[Bug 37408] NetWitness 9.x fails: GetDiskFreeSpaceExW - Does not accept path to file

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Oct 26 17:08:56 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=37408

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P4                          |P2
             Status|UNCONFIRMED                 |NEW
                URL|                            |http://www.mtsac.edu/~bluet
                   |                            |eam/Forensic/NwInvestigator
                   |                            |Setup.exe
           Keywords|                            |download
                 CC|                            |focht at gmx.net
     Ever confirmed|0                           |1
            Summary|GetDiskFreeSpaceExW - Does  |NetWitness 9.x fails:
                   |not accept path to file     |GetDiskFreeSpaceExW - Does
                   |                            |not accept path to file
           Severity|major                       |normal

--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello,

from the logs it seems you are trying to run N^HRSA NetWitness Investigator
v9.x

--- quote ---
According to standard Microsoft documentation the GetDiskFreeSpaceExW WINAPI
call should fail if a directory is not given as the path to check free disk
space for. The documentation is incorrect. Making a call to GetDiskFreeSpaceExW
with a full path to a file (and not a directory) does indeed succeed on
standard windows. 
--- quote ---

I doubt that MS makes such obvious documentation mistake, given a parameter
'lpDirectoryName'.

If the app makes such a call it doesn't mean it's correct.
That are gazillion broken apps containing stupid code that works by chance or
fails silently.

Please write a test case and submit it to Wine test bot to prove your claim:

http://wiki.winehq.org/WineTestBot

Since you provided your own analysis (which is likely incorrect) you omitted
the important info: crash information (backtrace), error messages, terminal
logs etc.
Also specify the *exact* version of the app (9.5, 9.6, ???).

Tidbit: the app version 9.6 I found seems to be protected by Themida DRM
scheme.

--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...

Scanning -> C:\Program Files\NetWitness\NetWitness
9.6\Investigator\NwInvestigatorPE.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 7936336 (0791950h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 0790200h, size : 01750h / 05968
byte(s)
[File Heuristics] -> Flag : 00000000000001001100000000000111 (0x0004C007)
[Entrypoint Section Entropy] : 1.50
[!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected !
[i] Hide PE Scanner Option used
- Scan Took : 0.738 Second(s) [0000002E2h tick(s)] [533 scan(s) done] 
--- snip ---

$ sha1sum NwInvestigatorSetup.exe
da176dab04c67c98dba6c017b54842b9be607ad65  NwInvestigatorSetup.exe

$ du -sh NwInvestigatorSetup.exe
132M    NwInvestigatorSetup.exe

$ wine --version
wine-1.7.29-57-gfbf2557

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list