[Bug 9685] Punkbuster removes me from game for UNKNOWN WINDOWS API FUNCTION [131124]

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Oct 31 10:54:54 CDT 2007


--- Comment #89 from Anastasius Focht <focht at gmx.net>  2007-10-31 10:54:53 ---

--- quote ---
Can you give me an example of implementing thunking layer code, or a link to
learn more about the subject?
--- quote ---

If you're curious: you just have to write a wine (builtin) dll (winegcc) that
exports same PB interface and talks to the linux PB client (.so library) using
Of course you need some knowledge on PB api exports.
Anyway, forget that thunking approach. Seems recent PB updates broke even this
way on games that worked before (having binary compatible interfaces

I'm currently in the process of gathering some statistics to calculate the
effort of making API wrappers to please PB signature checks - but it's very
time consuming.
I already gathered an increasing list of API calls being checked, each
corresponding to a specific 1311xx number.
To please the signature scanner I faked the API entry opcodes from my Windows
XP SP2 binaries and this keeps it happy (that proved my theory).
Unfortunately I have no knowledge _how many_ different API calls are actually
verified (scattered between number of dlls).
If the number remains somewhat manageable (<25) it could be worth to mimic
windows API entries with __asm__ wrappers to keep that signature scanner happy
(just like I recently did for Shrinker PE compressor).

Currently I run the Battlefield series (BF1942, Vietnam, BF2) and Americas Army
as PunkBuster testbed without further problems.
Although random 1311xx kicks are still there - when APIs are checked I have no
signature for (I add them "on demand" = "on kick").
Though I could automate this process by having windows versions of the required
dlls in place and calculating the required export signatures on demand at run

In my opinion this stuff is just a big waste of time because even if I gather a
more or less complete list of checked entries, the patches probably won't make
it into official wine tree ... and EB could add expand that list every time to
disrupt this effort. 

Just bugger EB to drop/loosen 131xxx signature checks.
All other stuff just works fine - as long as EB doesn't add other braindamaged
methods, requiring windows interna mimicked.
Hell, they could easily implement non OS/patchlevel specific analyzer to verify
if an API entry has been hooked (using some heuristics) - so even wine could be
officially supported.


Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list