[Bug 34470] New: NCsoft's Aion (MMORPG) fails to load "CrySystem.dll" (WinLicense software protection, avoid forwarding some msvcp80 API to msvcp90)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Sep 7 16:10:46 CDT 2013 

http://bugs.winehq.org/show_bug.cgi?id=34470

             Bug #: 34470
           Summary: NCsoft's Aion (MMORPG) fails to load "CrySystem.dll"
                    (WinLicense software protection, avoid forwarding some
                    msvcp80 API to msvcp90)
           Product: Wine
           Version: 1.7.1
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: msvcp
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net
    Classification: Unclassified


Hello folks,

continuation of bug 34455
We're still 'purist' here, no winetricks (VC++ runtimes).

There is a crash in initializer, run from "CrySystem.dll" entry point.

--- snip ---
...
0009:trace:msvcrt:_initterm Call init function 0x33b6410
0009:trace:ntdll:NtQueryInformationProcess
(0xffffffff,0x00000022,0x32df08,0x00000004,(nil))
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf34f5f7b
ip=f34f5f7b tid=0009
0009:trace:seh:raise_exception  info[0]=00000000
0009:trace:seh:raise_exception  info[1]=f34f5f7b
0009:trace:seh:raise_exception  eax=033b6410 ebx=f2aa1000 ecx=0343fa4c
edx=7bce99c8 esi=03444ebc edi=00000002
0009:trace:seh:raise_exception  ebp=0032e2d0 esp=0032e26c cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
0009:trace:seh:call_stack_handlers calling handler at 0x33b4b0d code=c0000005
flags=0
0009:trace:seh:_except_handler4_common exception c0000005 flags=0 at 0xf34f5f7b
handler=0x33b4b0d 0x32df48 0x32ddcc cookie=a5990def scope table=0x3414310
cookies=-2/0,-48/0
0009:trace:seh:_except_handler4_common level 1 prev 0 filter 0x33b48c2
0009:trace:seh:_except_handler4_common filter returned CONTINUE_SEARCH
0009:trace:seh:_except_handler4_common level 0 prev -2 filter (nil)
0009:trace:seh:_except_handler4_common reached -2, returning
ExceptionContinueSearch
0009:trace:seh:call_stack_handlers handler at 0x33b4b0d returned 1
0009:trace:seh:call_stack_handlers calling handler at 0x7bc9c738 code=c0000005
flags=0
0009:trace:seh:__regs_RtlUnwind code=c0000005 flags=2
0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc801d1 code=c0000005
flags=2
0009:trace:seh:__regs_RtlUnwind handler at 0x7bc801d1 returned 1
0009:trace:seh:__regs_RtlUnwind calling handler at 0x33b4b0d code=c0000005
flags=2
0009:trace:seh:_except_handler4_common exception c0000005 flags=2 at 0xf34f5f7b
handler=0x33b4b0d 0x32d958 0x32d8b8 cookie=a5990def scope table=0x3414310
cookies=-2/0,-48/0
0009:trace:seh:msvcrt_local_unwind4 (0x32e320,1,-2)
0009:trace:seh:msvcrt_local_unwind4 __try block cleanup level 0 handler
0x33b48f6 ebp 0x32e330
0009:trace:seh:msvcrt_local_unwind4 unwound OK
0009:trace:seh:_except_handler4_common unwound current frame, returning
ExceptionContinueSearch
0009:trace:seh:__regs_RtlUnwind handler at 0x33b4b0d returned 1
0009:trace:module:MODULE_InitDLL (0x3250000,PROCESS_ATTACH,(nil)) - RETURN 0
0009:trace:module:MODULE_InitDLL (0x3250000
L"CrySystem.dll",PROCESS_DETACH,(nil)) - CALL
0009:trace:module:LdrUnloadDll (0xf67b0000)
--- snip ---

The reason for the crash are msvcp80 forwards to msvcp90.
WinLicense software protection scheme doesn't like this (same as previous bug)
and Windows probably doesn't do this too.

Disassembly of the crashing initializer (with imports fixed):

--- snip ---
033A6410     53             PUSH EBX
033A6411     56             PUSH ESI
033A6412     68 FD8C3A03    PUSH CrySyste.033A8CFD
033A6417     B9 4CFA4203    MOV ECX,CrySyste.0342FA4C
033A641C     90             NOP
033A641D     E8 11E40779    CALL
MSVCP80.??0?$basic_string at DU?$char_traits at D@std@@V?$allocator at D@2@@std@@QAE at PBD@Z
033A6422     68 FD8C3A03    PUSH CrySyste.033A8CFD
033A6427     B9 68FA4203    MOV ECX,CrySyste.0342FA68
033A642C     90             NOP
033A642D     E8 01E40779    CALL
MSVCP80.??0?$basic_string at DU?$char_traits at D@std@@V?$allocator at D@2@@std@@QAE at PBD@Z
033A6432     83CE FF        OR ESI,FFFFFFFF
033A6435     68 FD8C3A03    PUSH CrySyste.033A8CFD
033A643A     B9 88FA4203    MOV ECX,CrySyste.0342FA88
033A643F     8935 84FA4203  MOV DWORD PTR DS:[342FA84],ESI
033A6445     90             NOP
...
--- snip ---

I avoided the forwards and copied the code (from msvcp90):

--- snip ---
...
-@ thiscall -arch=win32
??0?$basic_string at DU?$char_traits at D@std@@V?$allocator at D@2@@std@@QAE at PBD@Z(ptr
str) msvcp90.??0?$basic_string at DU?$char_traits at D@std@@V?$a
+@ thiscall -arch=win32
??0?$basic_string at DU?$char_traits at D@std@@V?$allocator at D@2@@std@@QAE at PBD@Z(ptr
str) MSVCP_basic_string_char_ctor_cstr
...
--- snip ---

Now running the game again with additional +msvcp debug channel enabled gives:

--- snip ---
...
0009:trace:msvcrt:_initterm Call init function 0x33b6410
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fa4c ""
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fa4c "" 0
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fa68 ""
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fa68 "" 0
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fa88 ""
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fa88 "" 0
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343faa4 ""
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343faa4 "" 0
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fac0 ""
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fac0 "" 0
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fae0
"DxDiag_SystemInfo"
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fae0
"DxDiag_SystemInfo" 17
0009:trace:msvcrt:MSVCRT_operator_new (32) returning 0x1e42e0
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fafc ""
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fafc "" 0
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fb1c "szBuildLab"
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fb1c "szBuildLab"
10
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fb38 ""
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fb38 "" 0
0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fb54
"System.szBuildLab"
0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fb54
"System.szBuildLab" 17
0009:trace:msvcrt:MSVCRT_operator_new (32) returning 0x1d95f8
...
--- snip ---

and the game runs again further (into next issue).

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list