[Bug 9685] Punkbuster removes me from game for UNKNOWN WINDOWS API FUNCTION [131124]

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Sep 17 10:21:34 CDT 2007 

http://bugs.winehq.org/show_bug.cgi?id=9685


Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net




--- Comment #4 from Anastasius Focht <focht at gmx.net>  2007-09-17 10:21:33 ---
Hello,

ahh my old friend Punkbuster again ;-)
The are a couple of reasons why this currently does not work.

Punkbuster mal^H^H^Hsoftware consists of user mode and kernel mode parts.
The usermode dlls which are loaded into target process are not a problem for
wine.
They use standard psapi/toolhelp api to enumerate processes and modules lists,
read user mode structures and the like.

There are two services "PnkBstrA" (PnkBstrA.exe) and "PnkBstrB" (PnkBstrB.exe).
PnkBstrA is their auto update service. No harm.
PnkBstrB is their anti cheat measure which unpacks and loads a kernel driver
module at run time.

The PnkBstrB.exe executable contains a digital certificate which is used for
integrity verification.
Current showstopper is crypt api insufficiency.
Due to CryptQueryObject() being a stub, the service refuses to initialize
correctly.

--- snip trace ---
...
001c:Ret  wintrust.WinVerifyTrust() retval=00000000 ret=00401473
001c:Call KERNEL32.MultiByteToWideChar(00000000,00000000,00410c71
"c:\\windows\\profiles\\focht\\Application
Data\\PnkBstrB.exe",00000038,61605570,00000104) ret=00401bb2
001c:Ret  KERNEL32.MultiByteToWideChar() retval=00000038 ret=00401bb2
001c:Call
crypt32.CryptQueryObject(00000001,61605570,00000400,00000002,00000000,61604ee8,61604eec,61604ee4,61604f24,61604f28,00000000)
ret=00401bef
001c:fixme:crypt:CryptQueryObject 00000001 0x61605570 00000400 00000002
00000000 0x61604ee8 0x61604eec 0x61604ee4 0x61604f24 0x61604f28 (nil)
001c:Ret  crypt32.CryptQueryObject() retval=00000000 ret=00401bef
001c:Call KERNEL32.GetLastError() ret=0040123b
001c:Ret  KERNEL32.GetLastError() retval=80092004 ret=0040123b
001c:Call
KERNEL32.FormatMessageA(00001300,00000000,80092004,00000400,61604de0,00000000,00000000)
ret=00401259
001c:Ret  KERNEL32.FormatMessageA() retval=00000000 ret=00401259
001c:Call KERNEL32.lstrlenA(61605b00
"v]`a$_`a\"Software\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType
1\\\\CryptDllImportPublicKeyInfoEx\\\\1.2.840.113549.1.1.1\"") ret=00401266
...
--- snip trace ---

If you improved the stub (must return valid data -> CryptMsgGetParam), you
might try again and report back.
Though i think there much severe problems ahead, the kernel driver part itself.

Regards


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list