[Bug 15437] Company of Heroes Opposing Fronts: Installer fails

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jun 7 04:49:38 CDT 2009 

http://bugs.winehq.org/show_bug.cgi?id=15437


Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net




--- Comment #26 from Anastasius Focht <focht at gmx.net>  2009-06-07 04:49:38 ---
Hello,

the demo - a whopping 1.9 GiB download
(http://www.4players.de/4players.php/download_info/PC-CDROM/Download/46636.html)
- exhibits the same problem.

It seems a hook dll is most likely the culprit.

This hook dll is dynamically extracted from the installer PE resources and
loaded into memory:

--- snip ---
...
0009:Call KERNEL32.FindResourceA(00400000,006658e8 "hookdll",0000000a)
ret=0042414c
0009:Ret  KERNEL32.FindResourceA() retval=00a0bbf0 ret=0042414c
0009:Call KERNEL32.LoadResource(00400000,00a0bbf0) ret=00424166
0009:Ret  KERNEL32.LoadResource() retval=009a7a7c ret=00424166
0009:Call KERNEL32.SizeofResource(00400000,00a0bbf0) ret=00424180
0009:Ret  KERNEL32.SizeofResource() retval=00032a00 ret=00424180
0009:Call KERNEL32.LockResource(009a7a7c) ret=0042418a
0009:Ret  KERNEL32.LockResource() retval=009a7a7c ret=0042418a
0009:Call KERNEL32.CreateFileA(00c54cf0
"C:\\windows\\temp\\~gs1367.tmp",c0000000,00000000,00000000,00000002,00000080,00000000)
ret=0040afb6
0009:Ret  KERNEL32.CreateFileA() retval=00000088 ret=0040afb6
0009:Call KERNEL32.WriteFile(00000088,009a7a7c,00032a00,0032f9e8,00000000)
ret=0040b005
0009:Ret  KERNEL32.WriteFile() retval=00000001 ret=0040b005
0009:Call KERNEL32.CloseHandle(00000088) ret=0040b056
0009:Ret  KERNEL32.CloseHandle() retval=00000001 ret=0040b056
0009:Call KERNEL32.FreeResource(009a7a7c) ret=004241b8
0009:Ret  KERNEL32.FreeResource() retval=00000000 ret=004241b8
0009:Call KERNEL32.LoadLibraryA(00c54cf0 "C:\\windows\\temp\\~gs1367.tmp")
ret=00663c5a
0009:Call PE DLL (proc=0x3bc914,module=0x390000
L"~gs1367.tmp",reason=PROCESS_ATTACH,res=(nil)) 
--- snip ---

The origin of the hook dll can be traced by looking at the strings in PE image.
It's a Delphi library called "madCodeHook", available from:
http://www.madshi.net/madCodeHookDescription.htm
The vendor of the game purchased and used it for whatever reason...

This hook dll uses several strategies to ensure proper hooking.
The hooker walks the PE structure, specifically exports table and IAT of mapped
PE images.
The bad thing: it also maps the on-disk images (Wine: placeholders!) of several
system dlls into memory.
Example: Wine's placeholder "kernel32.dll":

--- snip ---
...
0009:Call KERNEL32.GetModuleHandleW(03030b20 L"kernel32.dll") ret=003b2a72
0009:Ret  KERNEL32.GetModuleHandleW() retval=7edc0000 ret=003b2a72 
...
0009:Call KERNEL32.CreateFileW(00179ac8
L"C:\\windows\\system32\\KERNEL32.dll",80000000,00000001,00000000,00000003,00000000,00000000)
ret=003afa8a
0009:Ret  KERNEL32.CreateFileW() retval=000000b4 ret=003afa8a
0009:Call KERNEL32.LocalFree(00179ac8) ret=003afac5
0009:Ret  KERNEL32.LocalFree() retval=00000000 ret=003afac5
0009:Call KERNEL32.GetVersion() ret=003afacf
0009:Ret  KERNEL32.GetVersion() retval=0a280105 ret=003afacf
0009:Call
KERNEL32.CreateFileMappingW(000000b4,00000000,00000002,00000000,00000000,00000000)
ret=003afae6
0009:Ret  KERNEL32.CreateFileMappingW() retval=000000b8 ret=003afae6
0009:Call KERNEL32.MapViewOfFile(000000b8,00000004,00000000,00000000,00000000)
ret=003afb0e
0009:Ret  KERNEL32.MapViewOfFile() retval=03130000 ret=003afb0e
0009:Call KERNEL32.CloseHandle(000000b8) ret=003afb16
0009:Ret  KERNEL32.CloseHandle() retval=00000001 ret=003afb16
0009:Call KERNEL32.CloseHandle(000000b4) ret=003afb1c
0009:Ret  KERNEL32.CloseHandle() retval=00000001 ret=003afb1c 
...
--- snip ---

The hooker verifies/correlates the in-memory PE images of system dlls Wine
loader mapped (with IAT already patched) with the raw image from disk - Wine's
placeholder - mapped into memory as BLOB.

This obviously won't work by design hence the crash.

An interesting tidbit "madCodeHook on Wine":
http://forum.madshi.net/viewtopic.php?t=4744

Maybe the developer of the hooker needs some education about some Wine No-No's
;-)

Regarding the game installer: if you find a version not bundled with this
hooker you're fine - otherwise this is WONTFIX.
Though you might use "copy-over-from-Windows" approach but this isn't
supported.

And last: bug 9361 is about the same exact issue. Mark that bug as dupe of this
one because I gave the analysis here.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list