[Bug 37408] NetWitness 9.x fails: GetDiskFreeSpaceExW - Does not accept path to file
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Oct 26 17:08:56 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=37408
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P4 |P2
Status|UNCONFIRMED |NEW
URL| |http://www.mtsac.edu/~bluet
| |eam/Forensic/NwInvestigator
| |Setup.exe
Keywords| |download
CC| |focht at gmx.net
Ever confirmed|0 |1
Summary|GetDiskFreeSpaceExW - Does |NetWitness 9.x fails:
|not accept path to file |GetDiskFreeSpaceExW - Does
| |not accept path to file
Severity|major |normal
--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello,
from the logs it seems you are trying to run N^HRSA NetWitness Investigator
v9.x
--- quote ---
According to standard Microsoft documentation the GetDiskFreeSpaceExW WINAPI
call should fail if a directory is not given as the path to check free disk
space for. The documentation is incorrect. Making a call to GetDiskFreeSpaceExW
with a full path to a file (and not a directory) does indeed succeed on
standard windows.
--- quote ---
I doubt that MS makes such obvious documentation mistake, given a parameter
'lpDirectoryName'.
If the app makes such a call it doesn't mean it's correct.
That are gazillion broken apps containing stupid code that works by chance or
fails silently.
Please write a test case and submit it to Wine test bot to prove your claim:
http://wiki.winehq.org/WineTestBot
Since you provided your own analysis (which is likely incorrect) you omitted
the important info: crash information (backtrace), error messages, terminal
logs etc.
Also specify the *exact* version of the app (9.5, 9.6, ???).
Tidbit: the app version 9.6 I found seems to be protected by Themida DRM
scheme.
--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> C:\Program Files\NetWitness\NetWitness
9.6\Investigator\NwInvestigatorPE.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 7936336 (0791950h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 0790200h, size : 01750h / 05968
byte(s)
[File Heuristics] -> Flag : 00000000000001001100000000000111 (0x0004C007)
[Entrypoint Section Entropy] : 1.50
[!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected !
[i] Hide PE Scanner Option used
- Scan Took : 0.738 Second(s) [0000002E2h tick(s)] [533 scan(s) done]
--- snip ---
$ sha1sum NwInvestigatorSetup.exe
da176dab04c67c98dba6c017b54842b9be607ad65 NwInvestigatorSetup.exe
$ du -sh NwInvestigatorSetup.exe
132M NwInvestigatorSetup.exe
$ wine --version
wine-1.7.29-57-gfbf2557
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list