[Bug 23449] Daemon tools Lite 4.35.6 fails to install, reports: "Internal setup error. Error code 256. Contact support." (expects syscall trampoline layout for some native API)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Feb 28 06:45:16 CST 2014 

https://bugs.winehq.org/show_bug.cgi?id=23449

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
             Status|NEW                         |RESOLVED
                URL|http://www.daemon-tools.cc/ |www.oldapps.com/daemon_tool
                   |eng/home                    |s.php?old_daemon_tools=23
          Component|advapi32                    |ntdll
         Resolution|---                         |WONTFIX
            Summary|Daemon tools Lite 4.35.6    |Daemon tools Lite 4.35.6
                   |Fails to install, giving    |fails to install, reports:
                   |error message: "Internal    |"Internal setup error.
                   |setup error. Error code     |Error code 256. Contact
                   |256. Contact support."      |support." (expects syscall
                   |                            |trampoline layout for some
                   |                            |native API)

--- Comment #17 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting.

I already said it in comment #12 - there is not much we can do here.

The installer (setuphlp.dll) analyses native API entry points and expects a
certain layout to patch it later.
It tries to disguise its actions by encrypting lookup strings for PE exports
and xor'ing the API entry point addresses in memory.

* ntdll.NtQueryInformationProcess
* ntdll.NtAllocateVirtualMemory
* ntdll.NtProtectVirtualMemory
* ntdll.NtReadVirtualMemory
* ntdll.NtGetContextThread
* ntdll.NtSetContextThread

The entry point analyzer can cope with some opcode variations but still expects
Windows syscall trampoline layout (eax = syscall number, edx =
KUSER_SHARED_DATA->syscall ...).

Shorted example what it looks for (it's actually more complex):

[00]  [01][02][03][04] [05]        [06]
[0xB8] xx  xx  xx  xx  [0x8D|0xBA] ...
mov eax, x             mov edx, ...

Anyway, it seems in newer versions they dropped this garbage.
I'll resolve this 'WONTFIX' here.

$ sha1sum DTLite4356-0091.exe 
8e1d4488d30ccd527c32240b96c246928971023f  DTLite4356-0091.exe

$ du -sh DTLite4356-0091.exe 
9.2M    DTLite4356-0091.exe

$ wine --version
wine-1.7.13-118-g0eb6265

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list