[Bug 2770] Powerbullet Presenter 1.44: Powerbullet.dll registration fails (Armadillo v4.x software protection fails at checkpoint L5, error 0x17)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Jun 23 11:16:15 CDT 2013
http://bugs.winehq.org/show_bug.cgi?id=2770
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|-unknown |ntdll
--- Comment #22 from Anastasius Focht <focht at gmx.net> 2013-06-23 11:16:15 CDT ---
Hello folks,
well it seems the CRC error detected between Armadillo LP5 and LP6 checkpoints
results from much earlier problems.
In unpacking phase, "powerbullet.dll" header and PE sections are re-created in
memory (obviously modified).
A time later some parts of the original MZ/PE header are validated against
on-disk image.
Relevant part of trace log, resulting in later failure:
--- snip ---
$ WINEDEBUG=+tid,+seh,+relay wine regsvr32.exe Powerbullet.dll >> log.txt 2>&1
...
0025:Call PE DLL (proc=0x10275337,module=0x10000000
L"Powerbullet.dll",reason=PROCESS_ATTACH,res=(nil))
...
0025:Call KERNEL32.VirtualAlloc(10000000,0004b000,00001000,00000004)
ret=102637a6
0025:Ret KERNEL32.VirtualAlloc() retval=10000000 ret=102637a6
0025:Call msvcrt.memcpy(10000000,0014a3d0,00001000) ret=10263873
0025:Ret msvcrt.memcpy() retval=10000000 ret=10263873
0025:Call msvcrt.memcpy(10001000,0014b3d0,00031000) ret=102638e9
0025:Ret msvcrt.memcpy() retval=10001000 ret=102638e9
0025:Call msvcrt.memcpy(10032000,0017c3d0,00003000) ret=102638e9
0025:Ret msvcrt.memcpy() retval=10032000 ret=102638e9
0025:Call msvcrt.memcpy(10035000,0017f3d0,00006000) ret=102638e9
0025:Ret msvcrt.memcpy() retval=10035000 ret=102638e9
0025:Call msvcrt.memcpy(10044000,001853d0,00003000) ret=102638e9
0025:Ret msvcrt.memcpy() retval=10044000 ret=102638e9
0025:Call msvcrt.memcpy(10047000,001883d0,00004000) ret=102638e9
0025:Ret msvcrt.memcpy() retval=10047000 ret=102638e9
--- snip ---
Wine allows "VirtualAlloc( dll_image_base, size, MEM_COMMIT, PAGE_READWRITE)"
to succeed, returning the original image base where "Powerbullet.dll" is mapped
to.
The original headers/sections of the dll are partly overwritten with newly
created headers and sections during unpack phase, resulting in later CRC
mismatch.
The allocation request should have been denied which results in app calling
VirtualAlloc() another time, now passing NULL (letting Wine determine the
address).
Dump of memory map for the dll:
--- snip ---
address size section contains type access initial access
========================================================================
10000000 00001000 PE header Img R RWX CopyOnWr
10001000 001A4000 .text Img R X RWX CopyOnWr
101A5000 0004D000 .rdata Exports Img R RWX CopyOnWr
101F2000 00035000 .data Data Img RW Copy> RWX CopyOnWr
10227000 0000D000 STLPORT_ Img RW Copy> RWX CopyOnWr
10234000 00019000 .reloc Img R RWX CopyOnWr
1024D000 00040000 .text1,.ad Code Img R X RWX CopyOnWr
1028D000 00010000 .data1 Img RW Copy> RWX CopyOnWr
1029D000 00010000 .reloc1 Relocations Img R RWX CopyOnWr
102AD000 00110000 .pdata Imports Img RW Copy> RWX CopyOnWr
103BD000 0000C000 .rsrc Resources Img R RWX CopyOnWr
--- snip ---
How it should look like (dll is registered successfully):
--- snip ---
0028:Call KERNEL32.VirtualAlloc(10000000,0004b000,00001000,00000004)
ret=102637a6
0028:trace:virtual:NtAllocateVirtualMemory 0xffffffff 0x10000000 0004b000 1000
00000004
0028:Ret KERNEL32.VirtualAlloc() retval=00000000 ret=102637a6
0028:Call KERNEL32.VirtualAlloc(00000000,0004b000,00001000,00000004)
ret=10263845
0028:trace:virtual:NtAllocateVirtualMemory 0xffffffff (nil) 0004b000 1000
00000004
0028:trace:virtual:map_view got mem in reserved area 0x4d0000-0x51b000
0028:trace:virtual:VIRTUAL_DumpView View: 0x4d0000 - 0x51afff (valloc)
0028:trace:virtual:VIRTUAL_DumpView 0x4d0000 - 0x51afff c-rw-
0028:trace:virtual:create_view forcing exec permission on 0x4d0000-0x51afff
0028:Ret KERNEL32.VirtualAlloc() retval=004d0000 ret=10263845
0028:Call msvcrt.memcpy(004d0000,0014a4f0,00001000) ret=10263873
0028:Ret msvcrt.memcpy() retval=004d0000 ret=10263873
0028:Call msvcrt.memcpy(004d1000,0014b4f0,00031000) ret=102638e9
0028:Ret msvcrt.memcpy() retval=004d1000 ret=102638e9
0028:Call msvcrt.memcpy(00502000,0017c4f0,00003000) ret=102638e9
0028:Ret msvcrt.memcpy() retval=00502000 ret=102638e9
0028:Call msvcrt.memcpy(00505000,0017f4f0,00006000) ret=102638e9
0028:Ret msvcrt.memcpy() retval=00505000 ret=102638e9
0028:Call msvcrt.memcpy(00514000,001854f0,00003000) ret=102638e9
0028:Ret msvcrt.memcpy() retval=00514000 ret=102638e9
0028:Call msvcrt.memcpy(00517000,001884f0,00004000) ret=102638e9
0028:Ret msvcrt.memcpy() retval=00517000 ret=102638e9
--- snip ---
(newly created headers/sections are written to different place, leaving the
original image intact).
After installation the app fails later on startup which is another Wine bug.
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list