[Bug 35734] Pokemon Zeta 1.3.28 crashes on startup (ASProtect SKE v2.72)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Nov 20 08:24:16 CST 2015 

https://bugs.winehq.org/show_bug.cgi?id=35734

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |download, obfuscation
             Status|UNCONFIRMED                 |RESOLVED
                URL|                            |https://www.reddit.com/r/po
                   |                            |kemonzetaomicron/comments/1
                   |                            |zlpe7/pokemon_zetaomicron_1
                   |                            |328/
         Resolution|---                         |FIXED
            Summary|Pokemon Zeta doesn't run    |Pokemon Zeta 1.3.28 crashes
                   |                            |on startup (ASProtect SKE
                   |                            |v2.72)

--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

@super_man Always try to locate the version the bug was reported with.

In various cases the app/game evolved in newer versions and it's not possible
to reproduce exactly the same issue. 

Download:
https://www.reddit.com/r/pokemonzetaomicron/comments/1zlpe7/pokemon_zetaomicron_1328/

Trying to reconstruct from OP's callstack:

--- snip ---
...
00401014  68 84714000    PUSH Game.00407184  ; "RGSSFinalize"
00401019  56             PUSH ESI            ; hModule
0040101A  A3 10994000    MOV DWORD PTR DS:[409910],EAX
0040101F  FFD7           CALL EDI            ; GetProcAddress
00401021  68 74714000    PUSH Game.00407174  ; "RGSSGameMain"
00401026  56             PUSH ESI            ; hModule
00401027  A3 08994000    MOV DWORD PTR DS:[409908],EAX 
...
0040169C  8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
0040169F  FF15 08994000  CALL DWORD PTR DS:[409908]
004016A5  8B45 E4        MOV EAX,DWORD PTR SS:[EBP-1C]
...
00401B28  50             PUSH EAX
00401B29  FF75 E0        PUSH DWORD PTR SS:[EBP-20]
00401B2C  56             PUSH ESI
00401B2D  56             PUSH ESI
00401B2E  FFD7           CALL EDI
00401B30  50             PUSH EAX
00401B31  E8 5AF5FFFF    CALL Game.00401090
00401B36  8BF8           MOV EDI,EAX
...
00401485  52             PUSH EDX   "RGSS102E.dll"
00401486  FF15 10704000  CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>
0040148C  8BF0           MOV ESI,EAX
...
10003A70  C705 10CB1110. MOV DWORD PTR DS:[1011CB10],0
10003A7A  C3             RETN
10003A7B  CC             INT3
...
--- snip ---

The culprit was likely the dll which is mapped at 0x10000000:

--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> Z:\home\focht\Downloads\Pokemon Zeta 1.3.28\RGSS102E.dll
File Type : 32-Bit Dll (Subsystem : Win CUI / 3), Size : 778752 (0BE200h)
Byte(s)
Compilation TimeStamp : 0x42C8AC9A -> Mon 04th Jul 2005 03:27:22 (GMT)
[TimeStamp] 0x42C8AC9A -> Mon 04th Jul 2005 03:27:22 (GMT) | PE Header | - |
Offset: 0x00000130 | VA: 0x10000130 | -
[TimeStamp] 0x42C8AC9A -> Mon 04th Jul 2005 03:27:22 (GMT) | Export | - |
Offset: 0x00090974 | VA: 0x1010BB74 | -
[File Heuristics] -> Flag #1 : 00000000000000001100000100100011 (0x0000C123)
[Entrypoint Section Entropy] : 7.83 (section #5) ".xpdata " | Size : 0x1DE00
(122368) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 7 (0x7) | ImageSize 0x19B000 (1683456) byte(s)
[Export] 54% of function(s) (36 of 66) are in file | 0 are forwarded | 66 code
| 0 data | 0 uninit data | 0 unknown | 
[!] ASProtect SKE v2.72 or higher detected !
[CompilerDetect] -> Borland Delphi (unknown version) - 20% probability
[CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003)
- Scan Took : 0.521 Second(s) [000000209h (521) tick(s)] [244 of 573 scan(s)
done]
--- snip ---

OP's backtrace doesn't show the dll because it removed itself from loader
module lists as part of anti-debug protection.
Likely a problem decrypting itself.

Since it works with recent Wine versions, assuming 'FIXED'.
I'm not going to waste my time to reverse-bisect the actual commit that fixed
it though.

Although not relevant to the actual problem: OP uses a polluted WINEPREFIX
(Apple mDNS).
Don't do this, always install each app/game in separate WINEPREFIX.
If you share prefix(es) with multiple apps/games do that at own risk but don't
report problems with it.

$ sha1sum Pokemon\ Zeta\ 1.3.28.zip 
759c0ceb6da05c1cc51822b45e5ed6a164949c39  Pokemon Zeta 1.3.28.zip

$ du -sh Pokemon\ Zeta\ 1.3.28.zip 
105M    Pokemon Zeta 1.3.28.zip

$ wine --version
wine-1.7.55-73-g39f2ed3

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list