff5b0):

023b: sel=11df base=405d6000 limit=00001fff 32-bit rw-
=>0 0x4079bf67 (SCROLL_GetScrollRange+0x27(hwnd=0x10029, nBar=0x2, lpMin=0x4740, lpMax=0x40f74744) [scroll.c:1378] in USER32.DLL) (ebp=40f740c0)
  1 0x4079c4ca (ScrollBarWndProc+0x53a(hwnd=0x10029, message=0xe3, wParam=0x4740, lParam=0x40f74744) [scroll.c:1531] in USER32.DLL) (ebp=40f7417c)
  2 0x407d0337 (WINPROC_wrapper+0x17 in USER32.DLL) (ebp=40f741a0)
  3 0x407d0394 (WINPROC_CallWndProc+0x54(proc=0x4079bf90, hwnd=0x10029, msg=0xe3, wParam=0x4740, lParam=0x40f74744) [winproc.c:229] in USER32.DLL) (ebp=40f741d4)
  4 0x407d5e70 (__wine_call_wndproc_32W+0x70(hwnd=0x29, msg=0xe3, wParam=0x4740, lParam=0x40f74744, func=0x4079bf90) [winproc.c:2958] in USER32.DLL) (ebp=40f74208)
  5 0x407d60e5 (CallWindowProc16+0xa5(func=0x13ff0264, hwnd=0x29, msg=0xe3, wParam=0x4740, lParam=0x40f74744) [winproc.c:3042] in USER32.DLL) (ebp=40f74238)
  6 0x4077016e (__wine_user_exe_CallFrom16_p_long_lwwwl+0x2e(proc=0x407d6040, args=0x403e2a9a) [user.exe.spec.c:197] in USER32.DLL) (ebp=40f74254)
  7 0x405115a8 (__wine_call_from_16_long+0x94 [relay16asm.s] in KERNEL32.DLL) (ebp=40f74284)
  8 0x127f:0x0c05 (bp=c372)
  9 0x127f:0x0d15 (bp=c396)
  10 0x129f:0x0135 (bp=c3c6)
  11 0x100f:0x0000 (bp=c400)
  12 0x40510707 (K32WOWCallback16Ex+0xc7(vpfn16=0x0, dwFlags=0x2, cbArgs=0xe, pArgs=0x40f742e8, pdwRetCode=0x40f742f8) [wowthunk.c:552] in KERNEL32.DLL) (ebp=40f742b4)
  13 0x407d05d4 (WINPROC_CallWndProc16+0x174(proc=0x13b700ba, hwnd=0x29, msg=0xe3, wParam=0x4740, lParam=0x40f74744) [winproc.c:300] in USER32.DLL) (ebp=40f745d4)
  14 0x407d5f13 (WINPROC_CallProc32ATo16+0x73(func=0x13b700ba, hwnd=0x10029, msg=0xe3, wParam=0x40f74740, lParam=0x40f74744) [winproc.c:2980] in USER32.DLL) (ebp=40f74610)
  15 0x407e773f (call_window_proc+0x11f(hwnd=0x10029, msg=0xe3, wparam=0x40f74740, lparam=0x40f74744, unicode=0x0, same_thread=0x1) [message.c:1455] in USER32.DLL) (ebp=40f7466c)

As you can see, the ESI Reg. is 00004740 and it is used as a pointer by the SCROLL_GetScrollRange. Dereferenzing the pointer leads to the page fault.
In the backtrace (line 14) wParam equals 0x40f74740. This is reduced to 0x4740 to
call some 16-Bit routines (line 13 ...).

WINPROC_MapMsg16To32A is used to restore some of the original values. It is called by
__wine_call_wndproc_32W (line 4).

Here I added for the case of message msg16 equals SBM_GETRANGE to extend pwparam32
to its 32-Bit value. This is done by using the upper word from plparam.

Now the program will not crash any more and moving the scrollbar
will show the propper result.

But moving this slider (only the one that crashed before) results in its blinking (linke a cursor in a text window).
This can be ended by clicking outside of the scrollbar.
Actually I think this is another problem and has nothing to do with my change. Well its
bit exotic, but it does its job ;-)

Regards Norbert

Nachrichten, Musik und Spiele schnell und einfach per Quickstart im 
WEB.DE Screensaver - Gratis downloaden:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winproc.c.diff
Type: application/octet-stream
Size: 570 bytes
Desc: not available
Url :

More information about the wine-patches mailing list