[Bug 35646] Condes 9 fails on startup: "Debugger detected - please disable it and restart the application" (Obsidium v1.4+)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Feb 22 15:19:39 CST 2014 

http://bugs.winehq.org/show_bug.cgi?id=35646

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
            Version|unspecified                 |1.7.12
                URL|                            |http://www.condes.net/ver9/
                   |                            |install_condes9.exe
           Keywords|                            |download, obfuscation
                 CC|                            |focht at gmx.net
     Ever confirmed|0                           |1
            Summary|X11 Error: Debugger         |Condes 9 fails on startup:
                   |detected - please disable   |"Debugger detected - please
                   |it and restart the          |disable it and restart the
                   |application                 |application" (Obsidium
                   |                            |v1.4+)
           Severity|blocker                     |normal

--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming, also happens with plain Wine.

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Condes 9

$ WINEDEBUG=+tid,+seh,+relay wine ./wcondes.exe >>log.txt 2>&1
...
0024:Call KERNEL32.CreateFileA(0039625c
"\\\\.\\SICE",80000000,00000003,00000000,00000003,00000080,00000000)
ret=00dc75b3
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=00dc75b3
0024:Call KERNEL32.CreateFileA(00396265
"\\\\.\\NTICE",80000000,00000003,00000000,00000003,00000080,00000000)
ret=00dc75b3
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=00dc75b3
0024:Call KERNEL32.CreateFileA(0039626f
"\\\\.\\NTFIRE",80000000,00000003,00000000,00000003,00000080,00000000)
ret=00dc75b3
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=00dc75b3
0024:Call KERNEL32.GetModuleHandleA(0033fb74 "ntdll") ret=00dc75b3
0024:Ret  KERNEL32.GetModuleHandleA() retval=7bc10000 ret=00dc75b3
0024:Call ntdll.RtlAddVectoredExceptionHandler(00000001,00397dc3) ret=00dc6bb4
0024:Ret  ntdll.RtlAddVectoredExceptionHandler() retval=001311f8 ret=00dc6bb4
0024:Call KERNEL32.OutputDebugStringA(00397dbd "") ret=00dc75b3
0024:Ret  KERNEL32.OutputDebugStringA() retval=00000000 ret=00dc75b3
0024:Call KERNEL32.GetModuleHandleA(0033fb74 "ntdll") ret=00dc75b3
0024:Ret  KERNEL32.GetModuleHandleA() retval=7bc10000 ret=00dc75b3
0024:Call ntdll.RtlRemoveVectoredExceptionHandler(001311f8) ret=00dc6bc4
0024:Ret  ntdll.RtlRemoveVectoredExceptionHandler() retval=00000001
ret=00dc6bc4
0024:Call user32.EnumWindows(00dd1050,00dbd64e) ret=00dc75b3
0024:Call user32.GetWindowThreadProcessId(00010048,0033fbf4) ret=00dd106e
0024:Ret  user32.GetWindowThreadProcessId() retval=00000009 ret=00dd106e
0024:Call user32.GetWindowThreadProcessId(00010046,0033fbf4) ret=00dd106e
0024:Ret  user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e
0024:Call user32.GetWindowThreadProcessId(00010040,0033fbf4) ret=00dd106e
0024:Ret  user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e
0024:Call user32.GetWindowThreadProcessId(0001003e,0033fbf4) ret=00dd106e
0024:Ret  user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e
0024:Call user32.GetWindowThreadProcessId(0001003c,0033fbf4) ret=00dd106e
0024:Ret  user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e
0024:Call user32.GetWindowThreadProcessId(00010038,0033fbf4) ret=00dd106e
0024:Ret  user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e
0024:Ret  user32.EnumWindows() retval=00000001 ret=00dc75b3
0024:Call user32.MessageBoxW(00000000,00dcff8c L"Debugger detected - please
disable it and restart the application.",00dcff80 L"Error",00002030)
ret=00dc6bd4
...
--- snip ---

Protection scan:

--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> Z:\home\focht\.wine\drive_c\Program Files\Condes 9\wcondes.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 4539024 (0454290h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 0452EE0h, size : 013B0h / 05040
byte(s)
-> File has 3132284 (02FCB7Ch) bytes of appended data starting at offset
0156364h
[File Heuristics] -> Flag : 00000000000001011101001000110111 (0x0005D237)
[Entrypoint Section Entropy] : 8.00
[!] Obsidium v1.4.2.0 (or higher) detected !
- Scan Took : 0.415 Second(s) [00000019Fh tick(s)] [533 scan(s) done]
--- snip ---

$ sha1sum install_condes9.exe 
b83aef8c208175768fd22fcbb26d73f842fdf855  install_condes9.exe

$ du -sh install_condes9.exe 
11M    install_condes9.exe

$ wine --version
wine-1.7.13-27-ge610713

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list