[Bug 4666] Many games bundled with HackShield anti-cheat system abort on startup with Hackshield error 108 (copy of system dlls, native vs. Wine placeholder)
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Dec 18 11:29:18 CST 2012
http://bugs.winehq.org/show_bug.cgi?id=4666
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|HackShield anti-cheat |Many games bundled with
|system doesn't work |HackShield anti-cheat
|(Themida software |system abort on startup
|protection used as wrapper |with Hackshield error 108
|incompatible with Wine) |(copy of system dlls,
| |native vs. Wine
| |placeholder)
--- Comment #52 from Anastasius Focht <focht at gmx.net> 2012-12-18 11:29:18 CST ---
Hello Florian,
--- quote ---
Hm, I tried to get wine to compile this, but it seems to break things.
Maybe worth to know where to add this, better to have a patch altering this for
current wine (1.5.19)
--- quote ---
This was most likely fixed on their side in newer versions of client.
If you don't get "error 110" then the PIC prolog code is no longer a problem.
A rough check for Themida software protection version is to run app with
"WINEDEBUG=+debugstr".
The output will contain a copyright string like this:
--- snip ---
0046:warn:debugstr:OutputDebugStringA
"\r\n\n\n%s------------------------------------------------\n\r---
Themida Professional ---\n\r--- (c)2012 Oreans Technologies
---\n\r------------------------------------------------\r\n\n\n"
--- snip ---
A detailed version check (major/minor) can only be made by signature analysis
or debugging.
Anyway, that "error 108" is about system DLL copies (kernel32.dll and friends)
in temp folder (native vs. builtin/placeholder).
The copy in temp folder has "SLLX" magic at the end of file (last DWORD ->
0x53,0x4C,0x4C,0x58).
Adjusting summary accordingly.
Internal error:
--- snip ---
00300B94 00884868 ; |Format = "%s GameCode = %d Li = %s, option = 0x%X return
=%d"
00300B98 00300BC0 ; ASCII "C:\Program
Files\Gameforge4D\AirRivals\HShield\EhSvc.dll"
00300B9C 00001268
00300BA0 008848A0 ; ASCII "2025A0437939566CC1DCF4B1"
00300BA4 06483DBE
00300BA8 00000108
--- snip ---
(game code differs between games)
Log before being obfuscated and written to "hshield.log":
--- snip ---
{FC684AE4-F5B0-48B7-889E-F43FCDBF13E8} 7b810000 0 126
[C:\users\focht\Temp\d114c46949c6.tmp]
C:\users\focht\Temp\d114c46949c6.tmp
C:\windows\system32\KERNEL32.dll
...
{EE0E19A5-99002FE730 92-4B80-BA7D-FD1647ACD846} e1012004
C:\windows\system32\Kernel32.dll 1
--- snip ---
I've not looked that deep into HackShield but it might be possible to come up
with a Wine builtin "Ehsvc.dll" that avoids all the mess (similar to
PunkBuster).
"Ehsvc.dll" serves as interface between HackShield and the secured process.
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list