[Bug 34457] Proteus 8 Professional crashes in process PE entry point (non-legit patch makes assumptions about entry point register layout)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Sep 13 06:16:41 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=34457
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |obfuscation
Status|UNCONFIRMED |RESOLVED
Component|-unknown |kernel32
Resolution|--- |INVALID
Summary|Proteus 8 Professional does |Proteus 8 Professional
|not run |crashes in process PE entry
| |point (non-legit patch
| |makes assumptions about
| |entry point register
| |layout)
--- Comment #9 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
OP's backtrace is a crash directly in main executable entry point.
In short: It's a version which was modified in non-legit ways, containing some
brain damaged code.
The original vendor executables from 8.0 and 8.0 SP1 work.
--- snip ---
...
Unhandled exception: page fault on write access to 0x00400201 in 32-bit code
(0x00531b62).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:00531b62 ESP:0033fe40 EBP:0033fe78 EFLAGS:00210212( R- -- I -A- - )
EAX:00000000 EBX:00000040 ECX:00000201 EDX:00400000
ESI:7ffdf000 EDI:00531b27
Stack dump:
0x0033fe40: 00531b27 7ffdf000 0033fe78 0033fe60
0x0033fe50: 7b8b4ff4 00400000 0033fef0 00000000
0x0033fe60: 00200216 7b85f22c 7ffdf000 7bc5076a
0x0033fe70: 7b8b4ff4 7ffdf000 0033feb8 7b8604ab
0x0033fe80: 7ffdf000 00531b27 00000000 00000000
0x0033fe90: 00000000 00000000 00000000 00000000
Backtrace:
=>0 0x00531b62 in pds (+0x131b62) (0x0033fe78)
1 0x7b8604ab in kernel32 (+0x504aa) (0x0033feb8)
2 0x7bc791c0 call_thread_func_wrapper+0xb() in ntdll (0x0033fed8)
3 0x7bc7c1cd call_thread_func+0x7c() in ntdll (0x0033ffa8)
4 0x7bc7919e RtlRaiseException+0x21() in ntdll (0x0033ffc8)
5 0x7bc4e45e call_dll_entry_point+0x33d() in ntdll (0x0033ffe8)
6 0xf758376d wine_call_on_stack+0x1c() in libwine.so.1 (0x00000000)
7 0xf758382b wine_switch_to_stack+0x2a() in libwine.so.1 (0xffac0d18)
8 0x7bc542c0 LdrInitializeThunk+0x3af() in ntdll (0xffac0d88)
9 0x7b866a82 __wine_kernel_init+0xa21() in kernel32 (0xffac1f38)
10 0x7bc54a7b __wine_process_init+0x25a() in ntdll (0xffac1fc8)
11 0xf7580ccc wine_init+0x2db() in libwine.so.1 (0xffac2038)
12 0x7bf00f43 main+0xf2() in <wine-loader> (0xffac2488)
13 0xf739d935 __libc_start_main+0xf4() in libc.so.6 (0x00000000)
0x00531b62: movb %bl,0x0(%ecx,%edx,1)
Modules:
Module Address Debug info Name (124 modules)
PE 340000- 36d000 Deferred wincore
PE 370000- 3c4000 Deferred windialog
PE 3d0000- 3e0000 Deferred xlib
PE 3e0000- 3fa000 Deferred zlib
PE 400000- 533d6a Export pds
PE 540000- 848000 Deferred libmmd
PE 850000- 8e9000 Deferred appframe
PE 8f0000- 945000 Deferred vgdvc
PE 950000- 966000 Deferred internet
PE 970000- 990000 Deferred licence
PE 990000- 9d5000 Deferred ssleay32
PE 9e0000- b03000 Deferred libeay32
PE b10000- b44000 Deferred netlist
PE 10000000-10093000 Deferred lxlcore
PE 61000000-61053000 Deferred qtxml4
PE 64000000-640f3000 Deferred qtnetwork4
PE 65000000-657e3000 Deferred qtgui4
PE 67000000-6727d000 Deferred qtcore4
PE 78480000-7850e000 Deferred msvcp90
PE 78520000-785c3000 Deferred msvcr90
...
Threads:
process tid prio (all id:s are in hex)
...
0000003b (D) C:\Program Files (x86)\Labcenter Electronics\Proteus 8
Professional\BIN\PDS.EXE
0000003c 0 <==
--- snip ---
The entry point is located in '.reloc' section.
The appended imports section '.Silvana' is probably from the guy who did it.
--- snip ---
->Section Header Table
...
5. item:
Name: .reloc
VirtualSize: 0x00006D6A
VirtualAddress: 0x0012C000
SizeOfRawData: 0x00006E00
PointerToRawData: 0x00125400
PointerToRelocations: 0x00000000
PointerToLinenumbers: 0x00000000
NumberOfRelocations: 0x0000
NumberOfLinenumbers: 0x0000
Characteristics: 0xE2000040
(INITIALIZED_DATA, DISCARDABLE, EXECUTE, READ, WRITE)
6. item:
Name: .Silvana
VirtualSize: 0x00001000
VirtualAddress: 0x00133000
SizeOfRawData: 0x000001E2
PointerToRawData: 0x0012C200
PointerToRelocations: 0x00000000
PointerToLinenumbers: 0x00000000
NumberOfRelocations: 0x0000
NumberOfLinenumbers: 0x0000
Characteristics: 0xC0000040
(INITIALIZED_DATA, READ, WRITE)
--- snip ---
Entry point:
--- snip ---
00531B27 9C PUSHFD
00531B28 60 PUSHAD
00531B29 B9 72030000 MOV ECX,372
00531B2E 90 NOP
00531B2F 66:833C11 53 CMP WORD PTR DS:[EDX+ECX],53
00531B34 90 NOP
00531B35 74 1D JE SHORT 00531B54
00531B37 83E9 01 SUB ECX,1
00531B3A 83F9 00 CMP ECX,0
00531B3D 74 61 JE SHORT 00531BA0
00531B3F 90 NOP
00531B40 EB ED JMP SHORT 00531B2F
--- snip ---
>From a technical perspective this bug falls into same category as bug 24374
Both make assumptions about the way Windows OS loader prepares the entry point
stack and register context.
I could certainly explain the problem here but since this code is not part of a
*legit* protection scheme no gold for you.
$ wine --version
wine-1.7.26-44-gb10b391
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list