[Bug 16092] StickyDrive app crashes on startup (madCodeHook, in-memory PE image of Wine builtins vs. placeholder image on disk)
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Jul 31 01:21:36 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=16092
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
URL|http://mmiline.com/ |http://mmiline.com/stickydr
| |ive_about.cfm
Keywords| |obfuscation
Hardware|Other |x86
CC| |focht at gmx.net
Resolution|--- |DUPLICATE
Summary|StickyDrive app crashes on |StickyDrive app crashes on
|startup |startup (madCodeHook,
| |in-memory PE image of Wine
| |builtins vs. placeholder
| |image on disk)
OS|other |Linux
--- Comment #6 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
dupe of bug 15437
--- snip ---
...
003d:Call KERNEL32.CreateProcessW(00000000,0013e68c
L"__STICKYDRIVE/StickyDrive.exe",00000000,00000000,00000000,00000000,00000000,00000000,0033f8c0,0033f904)
ret=660ccebf
...
003f:Call KERNEL32.__wine_kernel_init() ret=7bc59dbc
003d:Ret KERNEL32.CreateProcessW() retval=00000001 ret=660ccebf
...
003f:Call KERNEL32.GetModuleFileNameW(7b810000,00189268,00000104) ret=0326fa75
003f:Ret KERNEL32.GetModuleFileNameW() retval=00000020 ret=0326fa75
003f:Call KERNEL32.CreateFileW(00189268
L"C:\\windows\\system32\\KERNEL32.dll",80000000,00000001,00000000,00000003,00000000,00000000)
ret=0326fa8a
003f:Ret KERNEL32.CreateFileW() retval=000000f0 ret=0326fa8a
...
003f:Call
KERNEL32.CreateFileMappingW(000000f0,00000000,00000002,00000000,00000000,00000000)
ret=0326fae6
003f:Ret KERNEL32.CreateFileMappingW() retval=000000f4 ret=0326fae6
003f:Call KERNEL32.MapViewOfFile(000000f4,00000004,00000000,00000000,00000000)
ret=0326fb0e
003f:Ret KERNEL32.MapViewOfFile() retval=03390000 ret=0326fb0e
003f:Call KERNEL32.CloseHandle(000000f4) ret=0326fb16
003f:Ret KERNEL32.CloseHandle() retval=00000001 ret=0326fb16
003f:Call KERNEL32.CloseHandle(000000f0) ret=0326fb1c
003f:Ret KERNEL32.CloseHandle() retval=00000001 ret=0326fb1c
...
003f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x326fc6b ip=0326fc6b
tid=003f
003f:trace:seh:raise_exception info[0]=00000000
003f:trace:seh:raise_exception info[1]=03a703b9
003f:trace:seh:raise_exception eax=03a70065 ebx=7b810000 ecx=00000001
edx=000000d5 esi=7b810040 edi=03390000
003f:trace:seh:raise_exception ebp=0343e2d8 esp=0033f500 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210206
003f:trace:seh:call_stack_handlers calling handler at 0x327b605 code=c0000005
flags=0
003f:trace:seh:call_stack_handlers handler at 0x327b605 returned 1
003f:trace:seh:call_stack_handlers calling handler at 0x3253db8 code=c0000005
flags=0
003f:Call KERNEL32.UnhandledExceptionFilter(0033eff0) ret=03253ddc
wine: Unhandled page fault on read access to 0x03a703b9 at address
0x0000:0x0326fc6b (thread 003f), starting debugger...
...
--- snip ---
'StickyDrive.exe' is wrapped with UPX.
--- snip ---
$ upx -d StickyDrive.exe -o /tmp/unpacked && strings /tmp/unpacked | grep -i
mad
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2013
UPX 3.91 Markus Oberhumer, Laszlo Molnar & John Reiser Sep 30th 2013
File size Ratio Format Name
-------------------- ------ ----------- -----------
6556691 <- 2827283 43.12% win32/pe unpacked
Unpacked 1 file.
...
madDisAsm
madDisAsm
madDisAsm
madRemote
madCodeHook
--- snip ---
$ sha1sum MMIStickyDriveInstaller.zip
086a57bc6f87ff8d88b1193a959205d3d7972426 MMIStickyDriveInstaller.zip
$ du -sh MMIStickyDriveInstaller.zip
39M MMIStickyDriveInstaller.zip
$ wine --version
wine-1.7.23-15-gbe2128f
Regards
*** This bug has been marked as a duplicate of bug 15437 ***
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list