wine users - Aug 2009 - DLL Injection -> segfaults on wine

Hi,

I've started today programming with a windows library which I especially
want to use in Wine.
This library replaces one that is for windows native program and I'm trying
to create a similar library that communicates with a native linux replacement of
the program for windows.

This library needs to be injected into some special processes like the windows
one did (it's an SDK, can't change anything about it).

I have now written a short program that runs a program and injects the library
into it.

My source for how to do this comes from http://www.quantumg.net/injectdll.php
with two small changes from another project I found when searching Wines
bugtracker.

My problem now is, that none of the functions return errors, so everything seems
to be successfull. But the thread started by CreateRemoteThread segfaults in two
different locations. The mysterious thing about it is, that the library and
program run perfectly on native windows.

I'll append the logs for both segfaults, maybe someone has an idea
what's going wrong?

I'm using Wine 1.1.27 on Gentoo with Xfce4, programs compiled using mingw if
that helps :)


Code:
oggy at oGGy-Linux ~/.wine/drive_c/Programme/xfire_sdk_gfire $ wine
gfire_sdk_inject.exe "C:\\Programme\xfire_sdk_gfire\check.exe"
Injection DLL: C:\Programme\xfire_sdk_gfire\xfire_toucan_gfire_0.1.dll
Allocated 61 bytes at 00240000
LoadLibraryA address: 7EDDD030
?e?P???: Erfolg
wine: Unhandled page fault on write access to 0x7eddd035 at address 0x7eddd04a
(thread 001f), starting debugger...
Unhandled exception: page fault on write access to 0x7eddd035 in 32-bit code
(0x7eddd04a).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7eddd04a ESP:0080ea9c EBP:0080eaa8 EFLAGS:00010246(  R- --  I  Z- -P- )
 EAX:00000000 EBX:7efe3ff4 ECX:7cafc440 EDX:7eddd035
 ESI:7ffd4f10 EDI:7ffd41d4
Stack dump:
0x0080ea9c:  7efbbc58 00240005 7ffd4f10 0080eb78
0x0080eaac:  7efbbe60 00240000 00240005 00000000
0x0080eabc:  00000000 00000000 ffffffff 7efbe300
0x0080eacc:  7eddb800 7efe3ff4 7ffd4f10 7ffd41d4
0x0080eadc:  0080eb78 26d37876 d07a728a 00000000
0x0080eaec:  00000002 00000040 00000000 00000000
Backtrace:
=>0 0x7eddd04a FindNextFileW+0x32a() in kernel32 (0x0080eaa8)
  1 0x7efbbe60 call_thread_entry_point+0x70() in ntdll (0x0080eb78)
  2 0x7efc57af in ntdll (+0x657af) (0x0080f3b8)
  3 0xf7e3119b start_thread+0xcb() in libpthread.so.0 (0x0080f4b8)
  4 0xf7dbba8e __clone+0x5e() in libc.so.6 (0x00000000)
0x7eddd04a FindNextFileW+0x32a in kernel32: movw	$0x5c,0x0(%edx,%eax,2)
Modules:
Module	Address			Debug info	Name (19 modules)
PE	  400000-  406000	Deferred        check
ELF	7bf00000-7bf04000	Deferred        <wine-loader>
ELF	7ec73000-7ece3000	Deferred        msvcrt<elf>
  \-PE	7ec80000-7ece3000	\               msvcrt
ELF	7ece3000-7ecee000	Deferred        libnss_files.so.2
ELF	7ecee000-7ed05000	Deferred        libnsl.so.1
ELF	7ed97000-7ef03000	Export          kernel32<elf>
  \-PE	7edb0000-7ef03000	\               kernel32
ELF	7ef03000-7ef29000	Deferred        libm.so.6
ELF	7ef4e000-7f000000	Export          ntdll<elf>
  \-PE	7ef60000-7f000000	\               ntdll
ELF	f7ce6000-f7ce9000	Deferred        iso8859-1.so
ELF	f7ceb000-f7cef000	Deferred        libdl.so.2
ELF	f7cef000-f7e2c000	Export          libc.so.6
ELF	f7e2c000-f7e44000	Export          libpthread.so.0
ELF	f7e45000-f7e50000	Deferred        libnss_nis.so.2
ELF	f7e61000-f7e69000	Deferred        libnss_compat.so.2
ELF	f7e69000-f7fa5000	Deferred        libwine.so.1
ELF	f7fa6000-f7fc4000	Deferred        ld-linux.so.2
Threads:
process  tid      prio (all id:s are in hex)
00000008 
	00000009    0
0000000e 
	0000001b    0
	00000016    0
	00000015    0
	00000014    0
	00000010    0
	0000000f    0
00000011 
	00000017    0
	00000013    0
	00000012    0
00000018 
	0000001c    0
	0000001a    0
	00000019    0
0000001d (D) C:\Programme\xfire_sdk_gfire\check.exe
	0000001f    0 <=	0000001e    0
00000022 
	00000023    0
Backtrace:
=>0 0x7eddd04a FindNextFileW+0x32a() in kernel32 (0x0080eaa8)
  1 0x7efbbe60 call_thread_entry_point+0x70() in ntdll (0x0080eb78)
  2 0x7efc57af in ntdll (+0x657af) (0x0080f3b8)
  3 0xf7e3119b start_thread+0xcb() in libpthread.so.0 (0x0080f4b8)
  4 0xf7dbba8e __clone+0x5e() in libc.so.6 (0x00000000)
Successfully injected!
oggy at oGGy-Linux ~/.wine/drive_c/Programme/xfire_sdk_gfire $ Start
Xfire is NOT running!





Code:
oggy at oGGy-Linux ~/.wine/drive_c/Programme/xfire_sdk_gfire $ Start
Xfire is NOT running!
t.exe "C:\\Programme\xfire_sdk_gfire\check.exe"
Injection DLL: C:\Programme\xfire_sdk_gfire\xfire_toucan_gfire_0.1.dll
Allocated 61 bytes at 00240000
LoadLibraryA address: 7EDCA030
wine: Unhandled page fault on write access to 0x00000003 at address 0xf7cd6bfe
(thread 001f), starting debugger...
Unhandled exception: page fault on write access to 0x00000003 in 32-bit code
(0xf7cd6bfe).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:f7cd6bfe ESP:0080ea94 EBP:0080eaa8 EFLAGS:00010206(  R- --  I   - -P- )
 EAX:000000cc EBX:7efe3ff4 ECX:7efd6c11 EDX:00000003
 ESI:7ffd4f10 EDI:00000003
Stack dump:
0x0080ea94:  7ffd41d4 7edc9ffe 00000003 7f0966cc
0x0080eaa4:  7efd6c11 7efd6bb5 00000000 00000000
0x0080eab4:  7ffd4f10 7ffd4f10 00000000 00000000
0x0080eac4:  ffffffff 7efbe300 7eddb800 7efe3ff4
0x0080ead4:  7ffd4f10 7ffd41d4 0080eb78 a234781a
0x0080eae4:  549d72e6 00000000 00000002 00000040
Backtrace:
=>0 0xf7cd6bfe memset+0x1e() in libc.so.6 (0x0080eaa8)
  1 0x00000000 (0x7efd6bb5)
0xf7cd6bfe memset+0x1e in libc.so.6: stosb	%es:(%edi)
Modules:
Module	Address			Debug info	Name (18 modules)
PE	  400000-  406000	Deferred        check
ELF	7bf00000-7bf04000	Deferred        <wine-loader>
ELF	7ec73000-7ece3000	Deferred        msvcrt<elf>
  \-PE	7ec80000-7ece3000	\               msvcrt
ELF	7ece3000-7ecee000	Deferred        libnss_files.so.2
ELF	7ecee000-7ed05000	Deferred        libnsl.so.1
ELF	7ed97000-7ef03000	Deferred        kernel32<elf>
  \-PE	7edb0000-7ef03000	\               kernel32
ELF	7ef03000-7ef29000	Deferred        libm.so.6
ELF	7ef4e000-7f000000	Deferred        ntdll<elf>
  \-PE	7ef60000-7f000000	\               ntdll
ELF	f7c52000-f7c5d000	Deferred        libnss_nis.so.2
ELF	f7c5f000-f7c63000	Deferred        libdl.so.2
ELF	f7c63000-f7da0000	Export          libc.so.6
ELF	f7da0000-f7db8000	Deferred        libpthread.so.0
ELF	f7dd5000-f7ddd000	Deferred        libnss_compat.so.2
ELF	f7ddd000-f7f19000	Deferred        libwine.so.1
ELF	f7f1a000-f7f38000	Deferred        ld-linux.so.2
Threads:
process  tid      prio (all id:s are in hex)
00000008 
	00000009    0
0000000e 
	0000001b    0
	00000016    0
	00000015    0
	00000014    0
	00000010    0
	0000000f    0
00000011 
	00000017    0
	00000013    0
	00000012    0
00000018 
	0000001c    0
	0000001a    0
	00000019    0
0000001d (D) C:\Programme\xfire_sdk_gfire\check.exe
	0000001f    0 <=	0000001e    0
00000022 
	00000023    0
Backtrace:
=>0 0xf7cd6bfe memset+0x1e() in libc.so.6 (0x0080eaa8)
  1 0x00000000 (0x7efd6bb5)
Successfully injected!
Start
Xfire is NOT running!
oggy at oGGy-Linux ~/.wine/drive_c/Programme/xfire_sdk_gfire $ 




Btw: check.exe is an example implementation using the SDK ("Start" and
"Xfire is NOT running!" come from it)

oGGy wrote:
> I've started today programming with a windows library which I
especially want to use in Wine.
> This library replaces one that is for windows native program and I'm
trying to create a similar library that communicates with a native linux
replacement of the program for windows.
Some of that stuff will not work on Wine. It does not have the same processes as
native.

Usually injecting code is a big no-no in *NIX word (well you can't do that
unless you root just that simple). Wine does lots of special tricks to get some
of that working.

I'm not even talking about Wine's own libraries - you can't inject
code this way into them. Also you do not have properly compiled Wine (you
missing prelink).