Hi, All: I also find out 2 special things (1) The address of the array which causes the exception happens to be the memory-mapped address of comctl32.dll (check the /proc/../smaps) (2) If the address of the array is pointing to heap (from my malloc), or some other places which are not occupied by any dll, then "no" exception will occur
Originally I doubt the exception may be the bug of the RPC library I am using (libc6-dev package inside Ubuntu). However, if that's the case, my malloc pointer should also cause exception (but it doesn't) Still hope someone can give a hint on how to debug this question Best wishes, Jui-Hao > > Message: 11 > Date: Wed, 21 Apr 2010 09:37:53 -0400 > From: Jui-Hao Chiang <windtracek...@gmail.com> > Subject: Intercept relay_call causes seh:raise_exception code=c0000005 > To: wine-devel@winehq.org > Message-ID: > <i2h52cf60ee1004210637gc7f20e5dq9b958127331b1...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, All, I am currently using the WINEDEBUG=relay feature to intercept > function calls as the following > > 1. in dlls/ntdll/relay.c, insert code snippet in > static LONGLONG WINAPI relay_call( struct relay_descr *descr, unsigned > int idx, const INT_PTR *stack ) > { > ..... > my_own_function(entry_point->name, nb_args stack); /* added by myself */ > ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1 ); > /* original Wine code*/ > .... > } > > LONGLONG > my_own_function(const char *funcname, int nb_args, const INT_PTR *stack) > { > /* CreateBitmap has 5 parameters, the 5th one is pointing to an array > while others are native type as the following > HBITMAP WINAPI CreateBitmap( INT width, INT height, UINT planes, > UINT bpp, LPCVOID bits ) > */ > if (strcmp(funcname, "CreateBitmap") == 0) > Rpc_CreateBitmap(*(stack+1), *(stack+2), *(stack+3), > *(stack+4), *(stack+5)); // this function just try to forward all > parameters to remote RPC server for record > } > > 2. Run program with WINEDEBUG=trace+all,relay wine notepad > dump 2>&1 > 3. If I only pass the parameter 1 to 4 to Rpc_CreateBitmap, then there > is no problem, but if I add the 5th one (which points to some array), > then the notepad aborts with he following debug message > > 0009:Call gdi32.CreateBitmap(00000008,00000008,00000001,00000001,7e95d822) > ret=7e8da083 > 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0xb754a21d > ip=b754a21d tid=0009 > 0009:trace:seh:raise_exception info[0]=00000001 > 0009:trace:seh:raise_exception info[1]=7e95d822 > 0009:trace:seh:raise_exception eax=00000055 ebx=b7593ff4 ecx=0033fa4c > edx=00000001 esi=7e95d822 edi=00000001 > 0009:trace:seh:raise_exception ebp=0033fa54 esp=0033fa44 cs=0073 > ds=007b es=007b fs=0033 gs=003b flags=00010202 > 0009:trace:seh:call_vectored_handlers calling handler at 0x7b83fd50 > code=c0000005 flags=0 > 0009:trace:seh:call_vectored_handlers handler at 0x7b83fd50 returned 0 > 0009:trace:seh:call_stack_handlers calling handler at 0x7bc4a480 > code=c0000005 flags=0 > 0009:trace:seh:__regs_RtlUnwind code=c0000005 flags=2 > 0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc6bc50 > code=c0000005 flags=2 > 0009:trace:seh:__regs_RtlUnwind handler at 0x7bc6bc50 returned 1 > 0009:exception in PE entry point > (proc=0x7e95a890,module=0x7e8c0000,reason=PROCESS_ATTACH,res=0x1) > > 4. But if I use malloc to copy the content of the array pointed by 5th > parameter, then there is no problem > LONGLONG > my_own_function(const char *funcname, int nb_args, const INT_PTR *stack) > { > char *buffer = NULL; > if (strcmp(funcname, "CreateBitmap") == 0) { > buffer = (char*)malloc(.....); > memcpy(buffer, *(stack+5), ....); > Rpc_CreateBitmap(*(stack+1), *(stack+2), *(stack+3), > *(stack+4), buffer); /* No exception if I do this */ > } > > Can anyone gives me a hint that what's happening here? or I am doing > some illegal operations? > Appreciate any comments, > Jui-Hao >