[Bug 19296] "Uru: Ages beyond myst" fails to install (check for ATL thunk triggers unexpected guard page fault in Shinker 3.5 protected installer executable)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Oct 23 17:49:31 CDT 2013
http://bugs.winehq.org/show_bug.cgi?id=19296
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords|Abandoned? |obfuscation
CC| |focht at gmx.net
Component|-unknown |ntdll
Summary|"Uru: Ages beyond myst" |"Uru: Ages beyond myst"
|fails to install |fails to install (check for
| |ATL thunk triggers
| |unexpected guard page fault
| |in Shinker 3.5 protected
| |installer executable)
--- Comment #12 from Anastasius Focht <focht at gmx.net> 2013-10-23 17:49:31 CDT ---
Hello folks,
I had the right feeling about this one ... bought the game for a few bugs and
it was delivered today :)
The installer is protected by Shinker 3.5 (+relay triggers error dialog ->
version hint).
It's basically the same issue as bug 34479 "Advantage Cooking: crashes on start
(check for ATL thunk triggers unexpected guard page fault)".
Shrinker also employs a scheme with guard pages on PE sections.
Wine triggers a guard page fault with its ATL thunk check which the protection
mishandles.
First, well known hooking of LdrAccessResource and call_exception_handler:
--- snip ---
0009:trace:module:LdrGetDllHandle L"USER32" -> 0x7eb50000 (load path
L"E:\\Installer;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem")
0009:trace:module:LdrGetDllHandle L"NTDLL" -> 0x7bc10000 (load path
L"E:\\Installer;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem")
0009: write_process_memory( handle=ffffffff, addr=7bc6fdb1,
data={e8,d2,05,6c,84} )
0009: *signal* signal=19
0009: write_process_memory() = 0
0009: write_process_memory( handle=ffffffff, addr=7bc857a4,
data={e9,eb,a8,6a,84,64,8b,25} )
0009: *signal* signal=19
0009: write_process_memory() = 0
--- snip ---
Setting up guard pages:
--- snip ---
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x401000 00040000 00000001
0009:trace:virtual:VIRTUAL_SetProt 0x401000-0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView 0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView 0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView 0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView 0x44b000 - 0x44dfff c-r--
...
--- snip ---
Wine ATL thunk check triggers unexpected guard page fault, prematurely
resetting protection:
--- snip ---
...
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc83556
ip=7bc83556 tid=0009
0009:trace:seh:raise_exception info[0]=00000000
0009:trace:seh:raise_exception info[1]=00419b5d
0009:trace:seh:raise_exception eax=00419b5d ebx=7bccf000 ecx=f2e3aa60
edx=0032f968 esi=0032fa9c edi=00000000
0009:trace:seh:raise_exception ebp=0032fa38 esp=0032f940 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0009:trace:seh:call_vectored_handlers calling handler at 0x7ece90b7
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x7ece90b7 returned 0
0009:trace:seh:call_stack_handlers calling handler at 0x7bc9d8db code=c0000005
flags=0
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x419000 00008000 00000004
0009:trace:virtual:VIRTUAL_SetProt 0x419000-0x420fff c-rW-
0009:trace:virtual:VIRTUAL_SetProt forcing exec permission on 0x419000-0x420fff
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x418fff c----
0009:trace:virtual:VIRTUAL_DumpView 0x419000 - 0x420fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView 0x421000 - 0x422fff c----
0009:trace:virtual:VIRTUAL_DumpView 0x423000 - 0x423fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView 0x424000 - 0x424fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x425000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView 0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView 0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView 0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView 0x44b000 - 0x44dfff c-r--
...
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x419000 00008000 00000020
0009:trace:virtual:VIRTUAL_SetProt 0x419000-0x420fff c-r-x
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x418fff c----
0009:trace:virtual:VIRTUAL_DumpView 0x419000 - 0x420fff c-r-x
0009:trace:virtual:VIRTUAL_DumpView 0x421000 - 0x422fff c----
0009:trace:virtual:VIRTUAL_DumpView 0x423000 - 0x423fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView 0x424000 - 0x424fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x425000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView 0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView 0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView 0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView 0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView 0x44b000 - 0x44dfff c-r--
0009:trace:seh:call_stack_handlers handler at 0x7bc9d8db returned 0
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x419b5d ip=00419b5d
tid=0009
0009:trace:seh:raise_exception info[0]=00000000
0009:trace:seh:raise_exception info[1]=00419b5d
0009:trace:seh:raise_exception eax=00419b5d ebx=7b8ba000 ecx=0002c000
edx=0013c798 esi=00000001 edi=00000000
0009:trace:seh:raise_exception ebp=0032fe04 esp=0032fdc8 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0009:trace:seh:call_vectored_handlers calling handler at 0x7ece90b7
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x7ece90b7 returned 0
0009:trace:seh:call_stack_handlers calling handler at 0x449b4c code=c0000005
flags=0
0009:trace:seh:call_stack_handlers handler at 0x449b4c returned 1
0009:trace:seh:call_stack_handlers calling handler at 0x7bc9d86b code=c0000005
flags=0
...
0009:trace:seh:start_debugger Starting debugger "winedbg --auto 8 72"
--- snip ---
Unfortunately the ATL thunk check is needed later for GUI/window creation.
$ wine --version
wine-1.7.4-399-g83775f0
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list