[Bug 19296] "Uru: Ages beyond myst" fails to install (check for ATL thunk triggers unexpected guard page fault in Shinker 3.5 protected installer executable)

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Oct 23 17:49:31 CDT 2013 

http://bugs.winehq.org/show_bug.cgi?id=19296

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|Abandoned?                  |obfuscation
                 CC|                            |focht at gmx.net
          Component|-unknown                    |ntdll
            Summary|"Uru: Ages beyond myst"     |"Uru: Ages beyond myst"
                   |fails to install            |fails to install (check for
                   |                            |ATL thunk triggers
                   |                            |unexpected guard page fault
                   |                            |in Shinker 3.5 protected
                   |                            |installer executable)

--- Comment #12 from Anastasius Focht <focht at gmx.net> 2013-10-23 17:49:31 CDT ---
Hello folks,

I had the right feeling about this one ... bought the game for a few bugs and
it was delivered today :)

The installer is protected by Shinker 3.5 (+relay triggers error dialog ->
version hint).

It's basically the same issue as bug 34479 "Advantage Cooking: crashes on start
(check for ATL thunk triggers unexpected guard page fault)".

Shrinker also employs a scheme with guard pages on PE sections.
Wine triggers a guard page fault with its ATL thunk check which the protection
mishandles.

First, well known hooking of LdrAccessResource and call_exception_handler:

--- snip ---
0009:trace:module:LdrGetDllHandle L"USER32" -> 0x7eb50000 (load path
L"E:\\Installer;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem")
0009:trace:module:LdrGetDllHandle L"NTDLL" -> 0x7bc10000 (load path
L"E:\\Installer;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem")
0009: write_process_memory( handle=ffffffff, addr=7bc6fdb1,
data={e8,d2,05,6c,84} )
0009: *signal* signal=19
0009: write_process_memory() = 0
0009: write_process_memory( handle=ffffffff, addr=7bc857a4,
data={e9,eb,a8,6a,84,64,8b,25} )
0009: *signal* signal=19
0009: write_process_memory() = 0
--- snip ---

Setting up guard pages:

--- snip ---
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x401000 00040000 00000001
0009:trace:virtual:VIRTUAL_SetProt 0x401000-0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView       0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x401000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView       0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView       0x44b000 - 0x44dfff c-r--
...
--- snip ---

Wine ATL thunk check triggers unexpected guard page fault, prematurely
resetting protection:

--- snip ---
...
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc83556
ip=7bc83556 tid=0009
0009:trace:seh:raise_exception  info[0]=00000000
0009:trace:seh:raise_exception  info[1]=00419b5d
0009:trace:seh:raise_exception  eax=00419b5d ebx=7bccf000 ecx=f2e3aa60
edx=0032f968 esi=0032fa9c edi=00000000
0009:trace:seh:raise_exception  ebp=0032fa38 esp=0032f940 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0009:trace:seh:call_vectored_handlers calling handler at 0x7ece90b7
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x7ece90b7 returned 0
0009:trace:seh:call_stack_handlers calling handler at 0x7bc9d8db code=c0000005
flags=0
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x419000 00008000 00000004
0009:trace:virtual:VIRTUAL_SetProt 0x419000-0x420fff c-rW-
0009:trace:virtual:VIRTUAL_SetProt forcing exec permission on 0x419000-0x420fff
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView       0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x401000 - 0x418fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x419000 - 0x420fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x421000 - 0x422fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x423000 - 0x423fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x424000 - 0x424fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x425000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView       0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView       0x44b000 - 0x44dfff c-r--
...
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x419000 00008000 00000020
0009:trace:virtual:VIRTUAL_SetProt 0x419000-0x420fff c-r-x
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView       0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x401000 - 0x418fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x419000 - 0x420fff c-r-x
0009:trace:virtual:VIRTUAL_DumpView       0x421000 - 0x422fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x423000 - 0x423fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x424000 - 0x424fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x425000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView       0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView       0x44b000 - 0x44dfff c-r--
0009:trace:seh:call_stack_handlers handler at 0x7bc9d8db returned 0
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x419b5d ip=00419b5d
tid=0009
0009:trace:seh:raise_exception  info[0]=00000000
0009:trace:seh:raise_exception  info[1]=00419b5d
0009:trace:seh:raise_exception  eax=00419b5d ebx=7b8ba000 ecx=0002c000
edx=0013c798 esi=00000001 edi=00000000
0009:trace:seh:raise_exception  ebp=0032fe04 esp=0032fdc8 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0009:trace:seh:call_vectored_handlers calling handler at 0x7ece90b7
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x7ece90b7 returned 0
0009:trace:seh:call_stack_handlers calling handler at 0x449b4c code=c0000005
flags=0
0009:trace:seh:call_stack_handlers handler at 0x449b4c returned 1
0009:trace:seh:call_stack_handlers calling handler at 0x7bc9d86b code=c0000005
flags=0 
...
0009:trace:seh:start_debugger Starting debugger "winedbg --auto 8 72" 
--- snip ---

Unfortunately the ATL thunk check is needed later for GUI/window creation.

$ wine --version
wine-1.7.4-399-g83775f0

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list