[Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=37449

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello Sebastian,

the patch is fine, a PE is unpacked in memory (later started as process).

--- quote ---
The weird thing is the return address, the application seems to mess around
manually with the TEB (in this case modifying the TlsBitmap) instead of using
API calls?!
--- quote ---

Yes, the code messes with loader/internal data structures.
In this case it reads/writes to TLS slots, bypassing native API.

Lexware uses 'Promon Shield SDK' to protect their app:

--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> C:\Program Files\Lexware\Quicken\2014\HmgShield.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 282480 (044F70h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 043800h, size : 01770h / 06000
byte(s)
[File Heuristics] -> Flag : 00000100000001001001000100000100 (0x04049104)
[Entrypoint Section Entropy] : 6.56
[Debug Info]
Characteristics : 0x0 | TimeDateStamp : 0x503F76CD | MajorVer : 0 / MinorVer :
0 -> (0.0)
Type : 2 -> CodeView | Size : 0x60 (96)
AddressOfRawData : 0xFAD0 | PointerToRawData : 0xEED0
CvSig : 0x53445352 | SigGuid 94848F81-2D3F-4915-9D4EBAB4605DCADB
Age : 0x1 | Pdb :
d:\dev\shield\2.3-win8\src\shield-sdk-dll\release\promon-shield-sdk.pdb
---- snip ---

Anyway, those are different issues.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.