[Bug 27221] Full Spectrum Warrior crashes on start (SoftWrap DRM scheme, Wine must not send window object creation event/call notify event hook for fake D3D window)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Jan 29 14:40:50 CST 2014
https://bugs.winehq.org/show_bug.cgi?id=27221
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |obfuscation
URL|http://www.joystiq.com/game |http://www.gamershell.com/d
|/full-spectrum-warrior/down |ownload_33784.shtml
|load/full-spectrum-warrior- |
|full-free-game |
CC| |focht at gmx.net
Summary|Full Spectrum Warrior |Full Spectrum Warrior
|crashes on start |crashes on start (SoftWrap
| |DRM scheme, Wine must not
| |send window object creation
| |event/call notify event
| |hook for fake D3D window)
--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming, still present.
Adjusting download link.
The game is protected by SoftWrap DRM scheme.
--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> Z:\home\focht\.wine\drive_c\Program Files\THQ\Pandemic Studios\Full
Spectrum Warrior\Launcher.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 1445888 (0161000h)
Byte(s)
[File Heuristics] -> Flag : 00000000000000000100000000100011 (0x00004023)
[Entrypoint Section Entropy] : 7.63
[!] SoftWrap detected !
[!] Possible License Protection String -> License Activation
- Scan Took : 0.323 Second(s) [000000143h tick(s)] [533 scan(s) done]
--- snip ---
Some info: http://www.softwrap.com/page.aspx?page_id=109
It seems the company dissolved itself in 2013.
The recursion is basically the result of the way the DRM scheme hooks API and
the Wine-specific creation of internal WineD3D fake window.
The game hooks a huge amount of API, not limited to DirectX/DirectSound .. many
win32 core functionality.
The following graphics API are considered for hooking by the engine
(DFRTIEngine.dll):
* OpenGL
* DirectDraw
* DirectDraw7
* DirectX8
* DirectX9
* DirectX10
* GDI
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/THQ/Pandemic Studios/Full Spectrum
Warrior
$ WINEDEBUG=+tid,+seh,+relay,+d3d wine ./Launcher.exe >>log.txt 2>&1
...
0025:Call KERNEL32.CreateProcessA(00000000,0058f618 "\"C:\\Program
Files\\THQ\\Pandemic Studios\\Full Spectrum
Warrior\\Launcher.locked\"",00000000,00000000,00000000,00000004,00000000,00000000,0033d260,0033d820)
ret=004284d9
...
0028:Call KERNEL32.__wine_kernel_init() ret=7bc5a326
0025:Ret KERNEL32.CreateProcessA() retval=00000001 ret=004284d9
...
0028:Call KERNEL32.LoadLibraryW(10040250 L"C:\\Program Files\\THQ\\Pandemic
Studios\\Full Spectrum Warrior\\DFRTIEngine.dll") ret=10001541
...
0028:Call PE DLL (proc=0x70cc2d,module=0x630000
L"DFRTIEngine.dll",reason=PROCESS_ATTACH,res=(nil))
...
0028:Call
user32.SetWinEventHook(00000001,7fffffff,00630000,00633310,00000027,00000000,00000004)
ret=006333e0
0028:Ret user32.SetWinEventHook() retval=0002006a ret=006333e0
...
0028:Call KERNEL32.GetModuleHandleA(0074ad90 "ddraw.dll") ret=0067cba8
0028:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=0067cba8
0028:Call KERNEL32.GetModuleHandleA(0074ad90 "ddraw.dll") ret=0067cba8
0028:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=0067cba8
0028:Call KERNEL32.GetModuleHandleA(0074b104 "d3d8.dll") ret=0067cba8
0028:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=0067cba8
0028:Call KERNEL32.GetModuleHandleA(0074b6c0 "d3d9.dll") ret=0067cba8
0028:Ret KERNEL32.GetModuleHandleA() retval=7ed60000 ret=0067cba8
0028:Call KERNEL32.GetProcAddress(7ed60000,0074b7b4 "Direct3DCreate9")
ret=0066dc8a
0028:Ret KERNEL32.GetProcAddress() retval=7ed6962c ret=0066dc8a
...
0028:Call d3d9.Direct3DCreate9(00000020) ret=0066dc92
0028:trace:d3d9:Direct3DCreate9 sdk_version 0x20.
...
0028:trace:d3d:wined3d_init Initializing adapters.
0028:trace:d3d:wined3d_adapter_init adapter 0x13dc38, ordinal 0.
...
0028:Call user32.CreateWindowExA(00000000,7ed12203 "WineD3D_OpenGL",7ed121ef
"WineD3D fake
window",00cf0000,0000000a,0000000a,0000000a,0000000a,00000000,00000000,00000000,00000000)
ret=7ec47d1b
...
0028:Call window proc 0x7ebff9e8
(hwnd=0x20064,msg=WM_CREATE,wp=00000000,lp=0033e710)
0028:Call user32.DefWindowProcA(00020064,00000001,00000000,0033e710)
ret=7e885f2a
0028:Ret user32.DefWindowProcA() retval=00000000 ret=7e885f2a
0028:Ret window proc 0x7ebff9e8
(hwnd=0x20064,msg=WM_CREATE,wp=00000000,lp=0033e710) retval=00000000
0028:Call winex11.drv.CreateWindow(00020064) ret=7e877875
0028:Ret winex11.drv.CreateWindow() retval=00000001 ret=7e877875
0028:Call winevent hook proc 0x633310
(hhook=0x2006a,event=8000,hwnd=0x20064,object_id=0,child_id=0,tid=0028,time=b2fe56)
<recursion here>
0028:Call KERNEL32.GetModuleHandleA(0074ad90 "ddraw.dll") ret=0067cba8
0028:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=0067cba8
0028:Call KERNEL32.GetModuleHandleA(0074ad90 "ddraw.dll") ret=0067cba8
0028:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=0067cba8
0028:Call KERNEL32.GetModuleHandleA(0074b104 "d3d8.dll") ret=0067cba8
0028:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=0067cba8
0028:Call KERNEL32.GetModuleHandleA(0074b6c0 "d3d9.dll") ret=0067cba8
0028:Ret KERNEL32.GetModuleHandleA() retval=7ed60000 ret=0067cba8
0028:Call KERNEL32.GetProcAddress(7ed60000,0074b7b4 "Direct3DCreate9")
ret=0066dc8a
0028:Ret KERNEL32.GetProcAddress() retval=7ed6962c ret=0066dc8a
0028:Call d3d9.Direct3DCreate9(00000020) ret=0066dc92
...
--- snip ---
The game installs an event handler via SetWinEventHook() before doing any
serious stuff.
The handler is used to create further API hooks (via patching of API entries).
Wine creates a window object (fake D3D window, Wine-specific) during creation
of IDirect3D9 object which triggers the event hook.
Source:
http://source.winehq.org/git/wine.git/blob/6bf64f0ac278b826b526504d69f384dfce598bc8:/dlls/user32/win.c#l1620
--- snip ---
1304 HWND WIN_CreateWindowEx( CREATESTRUCTW *cs, LPCWSTR className, HINSTANCE
module, BOOL unicode )
1305 {
...
1620 /* call the driver */
1621
1622 if (!USER_Driver->pCreateWindow( hwnd )) goto failed;
1623
1624 NotifyWinEvent(EVENT_OBJECT_CREATE, hwnd, OBJID_WINDOW, 0);
1625
1626 /* send the size messages */
...
--- snip ---
This is something the hook code doesn't anticipate/handle well.
I disabled the propagation of window object creation during fake D3D window
creation and it allowed the game successfully hook D3D9.
Trace log with fix applied:
--- snip ---
...
0028:Call KERNEL32.GetProcAddress(7ed60000,0074b7b4 "Direct3DCreate9")
ret=0066dc8a
0028:Ret KERNEL32.GetProcAddress() retval=7ed6962c ret=0066dc8a
0028:Call d3d9.Direct3DCreate9(00000020) ret=0066dc92
...
0028:Call wined3d.wined3d_create(00000009,00000004) ret=7ed7a717
...
0028:trace:d3d:wined3d_init Initializing adapters.
0028:trace:d3d:wined3d_adapter_init adapter 0x13dc48, ordinal 0.
...
0028:trace:d3d:wined3d_adapter_init Allocated LUID 00000000:000003f4 for
adapter 0x13dc48.
0028:trace:d3d:wined3d_caps_gl_ctx_create getting context...
...
0028:Call user32.CreateWindowExA(00000000,7ed12203 "WineD3D_OpenGL",7ed121ef
"WineD3D fake
window",00cf0000,0000000a,0000000a,0000000a,0000000a,00000000,00000000,00000000,00000000)
ret=7ec47d1b
..
0028:Ret window proc 0x7ebff9e8
(hwnd=0x20064,msg=WM_CREATE,wp=00000000,lp=0033e600) retval=00000000
0028:Call winex11.drv.CreateWindow(00020064) ret=7e87787b
0028:Ret winex11.drv.CreateWindow() retval=00000001 ret=7e87787b
0028:Ret user32.CreateWindowExA() retval=00020064 ret=7ec47d1b
...
0028:Call gdi32.ChoosePixelFormat(000f002b,0033e6fc) ret=7ec47e41
0028:Call opengl32.wglChoosePixelFormat(000f002b,0033e6fc) ret=7ea35d4a
...
0028:Ret opengl32.wglChoosePixelFormat() retval=00000001 ret=7ea35d4a
...
0028:Call opengl32.wglCreateContext(000f002b) ret=7ec47ef1
...
0028:Ret opengl32.wglCreateContext() retval=00010000 ret=7ec47ef1
0028:Call opengl32.wglMakeCurrent(000f002b,00010000) ret=00655da2
0028:Ret opengl32.wglMakeCurrent() retval=00000001 ret=00655da2
0028:Call KERNEL32.VirtualProtect(7eaf11cc,00000008,00000040,0033e678)
ret=0069e4f7
0028:Ret KERNEL32.VirtualProtect() retval=00000001 ret=0069e4f7
0028:Call KERNEL32.IsBadWritePtr(7eaf11cc,00000005) ret=0069e507
0028:Ret KERNEL32.IsBadWritePtr() retval=00000000 ret=0069e507
0028:Call KERNEL32.VirtualProtect(7eaf11cc,00000008,00000020,0033e67c)
ret=0069e52b
0028:Ret KERNEL32.VirtualProtect() retval=00000001 ret=0069e52b
0028:Call KERNEL32.FlushInstructionCache(ffffffff,7eaf11cc,00000005)
ret=0069e541
0028:Ret KERNEL32.FlushInstructionCache() retval=00000001 ret=0069e541
...
--- snip ---
The game runs fine, albeit slow on my machine.
$ sha1sum thq_fsw_free.zip
780c485bb5097434c38d3d632d775ecd9b5d599a thq_fsw_free.zip
$ du -sh thq_fsw_free.zip
1.7G thq_fsw_free.zip
$ wine --version
wine-1.7.11-115-gdb8dc30
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list