1995-era Microsoft MFCKIT installer fails to unpack one of its DLLs
Dan Kegel
dank at kegel.com
Mon Jan 20 01:22:54 CST 2003
On to the next button on the MSVC4.0 installer: MFC.
Clicking it runs d:\mfckit\disk1\setup.exe, which appears to be a
win16 executable. It exits quickly under Wine, saying
Could not load 'RBHEAP.DLL' required by 'WBRUN20', error= 2
Tsk. Running it under XP works, of course. Now, \mfckit\disk1
does contain the file rbheap.dl_, which presumably something is supposed
to unpack on the fly. In hopes of seeing what's going on, I ran
this installer under Debugging Tools for Windows' logger; the
result is at http://www.kegel.com/linux/mfckit.txt
Here are the lines from mfckit.txt that reference rbheap.dll or a file descriptor
open to it or rbheap.dl_:
Thrd4 0FFB56F5 GetPrivateProfileStringA( "Files" "rbheap.dl_" "" 0x00000080
"D:\MFCKIT\DISK1\SETUP.LST") -> 0x0000000A ( "rbheap.dll")
Thrd4 0FFB503E CreateFileW( "D:\MFCKIT\DISK1\RBHEAP.DL_" GENERIC_READ FILE_SHARE_READ |
FILE_SHARE_WRITE | FILE_SHARE_DELETE [0x00000000] NULL OPEN_EXISTING 0x00000000 NULL) ->
INVALID_HANDLE_VALUE [FAIL]
Thrd4 0FFB505D CreateFileW( "D:\MFCKIT\DISK1\RBHEAP.DL_" GENERIC_READ FILE_SHARE_READ |
FILE_SHARE_WRITE | FILE_SHARE_DELETE [0x00000000] NULL OPEN_EXISTING 0x00000000 NULL) -> 0x000000C4
Thrd4 0FFB50A7 SetFilePointer( 0x000000C4 0 [0x00000000] NULL FILE_BEGIN) -> 0x00000000
Thrd4 0FFB48B9 GetFileAttributesW( "C:\ms-setup.t\rbheap.dll") -> FILE_ATTRIBUTE_READONLY |
FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_ARCHIVE |
FILE_ATTRIBUTE_ENCRYPTED | FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_TEMPORARY |
FILE_ATTRIBUTE_SPARSE_FILE | FILE_ATTRIBUTE_REPARSE_POINT | FILE_ATTRIBUTE_COMPRESSED |
FILE_ATTRIBUTE_OFFLINE | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
Thrd4 0F007B35 GetFileAttributesW( "C:\MS-SETUP.T\RBHEAP.DLL") -> FILE_ATTRIBUTE_READONLY |
FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_ARCHIVE |
FILE_ATTRIBUTE_ENCRYPTED | FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_TEMPORARY |
FILE_ATTRIBUTE_SPARSE_FILE | FILE_ATTRIBUTE_REPARSE_POINT | FILE_ATTRIBUTE_COMPRESSED |
FILE_ATTRIBUTE_OFFLINE | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
Thrd4 0FFB503E CreateFileW( "C:\MS-SETUP.T\RBHEAP.DLL" GENERIC_READ | GENERIC_WRITE FILE_SHARE_READ
| FILE_SHARE_WRITE | FILE_SHARE_DELETE [0x00000000] NULL CREATE_ALWAYS FILE_ATTRIBUTE_NORMAL NULL)
-> 0x00000124
Thrd4 0FFB4584 SetFilePointer( 0x000000C4 0 [0x032AFC48] -> 0 FILE_CURRENT) -> 0x00000000
Thrd4 0FFB4459 ReadFile( 0x000000C4 0x00000008 [0x032AFC2C] -> 0x00000008 0x00000000) -> TRUE (
0x0003BB70)
Thrd4 0FFB4584 SetFilePointer( 0x000000C4 0 [0x032AFC48] -> 0 FILE_BEGIN) -> 0x00000000
Thrd4 0FFB503E CreateFileW( "D:\MFCKIT\DISK1\RBHEAP.DL_" GENERIC_READ FILE_SHARE_READ |
FILE_SHARE_WRITE | FILE_SHARE_DELETE [0x00000000] NULL OPEN_EXISTING 0x00000000 NULL) ->
INVALID_HANDLE_VALUE [FAIL]
Thrd4 0FFB505D CreateFileW( "D:\MFCKIT\DISK1\RBHEAP.DL_" GENERIC_READ FILE_SHARE_READ |
FILE_SHARE_WRITE | FILE_SHARE_DELETE [0x00000000] NULL OPEN_EXISTING 0x00000000 NULL) -> 0x000000C4
Thrd4 0FFB50A7 SetFilePointer( 0x000000C4 0 [0x00000000] NULL FILE_BEGIN) -> 0x00000000
Thrd4 0FFB4584 SetFilePointer( 0x000000C4 0 [0x032AFC48] -> 0 FILE_END) -> 0x0000189C
Thrd4 0FFB4584 SetFilePointer( 0x000000C4 0 [0x032AFC48] -> 0 FILE_BEGIN) -> 0x00000000
Thrd4 0FFB4459 ReadFile( 0x000000C4 0x0000000E [0x032AFC2C] -> 0x0000000E 0x00000000) -> TRUE (
0x0003BB28)
Thrd4 0FFB4584 SetFilePointer( 0x000000C4 0 [0x032AFC48] -> 0 FILE_END) -> 0x0000189C
Thrd4 0FFB4584 SetFilePointer( 0x000000C4 0 [0x032AFC48] -> 0 FILE_BEGIN) -> 0x00000000
Thrd4 0FFB4459 ReadFile( 0x000000C4 0x0000000E [0x032AFC2C] -> 0x0000000E 0x00000000) -> TRUE (
0x0003BB2C)
Thrd4 0FFB4584 SetFilePointer( 0x000000C4 14 [0x032AFC48] -> 0 FILE_BEGIN) -> 0x0000000E
Thrd4 0FFB4584 SetFilePointer( 0x00000124 0 [0x032AFC48] -> 0 FILE_BEGIN) -> 0x00000000
Thrd4 0FFB4459 ReadFile( 0x000000C4 0x00008000 [0x032AFC2C] -> 0x00008000 0x00000000) -> TRUE (
0x0320FB41)
Thrd4 0FFB4459 ReadFile( 0x000000C4 0x00008000 [0x032AFC2C] -> 0x00008000 0x00000000) -> TRUE (
0x0320FB41)
Thrd4 0FFC117C WriteFile( 0x00000124 0x03217B60 0x00002B30 [0x032AFC40] -> 0x0FFDDB70 0x00000000) ->
TRUE
Thrd4 0FFB48B9 GetFileAttributesW( "C:\ms-setup.t\rbheap.dll") -> FILE_ATTRIBUTE_ARCHIVE
Thrd4 0FFBABDD SetFileAttributesW( "C:\ms-setup.t\rbheap.dll" FILE_ATTRIBUTE_READONLY |
FILE_ATTRIBUTE_ARCHIVE) -> TRUE
Thrd4 0FFB503E CreateFileW( "C:\MS-SETUP.T\RBHEAP.DLL" GENERIC_READ FILE_SHARE_READ |
FILE_SHARE_WRITE | FILE_SHARE_DELETE [0x00000000] NULL OPEN_EXISTING 0x00000000 NULL) -> 0x000000DC
Thrd4 0FFB54DC GetProfileIntA( "ModuleCompatibility" "RBHEAP" 0) -> 0
Thrd4 0FFB48B9 GetFileAttributesW( "C:\ms-setup.t\rbheap.dll") -> FILE_ATTRIBUTE_READONLY |
FILE_ATTRIBUTE_ARCHIVE
Thrd4 0FFBABDD SetFileAttributesW( "C:\ms-setup.t\rbheap.dll" FILE_ATTRIBUTE_ARCHIVE) -> TRUE
Thrd4 0F007D27 CreateFileW( "C:\ms-setup.t\rbheap.dll" 0x00010000 0x00000000 [0x00000000] NULL
OPEN_EXISTING FILE_ATTRIBUTE_NORMAL NULL) -> 0x0000012C
Looks pretty clear that whatever we're tracing is indeed unpacking the file and
writing it to c:\ms-setup.t\rbheap.dll. (I think we're tracking the wow module
which is running the win16 program.)
Likewise, I ran it under Wine with --debugmsg +win,+profile,+file,+dosfs,+relay;
the resulting log is at http://www.kegel.com/linux/mfckit-wine.txt
Here are the lines from mfckit-wine.txt that mention rbheap at all:
trace:profile:PROFILE_Load New key: name='rbheap.dl_', value='rbheap.dll'
trace:file:FILE_DoOpenFile RBHEAP.DLL OF_READ OF_SHARE_COMPAT
trace:file:FILE_DoOpenFile RBHEAP.DLL 0000
trace:dosfs:DOSFS_DoGetFullPathName passed 'RBHEAP.DLL'
trace:dosfs:DOSFS_DoGetFullPathName got C:\ms-setup.t\RBHEAP.DLL
trace:dosfs:DOSFS_DoGetFullPathName returning 'C:\ms-setup.t\RBHEAP.DLL'
trace:dosfs:DOSFS_GetFullName RBHEAP.DLL (last=1)
trace:dosfs:DOSFS_FindUnixName /home/dank/c/ms-setup.t,RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'RBHEAP.DLL' not found in '/home/dank/c/ms-setup.t'
trace:dosfs:DOSFS_FindUnixName /home/dank/c/windows/system,RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'RBHEAP.DLL' not found in '/home/dank/c/windows/system'
trace:dosfs:DOSFS_FindUnixName /home/dank/c/windows,RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'RBHEAP.DLL' not found in '/home/dank/c/windows'
trace:dosfs:DOSFS_GetFullName C:\MS-SETUP.T\RBHEAP.DLL (last=1)
trace:dosfs:DOSFS_FindUnixName /home/dank/c,MS-SETUP.T\RBHEAP.DLL
trace:dosfs:DOSFS_FindUnixName (/home/dank/c,MS-SETUP.T\RBHEAP.DLL) -> ms-setup.t (MS-SETUP.T)
trace:dosfs:DOSFS_FindUnixName /home/dank/c/ms-setup.t,RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'RBHEAP.DLL' not found in '/home/dank/c/ms-setup.t'
trace:dosfs:DOSFS_GetFullName c:\windows\RBHEAP.DLL (last=1)
trace:dosfs:DOSFS_FindUnixName /home/dank/c,windows\RBHEAP.DLL
trace:dosfs:DOSFS_FindUnixName (/home/dank/c,windows\RBHEAP.DLL) -> windows (WINDOWS)
trace:dosfs:DOSFS_FindUnixName /home/dank/c/windows,RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'RBHEAP.DLL' not found in '/home/dank/c/windows'
trace:dosfs:DOSFS_GetFullName c:\windows\system\RBHEAP.DLL (last=1)
trace:dosfs:DOSFS_FindUnixName /home/dank/c,windows\system\RBHEAP.DLL
trace:dosfs:DOSFS_FindUnixName (/home/dank/c,windows\system\RBHEAP.DLL) -> windows (WINDOWS)
trace:dosfs:DOSFS_FindUnixName /home/dank/c/windows,system\RBHEAP.DLL
trace:dosfs:DOSFS_FindUnixName (/home/dank/c/windows,system\RBHEAP.DLL) -> system (SYSTEM)
trace:dosfs:DOSFS_FindUnixName /home/dank/c/windows/system,RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'RBHEAP.DLL' not found in '/home/dank/c/windows/system'
trace:dosfs:DOSFS_GetFullName e:\\RBHEAP.DLL (last=1)
trace:dosfs:DOSFS_FindUnixName /tmp,RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'RBHEAP.DLL' not found in '/tmp'
trace:dosfs:DOSFS_GetFullName e:\test\RBHEAP.DLL (last=1)
trace:dosfs:DOSFS_FindUnixName /tmp,test\RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'test\RBHEAP.DLL' not found in '/tmp'
trace:dosfs:DOSFS_GetFullName f:\\RBHEAP.DLL (last=1)
trace:dosfs:DOSFS_FindUnixName /home/dank,RBHEAP.DLL
warn:dosfs:DOSFS_FindUnixName 'RBHEAP.DLL' not found in '/home/dank'
warn:file:FILE_DoOpenFile 'RBHEAP.DLL' not found or sharing violation
warn:file:FILE_DoOpenFile (RBHEAP.DLL): return = HFILE_ERROR error= 2
Could not load 'RBHEAP.DLL' required by 'WBRUN20', error=2
No such unpacking going on here. Under Wine, nothing ever references RBHEAP.DL_.
Anyone see anything like this before, or have a suggestion on how to track this down further?
--
Dan Kegel
http://www.kegel.com
http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=78045
More information about the wine-devel
mailing list