[Bug 23451] VMWare Thinapps (packaged with version >4.5) don't run, also affects XenoCode wrapped apps
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Aug 23 11:06:08 CDT 2010
http://bugs.winehq.org/show_bug.cgi?id=23451
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|-unknown |ntdll
Summary|VMWare Thinapps (packaged |VMWare Thinapps (packaged
|with version >4.5) don't |with version >4.5) don't
|run |run, also affects XenoCode
| |wrapped apps
--- Comment #5 from Anastasius Focht <focht at gmx.net> 2010-08-23 11:06:07 ---
Hello,
adding some info...
Not only VMWare Thinapps but also various Xenocode wrapped apps need a proper
native process creation sequence (they both have this in common).
Another "target" which suffers from this, wrapped by Xenocode:
http://bypass.cdn.skybound.ca/stylizer/Stylizer5Setup.exe
--- snip ---
$ sha1sum Stylizer5Setup.exe
bd7039b5a67f9846ffdd1795be044f5bf65607a6 Stylizer5Setup.exe
--- snip ---
--- snip ---
Scanning -> c:\Program Files\Skybound Stylizer 5\Stylizer.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 13330168 (0CB66F8h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 0CB5800h, size : 0EF8h / 03832
byte(s)
-> File has 13191168 (0C94800h) bytes of appended data starting at offset
021000h
[File Heuristics] -> Flag : 00000000000001001000000000000100 (0x00048004)
[!] XenoCode Virtual Application Studio 2010 detected !
--- snip ---
I dumped all Xenocode hooks into Wine's ntdll, quite impressive number (though
NtCreateProcess is the culprit here):
--- snip ---
7BC1F2B8 __wine_stub_NtCreateProcess E9 E0087784 JMP 0038FB9D
7BC1F310 __wine_stub_NtCreateThread E9 2F077784 JMP 0038FA44
7BC1F394 __wine_stub_NtExtendSection E9 74AB7784 JMP 00399F0D
7BC1F5FC __wine_stub_NtQueryOpenSubKeys E9 CFF37684 JMP 0038E9D0
7BC1F998 __wine_stub_NtUnloadKeyEx E9 38EB7684 JMP 0038E4D5
7BC35610 NtNotifyChangeDirectoryFile E9 E2D77584 JMP 00392DF7
7BC3B090 NtQueryDirectoryFile E9 8D7C7584 JMP 00392D22
7BC3DC50 NtSetEaFile E9 EB4D7584 JMP 00392A40
7BC3DCC0 NtQueryEaFile E9 EB4F7584 JMP 00392CB0
7BC3DD60 NtSetVolumeInformationFile E9 0F4C7584 JMP 00392974
7BC3DDE0 NtCreateMailslotFile E9 7E537584 JMP 00393163
7BC3DF70 NtUnlockFile E9 99497584 JMP 0039290E
7BC3E1A0 NtCancelIoFile E9 C4507584 JMP 00393269
7BC3E370 NtCreateNamedPipeFile E9 6D4D7584 JMP 003930E2
7BC3E5F0 NtLockFile E9 74487584 JMP 00392E69
7BC3E8E0 NtFlushBuffersFile E9 6E467584 JMP 00392F53
7BC3F330 NtQueryVolumeInformationFile E9 52387584 JMP 00392B87
7BC3F9C0 NtSetInformationFile E9 15307584 JMP 003929DA
7BC400B0 NtFsControlFile E9 292E7584 JMP 00392EDE
7BC40570 NtDeviceIoControlFile E9 3B2A7584 JMP 00392FB0
7BC40840 NtWriteFileGather E9 E51F7584 JMP 0039282A
7BC40FF0 NtWriteFile E9 A7187584 JMP 0039289C
7BC41720 NtReadFileScatter E9 7E137584 JMP 00392AA3
7BC41C50 NtReadFile E9 C00E7584 JMP 00392B15
7BC42A10 NtCreateFile E9 BD077584 JMP 003931D2
7BC42A70 NtDeleteFile E9 B0057584 JMP 00393025
7BC42B40 NtOpenFile E9 81077584 JMP 003932C6
7BC43000 NtQueryAttributesFile E9 95FD7484 JMP 00392D9A
7BC43150 NtQueryFullAttributesFile E9 FEFA7484 JMP 00392C53
7BC43320 NtQueryInformationFile E9 C8F87484 JMP 00392BED
7BC4A9B0 LdrGetDllHandle E9 39537484 JMP 0038FCEE
7BC4C0E0 LdrShutdownThread E9 DA477484 JMP 003908BF
7BC50F00 NtCreatePagingFile E9 7A217484 JMP 0039307F
7BC512D0 NtQuerySection E9 E98A7484 JMP 00399DBE
7BC53F80 NtMakeTemporaryObject E9 A9DB7384 JMP 00391B2E
7BC54170 NtSetInformationObject E9 F0D87384 JMP 00391A65
7BC549B0 NtClose E9 3FD27384 JMP 00391BF4
7BC54A30 NtDuplicateObject E9 53D17384 JMP 00391B88
7BC54B40 NtQuerySecurityObject E9 EDCC7384 JMP 00391832
7BC54E20 NtQueryObject E9 A3CC7384 JMP 00391AC8
7BC5B290 NtOpenProcess E9 77497384 JMP 0038FC0C
7BC5B3E0 NtSetInformationProcess E9 FC457384 JMP 0038F9E1
7BC5C080 NtTerminateProcess E9 CE447384 JMP 00390553
7BC5C100 NtSetInformationKey E9 62257384 JMP 0038E667
7BC5C170 NtRestoreKey E9 72267384 JMP 0038E7E7
7BC5C1E0 NtQueryMultipleValueKey E9 48287384 JMP 0038EA2D
7BC5CB00 NtUnloadKey E9 8A1A7384 JMP 0038E58F
7BC5CBA0 NtSaveKey E9 E51B7384 JMP 0038E78A
7BC5CC40 NtFlushKey E9 E4217384 JMP 0038EE29
7BC5CCE0 NtEnumerateValueKey E9 9E217384 JMP 0038EE83
7BC5D210 NtQueryKey E9 81187384 JMP 0038EA96
7BC5D250 NtEnumerateKey E9 971C7384 JMP 0038EEEC
7BC5D3D0 NtDeleteKey E9 DD1B7384 JMP 0038EFB2
7BC5D4A0 NtSetValueKey E9 44117384 JMP 0038E5E9
7BC5D630 NtQueryValueKey E9 CF127384 JMP 0038E904
7BC5DAD0 NtDeleteValueKey E9 80147384 JMP 0038EF55
7BC5DBC0 NtOpenKey E9 9A0F7384 JMP 0038EB5F
7BC5E850 NtCreateKey E9 CC077384 JMP 0038F021
7BC5EBF0 NtReplaceKey E9 52FC7284 JMP 0038E847
7BC5EC70 NtNotifyChangeKey E9 C5FF7284 JMP 0038EC3A
7BC5EF10 NtLoadKey E9 B7FE7284 JMP 0038EDCC
7BC69390 NtSetSecurityObject E9 3D847284 JMP 003917D2
7BC75680 NtSignalAndWaitForSingleObject E9 52C37184 JMP 003919D7
7BC756E0 NtWaitForMultipleObjects E9 1FC27184 JMP 00391904
7BC75760 NtWaitForSingleObject E9 33C17184 JMP 00391898
7BC7E780 NtAreMappedFilesTheSame E9 16B57184 JMP 00399C9B
7BC7EAB0 NtOpenSection E9 6FB37184 JMP 00399E24
7BC800C0 NtQueryVirtualMemory E9 339C7184 JMP 00399CF8
7BC80930 NtCreateSection E9 35967184 JMP 00399F6A
7BC81430 NtUnmapViewOfSection E9 2C897184 JMP 00399D61
7BC83C20 NtMapViewOfSection E9 5F627184 JMP 00399E84
--- snip ---
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list