[Bug 29792] New: Gothic 2 (JoWood Productions) installer fails due to media validation tool failing (don't add FILE_ATTRIBUTE_ARCHIVE by default to file entries)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Feb 4 14:43:11 CST 2012
http://bugs.winehq.org/show_bug.cgi?id=29792
Bug #: 29792
Summary: Gothic 2 (JoWood Productions) installer fails due to
media validation tool failing (don't add
FILE_ATTRIBUTE_ARCHIVE by default to file entries)
Product: Wine
Version: 1.4-rc1
Platform: x86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntdll
AssignedTo: wine-bugs at winehq.org
ReportedBy: focht at gmx.net
Classification: Unclassified
Hello,
I first wanted to investigate bug 22515 hence i bought the game for a few bucks
and looked into it...
Well, it seems there exist different editions of the game and the problems
might not be connected at all.
Although this is related to copy protection it's not the SecuROM 4.x tests
failing here - that part of protection works fine.
I have the 3 CD set by JoWood Productions released on November 29, 2002.
Near the end of installation process there is a tool "g2setup.exe" launched
which verifies the authenticity of install media.
That process returns a specific exit code (0x777 -> 1911) which basically says:
"all checks passed".
Any different exit code will roll back the whole installation!
Current workaround: kill the installer from another terminal when this
verification process starts.
Everything has already been copied up to this point so just wait until the disc
spins up and execute 'wineserver -k'.
--- snip ---
0024:Starting process L"C:\\Program Files\\Jowood\\Gothic II\\g2setup.exe"
(entryproc=0x4c6929)
--- snip ---
--- snip ---
-=[ ProtectionID v0.6.4.0 JULY]=-
(c) 2003-2010 CDKiLLER & TippeX
Build 07/08/10-17:57:05
...
Scanning -> Z:\home\focht\.wine\drive_c\Program Files\Jowood\Gothic
II\g2setup.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 229376 (038000h)
Byte(s)
[File Heuristics] -> Flag : 00000000000000001100001100000001 (0x0000C301)
[!] Armadillo v2.xx - v3.xx detected !
[i] Splash Setting (0x0) -> NONE / Duration : 00 second(s)
[CompilerDetect] -> Visual C/C++
- Scan Took : 0.560 Second(s)
--- snip ---
Various anti-debugging/hacking trickery which of course can be bypassed ;-)
Additionally to physical media analysis of GOTHIC2_CD3 (part of SecuROM) there
are "custom" checks present.
Most of them are simple ones like comparing disc serial against hard coded
value.
The directory structure is read from disc and CRC32 checksums are calculated
for specific files.
--- snip ---
ATTRIBS SIZE CRC32 NAME
____________________________________________________________
A R 362,789,836 5f4cb098 Gothic2-Setup.W03
A R 123 JoWooD Homepage.url
A R 14,816 Readme.txt
A R 289 Register.url
A R 5,569 eula.txt
A R 766 gothic2.ico
(DIR) 168,146,318 ArxDemo
A R 31,744 1d31e5c6 ArxDemo\Setup.exe
A R 877 ArxDemo\Setup.ini
A R 1,304,064 ArxDemo\Setup.msi
A R 101,581,207 ArxDemo\Setup1.cab
A R 23,103,162 ArxDemo\Setup2.cab
A R 31,150,491 ArxDemo\Setup3.cab
A R 1,309,184 ArxDemo\Setup_Deutsch.msi
A R 1,708,856 34ec21c0 ArxDemo\instmsi.exe
A R 1,822,520 e5563f20 ArxDemo\instmsiw.exe
...
Scan time.............[ 551.80] Seconds (551801 ms)
Total files...........[ 35] Files
Total size............[ 558,468,227] Bytes
Dirlist Text CRC32....[ 0032ED44]
____________________________________________________________
...
--- snip ---
Forget the scan time, I was debugging at this place ;-)
What makes things complicated is that additionally to per-file CRC32 checksums
there is also a CRC32 for the whole in-memory folder listing content generated
(see snippet) -> "Dirlist Text CRC32" (in snippet the address is printed, not
the value itself).
That overall checksum didn't match the internal hard-coded one.
One problem is that Wine adds FILE_ATTRIBUTE_ARCHIVE by default to each file
info entry.
Source:
http://source.winehq.org/git/wine.git/blob/c7cb3e6cb21598281cf2b00b2ccd8323598b12ff:/dlls/ntdll/file.c#l1579
This is breaks the overall checksum (file entries get "A" added).
The file entries have to have only FILE_ATTRIBUTE_READONLY set -> "R" (reside
on CDROM).
If FILE_ATTRIBUTE_ARCHIVE is omitted (and a second bug is worked around) the
verification process exits with exit code 0x777 which allows the main installer
to successfully finish.
---
There is another problem, a bug in the verification tool that unfortunately
prevents a "full" fix for this installer.
One of the file CRC32 on CD3 gets miscalculated ...
It took me some hours to find out this brain damage after successfully pinning
down the first problem and wondering why the overall checksum still didn't
match.
--- snip ---
...
0024:Call KERNEL32.CreateFileA(0032d734
"D:\\arxdemo\\setup.exe",80000000,00000001,00000000,00000003,00000080,00000000)
ret=00d86dfe
0024:Ret KERNEL32.CreateFileA() retval=000000a0 ret=00d86dfe
0024:Call KERNEL32.GetFileSize(000000a0,00000000) ret=00d87385
0024:Ret KERNEL32.GetFileSize() retval=00007c00 ret=00d87385
0024:Call ntdll.RtlAllocateHeap(00fc0000,00000000,00010010) ret=00be379b
0024:Ret ntdll.RtlAllocateHeap() retval=00fc5238 ret=00be379b
0024:Call KERNEL32.ReadFile(000000a0,00fc5238,00010000,00bfd464,00000000)
ret=00d8725a
0024:Ret KERNEL32.ReadFile() retval=00000001 ret=00d8725a
0024:Call ntdll.RtlFreeHeap(00fc0000,00000000,00fc5238) ret=00be3cea
0024:Ret ntdll.RtlFreeHeap() retval=00000001 ret=00be3cea
0024:Call KERNEL32.CloseHandle(000000a0) ret=00d8743a
0024:Ret KERNEL32.CloseHandle() retval=00000001 ret=00d8743a
--- snip ---
"D:\\arxdemo\\setup.exe" is the culprit. The file size is 31744 bytes.
The tool allocates a fixed 65552 byte buffer to read file content in and
calculate checksum on (actually 65536 bytes are used for checksumming).
Prior to calculating file CRC32 for "D:\\arxdemo\\setup.exe", the 350 MiB
"D:\\gothic2-setup.w03" was checksummed in 0x10000 byte chunks.
It had the same heap chunk address 0x00fc5238 which was later reused for
"D:\\arxdemo\\setup.exe" checksum calculation.
--- snip ---
0024:Call KERNEL32.CreateFileA(0032dd20
"D:\\gothic2-setup.w03",80000000,00000001,00000000,00000003,00000080,00000000)
ret=00d86dfe
0024:Ret KERNEL32.CreateFileA() retval=0000009c ret=00d86dfe
0024:Call KERNEL32.GetFileSize(0000009c,00000000) ret=00d87385
0024:Ret KERNEL32.GetFileSize() retval=159fbbcc ret=00d87385
0024:Call ntdll.RtlAllocateHeap(00fc0000,00000000,00010010) ret=00be379b
0024:Ret ntdll.RtlAllocateHeap() retval=00fc5238 ret=00be379b
0024:Call KERNEL32.ReadFile(0000009c,00fc5238,00010000,00bfd464,00000000)
ret=00d8725a
0024:Ret KERNEL32.ReadFile() retval=00000001 ret=00d8725a
...
0024:Call KERNEL32.ReadFile(0000009c,00fc5238,00010000,00bfd464,00000000)
ret=00d8725a
0024:Ret KERNEL32.ReadFile() retval=00000001 ret=00d8725a
0024:Call KERNEL32.ReadFile(0000009c,00fc5238,00008480,00bfd464,00000000)
ret=00d8725a
0024:Ret KERNEL32.ReadFile() retval=00000001 ret=00d8725a
0024:Call KERNEL32.ReadFile(0000009c,00fc5238,00008480,00bfd464,00000000)
ret=00d8725a
0024:Ret KERNEL32.ReadFile() retval=00000001 ret=00d8725a
0024:Call ntdll.RtlFreeHeap(00fc0000,00000000,00fc5238) ret=00be3cea
0024:Ret ntdll.RtlFreeHeap() retval=00000001 ret=00be3cea
...
--- snip ---
Because the heap chunk was reused and the buffer was fully filled from previous
run, the read file operation for "D:\\arxdemo\\setup.exe" only initialized the
first 31744 bytes.
The checksum is done on 65536 bytes of buffer which includes garbage/leftover
already present.
Well, the developers didn't bother to pass HEAP_ZERO_MEMORY to
RtlAllocateHeap() or explicit memset(ptr, 0, nbytes).
The tool "works" in Windows most likely due to different heap manager
implementation/usage or maybe application shims.
They put some effort into anti-debugging/hacking/copying and rambled about
piracy in hidden messages (found while debugging) ... and yet managed to put in
such bugs.
You can hack/patch ntdll.dll RtlAllocateHeap() -> forcing flags |=
HEAP_ZERO_MEMORY to verify the installer really works after fixing the first
problem.
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list