mkrsym1/dusk

Tested on macOS Ventura 13.1 with Wine 8.4 staging build

With patch:

1447042.202:01fc:err:virtual:virtual_setup_exception stack overflow 1648 bytes addr 0x170033490 stack 0x110990 (0x110000-0x111000-0x210000)

Without patch: (just for reference

1447019.533:01c0:fixme:thread_:get_thread_times not implemented on this platform
1447019.762:01c4:fixme:ver:GetCurrentPackageId (00000000026FFE10 0000000000000000): stub
1447019.815:01c0:fixme:toolhelp:CreateToolhelp32Snapshot Unimplemented: heap list snapshot
1447019.816:01c0:fixme:toolhelp:Heap32ListFirst : stub
1447019.820:01c0:fixme:ntdll:NtQuerySystemInformation info_class SYSTEM_PERFORMANCE_INFORMATION
1447019.893:01c0:err:virtual:try_map_free_area mmap() error Cannot allocate memory, range 0x7ffffffe0000-0x7ffffffe1000, unix_prot 0x7

~~btw I can't star this repo as it always gives me 404. not a bug?~~

Also tested on foss crossover 22.1 (based wine 7.7) with patch. Although it's not supposed to work, at least it generates unity crash logs (and the wine log is similar to 8.4 without patch, and there is no err:virtual:try_map_free_area. The game runs in background for minites and crashes, no window pops up). I upload it here for reference. crash.tar.gz.

notabug is literally broken

The 7.7 crash is reproducible on my system. Seems like the 8.4 Wine build for macOS is just broken

wine log with trace WINEDEBUG=trace+all,+relay

Seems like this Wine build doesn't replicate the Windows thread environment block correctly. Unfortunately there's nothing I can do about it.

0x0000018019c708 causes the c0000005 error and for some reason the error handler creates an infinite loop (seems error is raised the handler and be handled the handler again)

Z:\Users\sanshain\bh3>winedbg bh3
preloader: Warning: failed to reserve range 0000000000010000-0000000000110000
preloader: Warning: failed to reserve range 0000000000010000-0000000000110000
WineDbg starting on pid 0114
0x00000170055bf9 ntdll+0x55bf9: ret
Wine-dbg>break * 0x1400a5b1f
Breakpoint 1 at 0x000001400a5b1f EntryPoint in bh3
Wine-dbg>c
Stopped on breakpoint 1 at 0x000001400a5b1f EntryPoint in bh3
Wine-dbg>bt
Backtrace:
=>0 0x000001400a5b1f EntryPoint() in bh3 (0000000000000000)
  1 0x0000007b627d49 in kernel32 (+0x27d49) (0000000000000000)
  2 0x0000017005e1f8 in ntdll (+0x5e1f8) (0000000000000000)
Wine-dbg>break * 0x18019c708
Breakpoint 2 at 0x0000018019c708 bh3base+0x19c708
Wine-dbg>c
Stopped on breakpoint 2 at 0x0000018019c708 bh3base+0x19c708
Wine-dbg>bt
Backtrace:
=>0 0x0000018019c708 in bh3base (+0x19c708) (0x0000000021fe00)
Wine-dbg>info thread
0110:fixme:thread:get_thread_times not implemented on this platform
process  tid      prio    name (all IDs are in hex)
00000020 start.exe
        ["C:\windows\system32\start.exe" /exec cmd]
        00000024    0
00000038 services.exe
        ["C:\windows\system32\services.exe"]
        0000003c    0
        00000040    0     wine_rpcrt4_server
        0000004c    0     wine_rpcrt4_io
        00000070    0     wine_rpcrt4_io
        0000009c    0     wine_rpcrt4_io
        000000b4    0     wine_rpcrt4_io
        000000d8    0     wine_rpcrt4_io
00000044 winedevice.exe
        [C:\windows\system32\winedevice.exe]
        00000048    0
        00000054    0
        00000058    0     wine_sechost_service
        0000005c    0
        00000060    0
        00000064    0
        000000c0    0
00000068 winedevice.exe
        [C:\windows\system32\winedevice.exe]
        0000006c    0
        00000074    0
        00000078    0     wine_sechost_service
        0000007c    0
        00000080    0
        00000084    0
        00000088    0
0000008c explorer.exe
        ["C:\windows\system32\explorer.exe" /desktop]
        00000090    0
        000000c4    0
        000000c8    0     wine_rpcrt4_server
00000094 plugplay.exe
        [C:\windows\system32\plugplay.exe]
        00000098    0
        000000a0    0
        000000a4    0     wine_sechost_service
        000000a8    0     wine_rpcrt4_server
000000ac svchost.exe
        [C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted]
        000000b0    0
        000000b8    0
        000000bc    0     wine_sechost_service
000000d0 rpcss.exe
        [C:\windows\system32\rpcss.exe]
        000000d4    0
        000000e0    0
        000000e4    0     wine_sechost_service
        000000e8    0     wine_rpcrt4_server
        000000ec    0     wine_rpcrt4_server
        000000f0    0     wine_rpcrt4_io
000000f8 conhost.exe
        ["C:\windows\system32\conhost.exe" --unix --width 163 --height 22 --server 0xc]
        000000fc    0
        00000108    0
00000100 cmd.exe
        ["C:\windows\system32\cmd.exe" ]
        00000104    0
00000114 (D) Z:\Users\sanshain\bh3\BH3.exe
        ["bh3"]
        00000118    0 <==
Wine-dbg>disas
0x0000018019c708 bh3base+0x19c708: movq 0x00000000000020(%rax),%rax
0x0000018019c70c bh3base+0x19c70c: movq (%rax),%rax
0x0000018019c70f bh3base+0x19c70f: movq (%rax),%rax
0x0000018019c712 bh3base+0x19c712: movq 0x00000000000020(%rax),%rax
0x0000018019c716 bh3base+0x19c716: ret
0x0000018019c717 bh3base+0x19c717: movq %gs:0x00000000000060,%rax
0x0000018019c720 bh3base+0x19c720: movq 0x00000000000018(%rax),%rax
0x0000018019c724 bh3base+0x19c724: movq 0x00000000000020(%rax),%rax
0x0000018019c728 bh3base+0x19c728: movq 0x00000000000020(%rax),%rax
0x0000018019c72c bh3base+0x19c72c: ret
Wine-dbg>stepi
0118:err:virtual:virtual_setup_exception stack overflow 1616 bytes in thread 0118 addr 0x1700576fc stack 0x1209b0 (0x120000-0x121000-0x220000)
Process of pid=0114 has terminated

9028.702:0100:0104:trace:seh:dispatch_exception code=c0000005 flags=0 addr=000000018019C708 ip=18019c708
9028.702:0100:0104:trace:seh:dispatch_exception  info[0]=0000000000000000
9028.702:0100:0104:trace:seh:dispatch_exception  info[1]=0000005b00000020
9028.702:0100:0104:trace:seh:dispatch_exception  rax=0000005b00000000 rbx=0000000000000000 rcx=000000007fef0000 rdx=00000001400a5b1f
9028.702:0100:0104:trace:seh:dispatch_exception  rsi=000000000021fe90 rdi=000000000021fe20 rbp=000000000021fd90 rsp=000000000021fc78
9028.702:0100:0104:trace:seh:dispatch_exception   r8=000000007fef0000  r9=0000000000000000 r10=000000000031fc00 r11=0000000000000206
9028.702:0100:0104:trace:seh:dispatch_exception  r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000

There is no wine log (trace or relay) after entering 0x1400a5b1f

`0x0000018019c708` causes the `c0000005` error and for some reason the error handler creates an infinite loop (seems error is raised the handler and be handled the handler again) ``` Z:\Users\sanshain\bh3>winedbg bh3 preloader: Warning: failed to reserve range 0000000000010000-0000000000110000 preloader: Warning: failed to reserve range 0000000000010000-0000000000110000 WineDbg starting on pid 0114 0x00000170055bf9 ntdll+0x55bf9: ret Wine-dbg>break * 0x1400a5b1f Breakpoint 1 at 0x000001400a5b1f EntryPoint in bh3 Wine-dbg>c Stopped on breakpoint 1 at 0x000001400a5b1f EntryPoint in bh3 Wine-dbg>bt Backtrace: =>0 0x000001400a5b1f EntryPoint() in bh3 (0000000000000000) 1 0x0000007b627d49 in kernel32 (+0x27d49) (0000000000000000) 2 0x0000017005e1f8 in ntdll (+0x5e1f8) (0000000000000000) Wine-dbg>break * 0x18019c708 Breakpoint 2 at 0x0000018019c708 bh3base+0x19c708 Wine-dbg>c Stopped on breakpoint 2 at 0x0000018019c708 bh3base+0x19c708 Wine-dbg>bt Backtrace: =>0 0x0000018019c708 in bh3base (+0x19c708) (0x0000000021fe00) Wine-dbg>info thread 0110:fixme:thread:get_thread_times not implemented on this platform process tid prio name (all IDs are in hex) 00000020 start.exe ["C:\windows\system32\start.exe" /exec cmd] 00000024 0 00000038 services.exe ["C:\windows\system32\services.exe"] 0000003c 0 00000040 0 wine_rpcrt4_server 0000004c 0 wine_rpcrt4_io 00000070 0 wine_rpcrt4_io 0000009c 0 wine_rpcrt4_io 000000b4 0 wine_rpcrt4_io 000000d8 0 wine_rpcrt4_io 00000044 winedevice.exe [C:\windows\system32\winedevice.exe] 00000048 0 00000054 0 00000058 0 wine_sechost_service 0000005c 0 00000060 0 00000064 0 000000c0 0 00000068 winedevice.exe [C:\windows\system32\winedevice.exe] 0000006c 0 00000074 0 00000078 0 wine_sechost_service 0000007c 0 00000080 0 00000084 0 00000088 0 0000008c explorer.exe ["C:\windows\system32\explorer.exe" /desktop] 00000090 0 000000c4 0 000000c8 0 wine_rpcrt4_server 00000094 plugplay.exe [C:\windows\system32\plugplay.exe] 00000098 0 000000a0 0 000000a4 0 wine_sechost_service 000000a8 0 wine_rpcrt4_server 000000ac svchost.exe [C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted] 000000b0 0 000000b8 0 000000bc 0 wine_sechost_service 000000d0 rpcss.exe [C:\windows\system32\rpcss.exe] 000000d4 0 000000e0 0 000000e4 0 wine_sechost_service 000000e8 0 wine_rpcrt4_server 000000ec 0 wine_rpcrt4_server 000000f0 0 wine_rpcrt4_io 000000f8 conhost.exe ["C:\windows\system32\conhost.exe" --unix --width 163 --height 22 --server 0xc] 000000fc 0 00000108 0 00000100 cmd.exe ["C:\windows\system32\cmd.exe" ] 00000104 0 00000114 (D) Z:\Users\sanshain\bh3\BH3.exe ["bh3"] 00000118 0 <== Wine-dbg>disas 0x0000018019c708 bh3base+0x19c708: movq 0x00000000000020(%rax),%rax 0x0000018019c70c bh3base+0x19c70c: movq (%rax),%rax 0x0000018019c70f bh3base+0x19c70f: movq (%rax),%rax 0x0000018019c712 bh3base+0x19c712: movq 0x00000000000020(%rax),%rax 0x0000018019c716 bh3base+0x19c716: ret 0x0000018019c717 bh3base+0x19c717: movq %gs:0x00000000000060,%rax 0x0000018019c720 bh3base+0x19c720: movq 0x00000000000018(%rax),%rax 0x0000018019c724 bh3base+0x19c724: movq 0x00000000000020(%rax),%rax 0x0000018019c728 bh3base+0x19c728: movq 0x00000000000020(%rax),%rax 0x0000018019c72c bh3base+0x19c72c: ret Wine-dbg>stepi 0118:err:virtual:virtual_setup_exception stack overflow 1616 bytes in thread 0118 addr 0x1700576fc stack 0x1209b0 (0x120000-0x121000-0x220000) Process of pid=0114 has terminated ``` ``` 9028.702:0100:0104:trace:seh:dispatch_exception code=c0000005 flags=0 addr=000000018019C708 ip=18019c708 9028.702:0100:0104:trace:seh:dispatch_exception info[0]=0000000000000000 9028.702:0100:0104:trace:seh:dispatch_exception info[1]=0000005b00000020 9028.702:0100:0104:trace:seh:dispatch_exception rax=0000005b00000000 rbx=0000000000000000 rcx=000000007fef0000 rdx=00000001400a5b1f 9028.702:0100:0104:trace:seh:dispatch_exception rsi=000000000021fe90 rdi=000000000021fe20 rbp=000000000021fd90 rsp=000000000021fc78 9028.702:0100:0104:trace:seh:dispatch_exception r8=000000007fef0000 r9=0000000000000000 r10=000000000031fc00 r11=0000000000000206 9028.702:0100:0104:trace:seh:dispatch_exception r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 ``` There is no wine log (trace or relay) after entering `0x1400a5b1f`

The instruction at 0x0000018019c708 is supposed to get the process environment block address from the thread environment block. Reading the TEB causes an access violation (c0000005) for some reason. That's why I made the assumption that this Wine build doesn't replicate the Windows TEB correctly

No, it is actually supposed to get the InMemoryOrderModuleList from the Ldr structure in the PEB. https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb_ldr_data

For some reason that causes an access violation. It really shouldn't.

https://github.com/Gcenx/winecx/blob/crossover-wine/dlls/ntdll/unix/signal_x86_64.c#L3184 https://github.com/Gcenx/winecx/blob/crossover-wine/dlls/ntdll/unix/thread.c#L1054 https://github.com/Gcenx/winecx/blob/crossover-wine/dlls/ntdll/unix/loader.c#L2471

with these patches problem get solved.

3Shain closed 2 years ago

#2 It doesn't work on macOS