diff --git a/patches/ntdll-ForceBottomUpAlloc/0001-ntdll-Force-bottom-up-allocation-order-for-64-bit-ar.patch b/patches/ntdll-ForceBottomUpAlloc/0001-ntdll-Force-bottom-up-allocation-order-for-64-bit-ar.patch
new file mode 100644
index 00000000..8d42c7ae
--- /dev/null
+++ b/patches/ntdll-ForceBottomUpAlloc/0001-ntdll-Force-bottom-up-allocation-order-for-64-bit-ar.patch
@@ -0,0 +1,59 @@
+From 54b9382fdda1798216b23db8273c79aaf649f8ff Mon Sep 17 00:00:00 2001
+From: Paul Gofman <gofmanp@gmail.com>
+Date: Mon, 25 Nov 2019 12:19:20 +0300
+Subject: [PATCH] ntdll: Force bottom up allocation order for 64 bit arch
+ unless top down is requested.
+
+Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=48175
+Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=46568
+---
+ dlls/ntdll/virtual.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
+index 9666e2051e..23acca6378 100644
+--- a/dlls/ntdll/virtual.c
++++ b/dlls/ntdll/virtual.c
+@@ -1231,14 +1231,20 @@ static NTSTATUS map_view( struct file_view **view_ret, void *base, size_t size,
+     }
+     else
+     {
+-        size_t view_size = size + mask + 1;
+         struct alloc_area alloc;
++        size_t view_size;
+ 
+         alloc.size = size;
+         alloc.mask = mask;
+         alloc.top_down = top_down;
+         alloc.limit = (void*)(get_zero_bits_64_mask( zero_bits_64 ) & (UINT_PTR)user_space_limit);
+ 
++        if (is_win64 && !top_down)
++        {
++            /* Ditch 0x7ffffe000000 - 0x7fffffff0000 reserved area. */
++            alloc.limit = min(alloc.limit, (void *)0x7ffffe000000);
++        }
++
+         if (wine_mmap_enum_reserved_areas( alloc_reserved_area_callback, &alloc, top_down ))
+         {
+             ptr = alloc.result;
+@@ -1248,7 +1254,7 @@ static NTSTATUS map_view( struct file_view **view_ret, void *base, size_t size,
+             goto done;
+         }
+ 
+-        if (zero_bits_64)
++        if (is_win64 || zero_bits_64)
+         {
+             if (!(ptr = find_free_area(address_space_start, alloc.limit, size,
+                     mask, top_down, TRUE, VIRTUAL_GetUnixProt(vprot))))
+@@ -1257,6 +1263,8 @@ static NTSTATUS map_view( struct file_view **view_ret, void *base, size_t size,
+             goto done;
+         }
+ 
++        view_size = size + mask + 1;
++
+         for (;;)
+         {
+             if ((ptr = wine_anon_mmap(NULL, view_size, VIRTUAL_GetUnixProt(vprot), 0 )) == (void *)-1)
+-- 
+2.23.0
+
diff --git a/patches/ntdll-ForceBottomUpAlloc/definition b/patches/ntdll-ForceBottomUpAlloc/definition
new file mode 100644
index 00000000..e45b6893
--- /dev/null
+++ b/patches/ntdll-ForceBottomUpAlloc/definition
@@ -0,0 +1,4 @@
+Fixes: [48175] AION (64 bit) - crashes in crysystem.dll.CryFree() due to high memory pointers allocated
+Fixes: [46568] 64-bit msxml6.dll from Microsoft Core XML Services 6.0 redist package fails to load (Wine doesn't respect 44-bit user-mode VA limitation from Windows < 8.1)
+Depends: ntdll-BitmaskAllocAreaSearch
+
diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh
index 079b5555..ebb22d16 100755
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -190,6 +190,7 @@ patch_enable_all ()
 	enable_ntdll_FileFsFullSizeInformation="$1"
 	enable_ntdll_FileFsVolumeInformation="$1"
 	enable_ntdll_Fix_Alignment="$1"
+	enable_ntdll_ForceBottomUpAlloc="$1"
 	enable_ntdll_HashLinks="$1"
 	enable_ntdll_Heap_Improvements="$1"
 	enable_ntdll_Hide_Wine_Exports="$1"
@@ -694,6 +695,9 @@ patch_enable ()
 		ntdll-Fix_Alignment)
 			enable_ntdll_Fix_Alignment="$2"
 			;;
+		ntdll-ForceBottomUpAlloc)
+			enable_ntdll_ForceBottomUpAlloc="$2"
+			;;
 		ntdll-HashLinks)
 			enable_ntdll_HashLinks="$2"
 			;;
@@ -1782,6 +1786,13 @@ if test "$enable_ntdll_HashLinks" -eq 1; then
 	enable_ntdll_LDR_MODULE=1
 fi
 
+if test "$enable_ntdll_ForceBottomUpAlloc" -eq 1; then
+	if test "$enable_ntdll_BitmaskAllocAreaSearch" -gt 1; then
+		abort "Patchset ntdll-BitmaskAllocAreaSearch disabled, but ntdll-ForceBottomUpAlloc depends on that."
+	fi
+	enable_ntdll_BitmaskAllocAreaSearch=1
+fi
+
 if test "$enable_ntdll_DOS_Attributes" -eq 1; then
 	if test "$enable_ntdll_Junction_Points" -gt 1; then
 		abort "Patchset ntdll-Junction_Points disabled, but ntdll-DOS_Attributes depends on that."
@@ -4689,6 +4700,26 @@ if test "$enable_ntdll_Fix_Alignment" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset ntdll-ForceBottomUpAlloc
+# |
+# | This patchset has the following (direct or indirect) dependencies:
+# |   *	ntdll-BitmaskAllocAreaSearch
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#48175] AION (64 bit) - crashes in crysystem.dll.CryFree() due to high memory pointers allocated
+# |   *	[#46568] 64-bit msxml6.dll from Microsoft Core XML Services 6.0 redist package fails to load (Wine doesn't respect
+# | 	44-bit user-mode VA limitation from Windows < 8.1)
+# |
+# | Modified files:
+# |   *	dlls/ntdll/virtual.c
+# |
+if test "$enable_ntdll_ForceBottomUpAlloc" -eq 1; then
+	patch_apply ntdll-ForceBottomUpAlloc/0001-ntdll-Force-bottom-up-allocation-order-for-64-bit-ar.patch
+	(
+		printf '%s\n' '+    { "Paul Gofman", "ntdll: Force bottom up allocation order for 64 bit arch unless top down is requested.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset ntdll-LDR_MODULE
 # |
 # | Modified files: