[Bug 4666] HackShield anti-cheat system doesn't work (Themida software protection used as wrapper incompatible with Wine)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Aug 21 04:58:13 CDT 2011


http://bugs.winehq.org/show_bug.cgi?id=4666

jhgf <bernhardloos at googlemail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bernhardloos at googlemail.com

--- Comment #40 from jhgf <bernhardloos at googlemail.com> 2011-08-21 04:58:10 CDT ---
I tried it with the latest version of AirRivals.
It's a pain.

The first problem is the API emulation function. (HackShield error 101)
HackShield copies part of certain API functions to a private buffer and
obfuscates them (interleaving garbage instructions and jmps, shuffeling around
registers and so on). This falls over with PIC code.
__i686.get_pc_thunk.bx sets $ebx to the module offset, but usually $ebx is
preserved for stdcall functions, so HackShield gets confused and clobbers it.
This happens at least for RtlAllocateHeap, GetCommandLineA and RegOpenKey.
This also breaks relay badly.
Compiling adavapi32, kernel32 and ntdll as non-pic code fixes this.
Add something like this to Makefile.in:
+EXTRADLLFLAGS = -fno-pic
+MODCFLAGS = -fno-pic

The next problem is even uglier:
HackShield copies ntdll.dll, kernel32.dll, user32.dll, ws2_32.dll and the
psapi.dll from the HShield directory to some Temp location, modifies them in
some way and tries to LoadLibrary them.
This fails badly on wine, because the files in system32 are only placeholder
dlls for the actual .so files. That's pretty hard to even hack around.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list