[Bug 35652] Multiple MMORPH game launchers crash on startup ('DIALOG_CreateIndirect' needs to trigger WM_PAINT, missing 'UpdateWindow')(Aeria Games 'Aura Kingdom', STOnline)
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Sep 26 12:33:00 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=35652
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Aeria Games 'Aura Kingdom' |Multiple MMORPH game
|MMORPH launcher crashes on |launchers crash on startup
|startup |('DIALOG_CreateIndirect'
|('DIALOG_CreateIndirect' |needs to trigger WM_PAINT,
|needs to trigger WM_PAINT, |missing
|missing 'UpdateWindow') |'UpdateWindow')(Aeria Games
| |'Aura Kingdom', STOnline)
--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
I found another victim, 'Spirit Tales Online'
Download: http://st.koramgame.com/download/download.html
After debugging some hours I figured out it's the same issue.
Trace/relay log doesn't reveal much.
--- snip ---
...
004034C0 53 PUSH EBX
004034C1 56 PUSH ESI
004034C2 8BF1 MOV ESI,ECX
004034C4 8B86 A8000000 MOV EAX,DWORD PTR DS:[ESI+A8]
004034CA 57 PUSH EDI
004034CB 8DBE A8000000 LEA EDI,DWORD PTR DS:[ESI+A8]
004034D1 83E8 10 SUB EAX,10
004034D4 8378 0C 01 CMP DWORD PTR DS:[EAX+C],1
004034D8 7E 0B JLE SHORT _Launche.004034E5
...
0040350B 3986 8C0B0000 CMP DWORD PTR DS:[ESI+B8C],EAX
00403511 8986 900B0000 MOV DWORD PTR DS:[ESI+B90],EAX
00403517 0F84 97000000 JE _Launche.004035B4
0040351D 8B5C24 10 MOV EBX,DWORD PTR SS:[ESP+10]
00403521 85DB TEST EBX,EBX
00403523 75 05 JNZ SHORT _Launche.0040352A
00403525 BB 3D3D3D00 MOV EBX,3D3D3D
0040352A 8B8E 8C000000 MOV ECX,DWORD PTR DS:[ESI+8C] ; NULL instance
00403530 8986 8C0B0000 MOV DWORD PTR DS:[ESI+B8C],EAX
00403536 8B86 90000000 MOV EAX,DWORD PTR DS:[ESI+90]
0040353C 85C0 TEST EAX,EAX
0040353E 74 03 JE SHORT _Launche.00403543
00403540 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
00403543 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4] ; ECX == NULL *boom*
00403546 68 2000CC00 PUSH 0CC0020 ; rop
0040354B 68 1C020000 PUSH 21C ; y1
00403550 68 40010000 PUSH 140 ; x1
00403555 50 PUSH EAX ; hdcSrc
00403556 6A 12 PUSH 12 ; cy
00403558 68 AB010000 PUSH 1AB ; cx
0040355D 68 1C020000 PUSH 21C ; y
00403562 68 40010000 PUSH 140 ; x
00403567 52 PUSH EDX ; hdc
00403568 FF15 E8604800 CALL DWORD PTR DS:[<&GDI32.BitBlt>]
...
--- snip ---
Dump of internal object (referenced by ESI):
--- snip ---
$-4 022108FC 00455355 USE.
$ ==> 02210900 0048747C
$+4 02210904 00000001
$+8 02210908 00000000
$+C 0221090C 00000000
$+10 02210910 00000000
$+14 02210914 00000001
$+18 02210918 00000000
$+1C 0221091C 0012A4D0
$+20 02210920 000500E2
$+24 02210924 00000000
$+28 02210928 00000000
$+2C 0221092C 00000000
$+30 02210930 0049592C ; _Launcher.0049592C
$+34 02210934 004959A0 ; _Launcher.004959A0
$+38 02210938 00000000
$+3C 0221093C 00000018
$+40 02210940 7E8E5E8F ; OFFSET user32.DefDlgProcW
$+44 02210944 FFFFFFFF
$+48 02210948 00000000
$+4C 0221094C 00000000
$+50 02210950 00000000
$+54 02210954 00000066
$+58 02210958 00000066
$+5C 0221095C 00000000
$+60 02210960 00000000
$+64 02210964 00000000
$+68 02210968 00000000
$+6C 0221096C 00000000
$+70 02210970 00000000
$+74 02210974 00190032
$+78 02210978 00000000
$+7C 0221097C 00000405
$+80 02210980 000002A2
$+84 02210984 00000001
$+88 02210988 00000003
$+8C 0221098C 00000000 ; missing instance data (1)
$+90 02210990 00000000 ; missing instance data (2)
...
--- snip ---
Instance data creation by game winproc handler (WM_PAINT case):
--- snip ---
...
00405210 6A FF PUSH -1
00405212 68 DC184800 PUSH 004818DC ; Entry point
00405217 64:A1 0000000 MOV EAX,DWORD PTR FS:[0]
0040521D 50 PUSH EAX
0040521E 83EC 1C SUB ESP,1C
00405221 53 PUSH EBX
00405222 55 PUSH EBP
00405223 56 PUSH ESI
00405224 57 PUSH EDI
00405225 A1 30804A00 MOV EAX,DWORD PTR DS:[4A8030]
...
00405259 56 PUSH ESI
0040525A 8BC8 MOV ECX,EAX
0040525C E8 71F60400 CALL 004548D2 ; _Launcher.004548D2
00405261 EB 02 JMP SHORT 00405265
00405263 33C0 XOR EAX,EAX
00405265 8986 8C000000 MOV DWORD PTR DS:[ESI+8C],EAX ; instance data (1)
0040526B 8B10 MOV EDX,DWORD PTR DS:[EAX] ; ASCII "SAE"
0040526D 8B52 28 MOV EDX,DWORD PTR DS:[EDX+28]
...
--- snip ---
The game launcher creates a dhtml-based dialog using
'CreateDialogIndirectParamW' and expects it's redraw/paint handler being called
inside dialog creation.
Wine doesn't do this, only calling 'ShowWindow' (which doesn't trigger
repaint), resulting in missing instance data, causing the crash.
My fix from comment #3 also makes this launcher/game to work - it starts
auto-update.
You might consider sending a patch since these user32 bugs are nasty/time
consuming to investigate.
$ sha1sum STOnline_US_20140507.exe
4b29fb0176f5d325e31698338b85bce65438145e STOnline_US_20140507.exe
$ du -sh STOnline_US_20140507.exe
2.4G STOnline_US_20140507.exe
$ wine --version
wine-1.7.27-47-g92bcb74
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list