[Bug 18119] SmartDraw 2009/2010/CI aborts after displaying trial window

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Apr 16 17:22:25 CDT 2014


https://bugs.winehq.org/show_bug.cgi?id=18119

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
                 CC|                            |focht at gmx.net
            Summary|SmartDraw aborts after      |SmartDraw 2009/2010/CI
                   |displaying trial window     |aborts after displaying
                   |                            |trial window

--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

The latest version from the website, 'SmartDraw CI' is infested with some
intrusive DRM scheme.

--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09

Scanning -> Z:\home\focht\.wine\drive_c\SmartDraw CI\SmartDraw.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 6050784 (05C53E0h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 05C3A00h, size : 01960h / 06496
byte(s)
-> File has 1928832 (01D6E80h) bytes of appended data starting at offset
03ECC00h
[File Heuristics] -> Flag : 00000000000001001100001000100111 (0x0004C227)
[Entrypoint Section Entropy] : 5.88
[!] LiCENSE - CrypKey Instant v7.x Wrapperdetected !
[CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008)
- Scan Took : 0.346 Second(s) [00000015Ah tick(s)] [533 scan(s) done] 
--- snip ---

When you run the trial, a second process is started which "protects" the first
process by acting as debugger.
Besides standard anti-debugging measures, some 'Nanomite' mechanism is used to
decrypt pages on the fly (first employed by Armadillo DRM scheme).

Fortunately I found older SmartDraw 2010 demo here:
http://download.cnet.com/SmartDraw-2009/3000-2075_4-10898880.html 

This version has less intrusive anti-debugging checks which can be bypassed
quickly (only 'IsDebuggerPresent' and 'NtQueryInformationProcess' 'DebugPort'
info class).

--- snip ---
...
0023:Call PE DLL (proc=0x2cd50b9,module=0x2c90000
L"SDC.dll",reason=PROCESS_ATTACH,res=(nil)) 
...
0023:Call user32.CreatePopupMenu() ret=02c9bbc7
0023:trace:menu:CreateMenu return 0x10152
0023:Ret  user32.CreatePopupMenu() retval=00010152 ret=02c9bbc7  
...
0023:Call user32.AppendMenuA(00010152,00000110,000075cd,02d39b20) ret=02c9ce48
0023:trace:menu:InsertMenuW hMenu 0x10152, pos -1, flags 00000510, id 75cd, str
0x2d39b20 (not a string)
0023:trace:menu:MENU_InsertItem inserting at 0 flags 510
0023:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from:  { ID=0x0
} 
0023:warn:menu:MENU_GetMenu other process menu 0x75cd?
0023:trace:menu:RemoveMenu (menu=0x10152 pos=ffffffff flags=0510)
0023:Ret  user32.AppendMenuA() retval=00000000 ret=02c9ce48
...
0023:Call user32.DestroyMenu(00010152) ret=02cbc110
0023:Ret  user32.DestroyMenu() retval=00000001 ret=02cbc110
...
0023:Call user32.MessageBoxA(000200e2,00cad248 "Unable to load SmartDraw.
Perhaps too many instances are open.",00cad140 "SmartDraw",00002030)
ret=0045310c  
--- snip ---

After some debugging I came to conclusion that id '0x75cd' is _not_ a menu
handle but some menu item id.
Unlike the other popup menus, this popup menu is created through some helper
dll call -> SDC.SDC_CreateSDMenuFromBIN() (internal resource called
'PROPERTIESMENU').

The parent is a popup menu, created through 'CreatePopupMenu'.

This is either an application bug with 'MF_POPUP' flag being passed on this
menu item ('MF_OWNERDRAW | MF_POPUP') or valid code and MSDN is incorrect
(wouldn't be the first time).

I made a quick hack, not interpreting this item as menu handle and it allowed
'SmartDraw 2010' to start.
This also allows 'SmartDraw CI' (infested with intrusive DRM scheme) to start -
although it takes quite long.

I suggest add such cases to existing user32/menu test suite to figure out how
Windows behaves.

$ sha1sum smartdraw_setup_CNET.exe 
5b5e15d4204bb6c43aabbe4c15f62ec7b7300aaa  smartdraw_setup_CNET.exe

$ du -sh smartdraw_setup_CNET.exe 
24M    smartdraw_setup_CNET.exe

$ wine --version
wine-1.7.16-199-ga6e53ea

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.



More information about the wine-bugs mailing list