[Bug 23999] Multiple applications with DRM schemes need NtQueryVirtualMemory 'MemorySectionName' info class (EMS SQL Manager 2010 Lite for PostgreSQL v.4.7.08, Knight Online client)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jun 29 06:59:33 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=23999

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                URL|http://www.sqlmanager.net/e |http://us3cdn.ausgamers.com
                   |n/products/postgresql/manag |/downloads/1404038335/Knigh
                   |er/download/5/134           |tOnlineSetup_v2025.exe
            Summary|EMS SQL Manager 2010 Lite   |Multiple applications with
                   |for PostgreSQL crashes      |DRM schemes need
                   |after 10 min (needs         |NtQueryVirtualMemory
                   |NtQueryVirtualMemory with   |'MemorySectionName' info
                   |MemorySectionName info      |class (EMS SQL Manager 2010
                   |class)                      |Lite for PostgreSQL
                   |                            |v.4.7.08, Knight Online
                   |                            |client)
     Ever confirmed|0                           |1

--- Comment #7 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

--- quote ---
I have tested EMS SQL Manager v5.1.1.4 Lite for PostgreSQL (wine 1.4 and Ubuntu
12.04) and it works fine with only minor problems. There is no bug described
here.
--- quote ---

that's because you're using a newer app version than the one you reported the
bug with.
The newer one is wrapped with a different protection scheme:

--- quote ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> C:\Program Files\EMS\SQL Manager Lite for PostgreSQL\PgManager.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 12368840 (0BCBBC8h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 0BCA200h, size : 019C8h / 06600
byte(s)
-> File has 512 (0200h) bytes of appended data starting at offset 0BCA000h
[File Heuristics] -> Flag : 00000000000000001100001000000111 (0x0000C207)
[Entrypoint Section Entropy] : 6.53
[!] Armadillo *Unknown Version* detected !
- Scan Took : 0.702 Second(s) [0000002BEh tick(s)] [533 scan(s) done]
--- quote ---

The bug is obviously still present with the old version hence nothing was
fixed.
The problem is getting the old version - all 3rd party sites link to the vendor
main download site which kept getting updated.

I searched for other EMS products with the same date range (~ 2010) and
protection type/version and found 'EMS SQL Manager Lite 2010 for
InterBase/Firebird'

Download:
http://download.cnet.com/SQL-Manager-Lite-2010-for-InterBase-Firebird/3000-2065_4-75329819.html

$ sha1sum ibmanager_lite.zip 
03d423bc48653382a354aa7a79f64bbbb90c740e  ibmanager_lite.zip

$ du -sh ibmanager_lite.zip 
42M    ibmanager_lite.zip

--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> C:\Program Files\EMS\SQL Manager Lite for InterBase &
Firebird\IBManager.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 6616528 (064F5D0h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 064E000h, size : 015D0h / 05584
byte(s)
-> File has 512 (0200h) bytes of appended data starting at offset 064DE00h
[File Heuristics] -> Flag : 00000000000001001100000000100110 (0x0004C026)
[Entrypoint Section Entropy] : 8.00
[!] ASProtect SKE v2.3 - v2.5 detected !
- Scan Took : 0.623 Second(s) [00000026Fh tick(s)] [533 scan(s) done]
--- snip ---

Unfortunately this app doesn't exhibit the same behaviour (no watcher thread
created).

'Knight Online World' client v2.025 (MMORPG), wrapped with Themida 2.x also
makes use of this (stub doesn't seem to be critical here):

--- snip ---
$ pwd
/home/focht/.wine/drive_c/NTTGame/KnightOnlineEn

$ wine ./KnightOnLine.exe 
fixme:toolhelp:CreateToolhelp32Snapshot Unimplemented: heap list snapshot
fixme:toolhelp:CreateToolhelp32Snapshot Unimplemented: heap list snapshot
fixme:virtual:NtQueryVirtualMemory (process=0x17c,addr=0x400000) Unimplemented
information class: MemorySectionName
fixme:virtual:NtQueryVirtualMemory (process=0x17c,addr=0x3010000) Unimplemented
information class: MemorySectionName
fixme:virtual:NtQueryVirtualMemory (process=0x17c,addr=0x10000000)
Unimplemented information class: MemorySectionName
fixme:virtual:NtQueryVirtualMemory (process=0x17c,addr=0x7b810000)
Unimplemented information class: MemorySectionName
fixme:virtual:NtQueryVirtualMemory (process=0x17c,addr=0x7bc10000)
Unimplemented information class: MemorySectionName
fixme:virtual:NtQueryVirtualMemory (process=0x17c,addr=0x7d6d0000)
Unimplemented information class: MemorySectionName
fixme:virtual:NtQueryVirtualMemory (process=0x17c,addr=0x7d840000)
Unimplemented information class: MemorySectionName
...
--- snip ---

Protection scan:

--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> C:\NTTGame\KnightOnlineEn\KnightOnLine.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 4493752 (04491B8h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 0447000h, size : 021B8h / 08632
byte(s)
[File Heuristics] -> Flag : 00000000000000001100000000110111 (0x0000C037)
[Entrypoint Section Entropy] : 7.88
[!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected !
[i] Hide PE Scanner Option used
- Scan Took : 0.435 Second(s) [0000001B3h tick(s)] [533 scan(s) done]

Scanning -> C:\NTTGame\KnightOnlineEn\Launcher.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2232320 (0221000h)
Byte(s)
[File Heuristics] -> Flag : 00000000000000001000000000000000 (0x00008000)
[Entrypoint Section Entropy] : 6.66
[CompilerDetect] -> Visual C++ 8.0 (Visual Studio 2005)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.379 Second(s) [00000017Bh tick(s)] [533 scan(s) done]
--- snip ---

Refining summary to not letting this bug go to waste.

As previously mentioned, having this facility will also allow to implement
kernel32/psapi 'GetMappedFileName' stub.

$ sha1sum KnightOnlineSetup_v2025.exe 
6eaef8f9e4dcd6e205b17ac7af6e664bb16770ec  KnightOnlineSetup_v2025.exe

$ du -sh KnightOnlineSetup_v2025.exe 
686M    KnightOnlineSetup_v2025.exe

$ wine --version
wine-1.7.21-1-g47fa54e

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list