[Bug 2770] Powerbullet Presenter 1.44: Powerbullet.dll registration fails (Armadillo v4.x software protection fails at checkpoint L5, error 0x17)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jun 23 11:16:15 CDT 2013 

http://bugs.winehq.org/show_bug.cgi?id=2770

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|-unknown                    |ntdll

--- Comment #22 from Anastasius Focht <focht at gmx.net> 2013-06-23 11:16:15 CDT ---
Hello folks,

well it seems the CRC error detected between Armadillo LP5 and LP6 checkpoints
results from much earlier problems.

In unpacking phase, "powerbullet.dll" header and PE sections are re-created in
memory (obviously modified).
A time later some parts of the original MZ/PE header are validated against
on-disk image.

Relevant part of trace log, resulting in later failure:

--- snip ---
$ WINEDEBUG=+tid,+seh,+relay wine regsvr32.exe Powerbullet.dll >> log.txt 2>&1
...
0025:Call PE DLL (proc=0x10275337,module=0x10000000
L"Powerbullet.dll",reason=PROCESS_ATTACH,res=(nil)) 
...
0025:Call KERNEL32.VirtualAlloc(10000000,0004b000,00001000,00000004)
ret=102637a6
0025:Ret  KERNEL32.VirtualAlloc() retval=10000000 ret=102637a6
0025:Call msvcrt.memcpy(10000000,0014a3d0,00001000) ret=10263873
0025:Ret  msvcrt.memcpy() retval=10000000 ret=10263873
0025:Call msvcrt.memcpy(10001000,0014b3d0,00031000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10001000 ret=102638e9
0025:Call msvcrt.memcpy(10032000,0017c3d0,00003000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10032000 ret=102638e9
0025:Call msvcrt.memcpy(10035000,0017f3d0,00006000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10035000 ret=102638e9
0025:Call msvcrt.memcpy(10044000,001853d0,00003000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10044000 ret=102638e9
0025:Call msvcrt.memcpy(10047000,001883d0,00004000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10047000 ret=102638e9 
--- snip ---

Wine allows "VirtualAlloc( dll_image_base, size, MEM_COMMIT, PAGE_READWRITE)"
to succeed, returning the original image base where "Powerbullet.dll" is mapped
to.
The original headers/sections of the dll are partly overwritten with newly
created headers and sections during unpack phase, resulting in later CRC
mismatch.

The allocation request should have been denied which results in app calling
VirtualAlloc() another time, now passing NULL (letting Wine determine the
address).

Dump of memory map for the dll:

--- snip ---
address   size     section     contains     type access   initial access
========================================================================
10000000  00001000             PE header    Img  R        RWX CopyOnWr
10001000  001A4000  .text                   Img  R X      RWX CopyOnWr
101A5000  0004D000  .rdata     Exports      Img  R        RWX CopyOnWr
101F2000  00035000  .data      Data         Img  RW Copy> RWX CopyOnWr
10227000  0000D000  STLPORT_                Img  RW Copy> RWX CopyOnWr
10234000  00019000  .reloc                  Img  R        RWX CopyOnWr
1024D000  00040000  .text1,.ad Code         Img  R X      RWX CopyOnWr
1028D000  00010000  .data1                  Img  RW Copy> RWX CopyOnWr
1029D000  00010000  .reloc1    Relocations  Img  R        RWX CopyOnWr
102AD000  00110000  .pdata     Imports      Img  RW Copy> RWX CopyOnWr
103BD000  0000C000  .rsrc      Resources    Img  R        RWX CopyOnWr
--- snip ---

How it should look like (dll is registered successfully):

--- snip ---
0028:Call KERNEL32.VirtualAlloc(10000000,0004b000,00001000,00000004)
ret=102637a6
0028:trace:virtual:NtAllocateVirtualMemory 0xffffffff 0x10000000 0004b000 1000
00000004
0028:Ret  KERNEL32.VirtualAlloc() retval=00000000 ret=102637a6
0028:Call KERNEL32.VirtualAlloc(00000000,0004b000,00001000,00000004)
ret=10263845
0028:trace:virtual:NtAllocateVirtualMemory 0xffffffff (nil) 0004b000 1000
00000004
0028:trace:virtual:map_view got mem in reserved area 0x4d0000-0x51b000
0028:trace:virtual:VIRTUAL_DumpView View: 0x4d0000 - 0x51afff (valloc)
0028:trace:virtual:VIRTUAL_DumpView       0x4d0000 - 0x51afff c-rw-
0028:trace:virtual:create_view forcing exec permission on 0x4d0000-0x51afff
0028:Ret  KERNEL32.VirtualAlloc() retval=004d0000 ret=10263845
0028:Call msvcrt.memcpy(004d0000,0014a4f0,00001000) ret=10263873
0028:Ret  msvcrt.memcpy() retval=004d0000 ret=10263873
0028:Call msvcrt.memcpy(004d1000,0014b4f0,00031000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=004d1000 ret=102638e9
0028:Call msvcrt.memcpy(00502000,0017c4f0,00003000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=00502000 ret=102638e9
0028:Call msvcrt.memcpy(00505000,0017f4f0,00006000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=00505000 ret=102638e9
0028:Call msvcrt.memcpy(00514000,001854f0,00003000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=00514000 ret=102638e9
0028:Call msvcrt.memcpy(00517000,001884f0,00004000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=00517000 ret=102638e9 
--- snip ---

(newly created headers/sections are written to different place, leaving the
original image intact).

After installation the app fails later on startup which is another Wine bug.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list