Netscape 4.08 doesn't fully start

[VFDan]

Describe the bug
When trying to run Netscape 4.08, I get this long error

version: 2161
Limit check at 0x034aa391 failed. Segment 195f, limit 00004fff, offset 00005004
=====dump all modules=====
Module Flags Name Flag
 1987   8309    UNI1600     SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 18d7   8301    WINFP16     SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 183f   8021    WINSOCK     SINGLEDATA | BUILTIN | LIBMODULE
 1787   8309    RESDLL      SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 1667   8309    JPEG1640    SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 1637   8309    XPPREF16    SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 15ef   8309    JS1640      SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 15d7   8021    TOOLHELP    SINGLEDATA | BUILTIN | LIBMODULE
 159f   8309    PR1640      SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 1537   8309    JRT1640     SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 151f   8021    VER         SINGLEDATA | BUILTIN | LIBMODULE
 1507   8021    DDEML       SINGLEDATA | BUILTIN | LIBMODULE
 14ef   8021    COMMDLG     SINGLEDATA | BUILTIN | LIBMODULE
 14d7   8021    SHELL       SINGLEDATA | BUILTIN | LIBMODULE
 1497   8305    MFCOLEUI    SINGLEDATA | FRAMEBUF | CONSOLE | GUI | LIBMODULE
 147f   8021    OLE2DISP    SINGLEDATA | BUILTIN | LIBMODULE
 1467   8021    OLE2        SINGLEDATA | BUILTIN | LIBMODULE
 144f   8021    STORAGE     SINGLEDATA | BUILTIN | LIBMODULE
 1437   8021    COMPOBJ     SINGLEDATA | BUILTIN | LIBMODULE
 141f   8021    WIN87EM     SINGLEDATA | BUILTIN | LIBMODULE
 13ff   8021    CTL3DV2     SINGLEDATA | BUILTIN | LIBMODULE
 11af   0302    NETSCAPE    MULTIPLEDATA | FRAMEBUF | CONSOLE | GUI
 1197   8021    SOUND       SINGLEDATA | BUILTIN | LIBMODULE
 117f   8021    MMSYSTEM    SINGLEDATA | BUILTIN | LIBMODULE
 1167   8021    MOUSE       SINGLEDATA | BUILTIN | LIBMODULE
 114f   8021    KEYBOARD    SINGLEDATA | BUILTIN | LIBMODULE
 1137   8021    DISPLAY     SINGLEDATA | BUILTIN | LIBMODULE
 1117   8021    USER        SINGLEDATA | BUILTIN | LIBMODULE
 10f7   8021    GDI         SINGLEDATA | BUILTIN | LIBMODULE
 10cf   8021    TIMER       SINGLEDATA | BUILTIN | LIBMODULE
 10b7   8021    COMM        SINGLEDATA | BUILTIN | LIBMODULE
 109f   8021    SYSTEM      SINGLEDATA | BUILTIN | LIBMODULE
 1007   8021    KERNEL      SINGLEDATA | BUILTIN | LIBMODULE
=====dump all modules=====
00480000-00489000 otvdm.exe
77A40000-77BDA000 ntdll.dll
75E80000-75F60000 KERNEL32.DLL
77010000-7720C000 KERNELBASE.dll
77210000-77289000 ADVAPI32.dll
75B40000-75BFF000 msvcrt.dll
75E00000-75E76000 sechost.dll
765F0000-766AB000 RPCRT4.dll
75210000-75230000 SspiCli.dll
75200000-7520A000 CRYPTBASE.dll
76EE0000-76F3F000 bcryptPrimitives.dll
75A20000-75B3F000 ucrtbase.dll
507A0000-507B4000 VCRUNTIME140.dll
7BBA0000-7BBDA000 libwine.dll
7BBE0000-7BC5B000 krnl386.exe16
76D40000-76ED5000 USER32.dll
75230000-75247000 win32u.dll
74470000-744EE000 DSOUND.dll
76F50000-76F71000 GDI32.dll
76CE0000-76D23000 powrprof.dll
75C00000-75D5A000 gdi32full.dll
76F40000-76F4D000 UMPDC.dll
779B0000-77A2C000 msvcp_win.dll
75F60000-764D5000 SHELL32.dll
77730000-779A6000 combase.dll
775F0000-7762B000 cfgmgr32.dll
753B0000-75434000 shcore.dll
766B0000-76C72000 windows.storage.dll
77320000-77337000 profapi.dll
6D3A0000-6D3C4000 WINMM.dll
77630000-77674000 shlwapi.dll
77000000-7700F000 kernel.appcore.dll
75440000-75453000 cryptsp.dll
6D2D0000-6D2F3000 winmmbase.dll
6D330000-6D39B000 WINSPOOL.DRV
776E0000-776F9000 bcrypt.dll
751C0000-751F2000 IPHLPAPI.DLL
6DFC0000-6E085000 PROPSYS.dll
75D60000-75DF2000 OLEAUT32.dll
77700000-77725000 IMM32.DLL
750D0000-750F9000 ntmarta.dll
7BC60000-7BC68000 system.drv16
7BC70000-7BC78000 comm.drv16
7BC80000-7BC88000 timer.drv16
7BB10000-7BB97000 vm86.dll
75330000-7534B000 imagehlp.dll
7BC90000-7BCB2000 gdi.exe16
7BCC0000-7BE69000 user.exe16
7CDA0000-7CDB8000 MPR.dll
74560000-74568000 VERSION.dll
6E090000-6E10A000 UxTheme.dll
764E0000-765E3000 MSCTF.dll
774F0000-775E7000 ole32.dll
7BE70000-7BE79000 display.drv16
7BE80000-7BE88000 keyboard.drv16
7BE90000-7BE98000 mouse.drv16
7BEA0000-7BEBA000 mmsystem.dll16
7BEC0000-7BEC9000 sound.drv16
7BED0000-7BED8000 ctl3dv2.dll16
7BEE0000-7BEE8000 win87em.dll16
7BEF0000-7BF01000 compobj.dll16
7BF10000-7BFB4000 ole2.dll16
7BFC0000-7BFC8000 storage.dll16
7BFD0000-7C005000 ole2disp.dll16
040B0000-040B3000 LZ32.dll
7C010000-7C01A000 shell.dll16
7C020000-7C03B000 commdlg.dll16
77340000-773EF000 COMDLG32.dll
04110000-0419D000 COMCTL32.dll
7C040000-7C049000 ddeml.dll16
7C050000-7C059000 ver.dll16
7C060000-7C069000 toolhelp.dll16
74270000-743FF000 dbghelp.dll
76F80000-77000000 clbcatq.dll
50A10000-50A40000 netprofm.dll
60DE0000-60DE9000 npmproxy.dll
772A0000-772A7000 NSI.dll
73DE0000-73DF3000 dhcpcsvc6.DLL
6D300000-6D315000 dhcpcsvc.DLL
772C0000-7731E000 WS2_32.dll
73D40000-73DD1000 DNSAPI.dll
7C070000-7C07B000 winsock.dll16
73A20000-73AA4000 TextInputFramework.dll
73670000-736F9000 CoreMessaging.dll
73700000-7395E000 CoreUIComponents.dll
73590000-7366A000 wintypes.dll
12: vm86.dll!load_x87function+0x7141 - 0x7bb5bb40 0x7bb62c81 (null):0
11: ntdll.dll!LdrSetDllManifestProber+0xf6 - 0x77aab9d0 0x77aabac6 (null):0
10: ntdll.dll!RtlUnwind+0x1cb - 0x77aa7de0 0x77aa7fab (null):0
9: ntdll.dll!KiUserExceptionDispatcher+0x26 - 0x77ab4110 0x77ab4136 (null):0

8: vm86.dll!disassemble_debug+0x48e - 0x7bb63610 0x7bb63a9e (null):0
7: vm86.dll!disassemble_debug+0xd74 - 0x7bb63610 0x7bb64384 (null):0
6: vm86.dll!wine_call_to_16_regs_vm86+0x53 - 0x7bb63300 0x7bb63353 (null):0
5: krnl386.exe16!K32WOWCallback16Ex+0x454 - 0x7bc2d450 0x7bc2d8a4 (null):0
4: krnl386.exe16!LoadModule16+0x7a4 - 0x7bc13a00 0x7bc141a4 (null):0
3: krnl386.exe16!RestoreThunkLock+0xe7b - 0x7bc1f6d0 0x7bc2054b (null):0
2: KERNEL32.DLL!BaseThreadInitThunk+0x19 - 0x75e96340 0x75e96359 (null):0
1: ntdll.dll!RtlGetAppContainerNamedObjectPath+0xe4 - 0x77aa79b0 0x77aa7a94 (null):0
0: ntdll.dll!RtlGetAppContainerNamedObjectPath+0xb4 - 0x77aa79b0 0x77aa7a64 (null):0
cs:ip=1237:4a39 bp=dfee                 args(1237,0008,e006,4dfc,1347,0008,4d40,4f48,195f,0008)
cs:ip=1237:1e13 bp=dff7(call 1237:38e7) args(0008,4d40,4f48,195f,0008,e02a,4fbe,1347,4d40,195f)
cs:ip=1347:4dfc bp=e007(call 1237:1e08) args(4d40,195f,4d18,195f,000b,4d18,0000,0000,1237,0000)
cs:ip=1347:4fbe bp=e02b(call 1347:4dae) args(3754,195f,4d18,195f,e04c,13f7,e044,13f7,000b,3312)
cs:ip=1347:5140 bp=e081(call 1347:4f1e) args(3754,195f,5db6,4f04,3f02,3f3f,3f3f,3f3f,3f3f,3f3f)
cs:ip=1347:5562 bp=e0cb(call 1347:50ce) args(3312,195f,3312,195f,0051,0051,eb92,3d22,1347,802e)
cs:ip=1347:55c2 bp=e0dd(call 1347:5464) args(802e,139f,adce,120f,0000,0000,0000,0000,0000,0000)
cs:ip=1347:3d22 bp=eb93(call 1347:559e) args(5db6,13f7,00e9,022d,0000,13e7,13f7,7658,1237,ebbc)
cs:ip=121f:48f9 bp=ebab                 args(0001,0081,11f7,0000,13f6,13f7,0001,3532,1237,0002)
cs:ip=1237:86a7 bp=ebbd(call 121f:48a0) args(0002,ebcc,13f7,002c,16e7,0048,1717,ebd8,13f7,0000)
cs:ip=1237:3532 bp=0001(call 1237:8684) args(ec10,0000,6f74,cdd4,ebde,0000,0001,0000,0000,0000)
cs:ip=1237:0000 bp=0000                 args(0005,ec10,0000,6f74,cdd4,ebde,0000,0001,0000,0000)

address=77123442
access address=7BB6BBFC
VM context
EAX:6549,ECX:16EF0008,EDX:195F0000,EBX:0000
ESP:DFDE,EBP:DFEE,ESI:4FFC,EDI:5004
ES:195F,CS:1237,SS:13F7,DS:195F,FS:0000,GS:0000
IP:4A39, address:7BB7AC2D
EFLAGS:00003202

Interrupt 0D #GP (1237:4A37) flags 3202 err 0000
mov     [di],ax

Environment (please complete the following information):

• OS: Windows 10
• Version 18362

[cracyc]

Works for me. Try the latest build from https://ci.appveyor.com/project/otya128/winevdm/builds/43431835/job/3jxor4jpuf50wub0/artifacts and if that doesn't work make a trace.

[VFDan]

Could you send your build of Netscape? I'm getting the exact same error.

[cracyc]

http://ftp.vim.org/netscape/communicator/english/4.08/windows/windows3.1/navigator_standalone/n16d408.exe

[VFDan]

Never mind, it doesn't work, I'll make a trace now.

[VFDan]

Here's the trace
trace.txt

[cracyc]

The crash isn't in the trace.
Looks like you ended it in the middle of a RegEnumKey loop.

2060:Call SHELL.7: REGENUMKEY(00000001,00000e37,147f:dfc6,00000105) ret=140f:50af ds=147f
2060:Ret  SHELL.7: REGENUMKEY() retval=00000000 ret=140f:50af ds=147f
2060:Call SHELL.7: REGENUMKEY(00000001,00000e38,147f:dfc6,00000105) ret=140f:50af ds=147f
2060:Ret  SHELL.7: REGENUMKEY() retval=00000000 ret=140f:50af ds=147f
2060:Call SHELL.7: REGENUMKEY(00000001,00000e39,147f:dfc6,00000105) ret=140f:50af ds=147f
2060:Ret  SHELL.7: REGENUMKEY() retval=00000000 ret=140f:50af ds=147f
2060:Call SHELL.7: REGENUMKEY(00000001,00000e3a,147f:dfc6,00000105) ret=140f:50af ds=147f
2060:Ret  SHELL.7: REGEN^C

On my computer it gets too 0x150c before ending so you'll probably just have to wait longer.

4f60:Call SHELL.7: REGENUMKEY(00000001,0000150a,1507:e5bc,00000105) ret=148f:0535 ds=1507
4f60:Ret  SHELL.7: REGENUMKEY() retval=00000000 ret=148f:0535 ds=1507
4f60:Call SHELL.7: REGENUMKEY(00000001,0000150b,1507:e5bc,00000105) ret=148f:0535 ds=1507
4f60:Ret  SHELL.7: REGENUMKEY() retval=00000000 ret=148f:0535 ds=1507
4f60:Call SHELL.7: REGENUMKEY(00000001,0000150c,1507:e5bc,00000105) ret=148f:0535 ds=1507
4f60:Ret  SHELL.7: REGENUMKEY() retval=00000103 ret=148f:0535 ds=1507
4f60:Call KERNEL.15: GLOBALALLOC(0002,00010000) ret=121f:3c88 ds=1507
     AX=0000 BX=0000 CX=0000 DX=0000 SI=0000 DI=aee0 ES=14f7 EFL=00003256
4f60:Ret  KERNEL.15: GLOBALALLOC() retval=none ret=121f:3c88 ds=1507
     AX=1ab6 BX=1ab6 CX=1ab6 DX=0000 SI=0000 DI=aee0 ES=0000 EFL=00003256
4f60:Call KERNEL.18: GLOBALLOCK(1ab6) ret=121f:3c96 ds=1507
4f60:Ret  KERNEL.18: GLOBALLOCK() retval=1ab70000 ret=121f:3c96 ds=1507
4f60:Call KERNEL.58: GETPROFILESTRING(1477124e "Extensions",00000000 (null),12df041e "",1ab7:0048,4000) ret=148f:05bc ds=1507
4f60:Ret  KERNEL.58: GETPROFILESTRING() retval=000001b8 ret=148f:05bc ds=1507

[VFDan]

For whatever reason, when I tried it earlier it just hung. This is the regular result I've been getting.

https://drive.google.com/file/d/1xPTVc8IsRGQ8er4wY3xAwAgwQQmpnVSq/view?usp=sharing

[cracyc]

It looks like the c runtime heap is getting corrupted as it crashes in fmalloc. It happens after the hkey_classes_root registry key is enumerated and a lot of memory allocation occurs. Snide I can't repo it I can't tell whether it's a bug in winevdm or if Netscape, which was written when the registry would have been much smaller, bugs out with so many entries.

[cracyc]

I was looking at this again and noticed you have this different plugin which is accessed close to the problem.

2c08:Call VER.6: GETFILEVERSIONINFOSIZE(19b73520 "C:\\FPN408~1\\PROGRAM\\plugins\\NPBLZ16.DLL",147f:e01e) ret=13cf:4f3d ds=147f
0410:2c08:trace:ver:GetFileVersionInfoSize16 ("C:\\FPN408~1\\PROGRAM\\plugins\\NPBLZ16.DLL", 0613A8D6)
0410:2c08:trace:ver:GetFileResourceSize16 ("C:\\FPN408~1\\PROGRAM\\plugins\\NPBLZ16.DLL",type=00000010,id=00000001,off=00000001)
2c08:Ret  VER.6: GETFILEVERSIONINFOSIZE() retval=000004ac ret=13cf:4f3d ds=147f
2c08:Call VER.7: GETFILEVERSIONINFO(19b73520 "C:\\FPN408~1\\PROGRAM\\plugins\\NPBLZ16.DLL",00028f64,000004ac,19b7:42c8) ret=13cf:4f78 ds=147f
0410:2c08:trace:ver:GetFileVersionInfo16 ("C:\\FPN408~1\\PROGRAM\\plugins\\NPBLZ16.DLL", 00028f64, 1196, 063932D8)
0410:2c08:trace:ver:GetFileResource16 ("C:\\FPN408~1\\PROGRAM\\plugins\\NPBLZ16.DLL",type=00000010,id=00000001,off=0,len=1196,data=063932D8)
2c08:Ret  VER.7: GETFILEVERSIONINFO() retval=000004ac ret=13cf:4f78 ds=147f

Does removing it prevent the crash?

[VFDan]

Yes but the entire reason I'm running it is for that plugin, which is made for 16-bit (I think) and doesn't work properly on 32-bit Netscape

[cracyc]

I found a copy at http://ftp.sunet.se/mirror/archive/ftp.sunet.se/pub/pc/windows/winsock-indstate/WWW-Browsers/Plug-In/ and it doesn't crash but is a different version than yours. Do you have a link to it?

[VFDan]

You're right, it doesn't crash with that version, but it exhibits the same behaviour that I've seen in Basilisk, but this isn't an otvdm issue, rather a plugin issue. Thanks for the help!

[cracyc]

I suppose you are working on https://bluemaxima.org/flashpoint/datahub/Technologies_to_Add#EMBLAZE . If you are getting a crash when using the wayback file, if you save it then remove the archive.org javascript from the top then it won't crash. If you are getting the mci errors, place the BLZ_WAV dir with the wave files in the plugins dir then add

[main]
Install Directory=<netscape install dir>

into your netscape.ini file.

BTW, I am still interested in the other crash so if you have a link to the crashing plugin...

[VFDan]

Haha, yes I am working on that, and thanks for your help. That fix does mostly work, however it does sometimes error when I close the window. It also puts this (ignore the Log Watcher).


It doesn't seem to cause any issues so if there was a way to just make it silent that would probably be fine.
Depending where I stop it I also get this sometimes:

I think I may have been using a 32 bit one for the one that was crashing, the file name ended in 32 but when I looked in the metadata it said "Original filename NPBLZ16.DLL" so ¯\_(ツ)_/¯

[VFDan]

Okay using otvdmw I was able to fix all but this one (which is actually when it opens); does it need registry?

[cracyc]

Okay using otvdmw I was able to fix all but this one (which is actually when it opens); does it need registry?

I can get the message to appear by going to http://web.archive.org/web/19961105063140oe_/http://www.geo.inter.net/ebz/dmo/embeded/dmoblz08.blz with otvdm.exe. It is harmless but are you saying that when you run it otvdmw.exe a console window appears and shows that message because that doesn't happen for me.

I think I may have been using a 32 bit one for the one that was crashing, the file name ended in 32 but when I looked in the metadata it said "Original filename NPBLZ16.DLL" so ¯_(ツ)_/¯

Yes, using the 32bit version would definitely cause heap corruption when verqueryvaluea is called due to the unicode to ascii conversion.

[VFDan]

Well when I start it in cmd it says that in the console, it doesn't make a new window for it. Is there a way to silence it? If not, it should be fine as it's only 2 lines.

[cracyc]

If you can set an environment variable the "WINEDEBUG=-all" should work.

[VFDan]

Thanks, also this is really just a peeve of mine (not really an inconvenience) but is there a way to remove the "version: 2300"?

Edit: I got it by adding 2>nul.

[VFDan]

Although depending on when I stop it, this sometimes happens.

Again, this isn't really an issue that's terribly major.

[cracyc]

Is there a procedure to reproduce that? A trace would be helpful too.
Edit: never mind, i got it to happen
Edit2: I've been able to get it to crash in xp/ntvdm by stopping and reloading it so although I can't be certain, it's likely a bug in the plugin.

[VFDan]

Ah, alright, I'll just make a note about this then. The plugin seems very haphazardly made anyway, considering the other issues.

Thanks for all your help!