[Bug 15705] AREA 51 free w/ads version, setup_exception_record stack overflow (Softwrap DRM scheme)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Aug 16 16:38:31 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=15705

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
             Status|NEW                         |RESOLVED
                URL|http://www.gameupdates.org/ |http://uk2.strategyinformer
                   |details.php?id=2899         |.com/v2/download/1c3a34db/a
                   |                            |rea51/midway_area51.exe
                 CC|                            |focht at gmx.net
         Resolution|---                         |ABANDONED
            Summary|AREA 51 free w/ads version, |AREA 51 free w/ads version,
                   |setup_exception_record      |setup_exception_record
                   |stack overflow              |stack overflow (Softwrap
                   |                            |DRM scheme)

--- Comment #10 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

resolving 'abandoned' here.

It's indeed Softwrap DRM scheme.
Unfortunately ... or rather fortunately for mankind that garbage went
defunct/bankrupt.

--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> C:\Program Files\Midway Home Entertainment\AREA-51\A51.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 1433600 (015E000h)
Byte(s)
Compilation TimeStamp : 0x47B94218 -> Mon 18th Feb 2008 08:30:16 (GMT)
[TimeStamp] 0x47B94218 -> Mon 18th Feb 2008 08:30:16 (GMT) | PE Header | - |
Offset: 0x00000120 | VA: 0x00400120 | -
[TimeStamp] 0x47B94218 -> Mon 18th Feb 2008 08:30:16 (GMT) | Export | - |
Offset: 0x00158838 | VA: 0x00580838 | -
[File Heuristics] -> Flag #1 : 00000000000000000100000100100011 (0x00004123)
[Entrypoint Section Entropy] : 7.66 (section #5) ".xlok   " | Size : 0x9000
(36864) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 6 (0x6) | ImageSize 0x186000 (1597440) byte(s)
[Export] 100% of function(s) (4 of 4) are in file | 0 are forwarded | 4 code |
0 data | 0 uninit data | 0 unknown | 
[!] SoftWrap detected !
[CdKeySerial] found "License key" @ VA: 0x000FEA4D / Offset: 0x000D6A4D
[CdKeySerial] found "License key" @ VA: 0x00106629 / Offset: 0x000DE629
[CdKeySerial] found "Trial period" @ VA: 0x0010A994 / Offset: 0x000E2994
[CdKeySerial] found "Trial period" @ VA: 0x00118C5C / Offset: 0x000F0C5C
[CdKeySerial] found "Trial period" @ VA: 0x001359A1 / Offset: 0x0010D9A1
[CompilerDetect] -> Borland Delphi (unknown version) - 20% probability
- Scan Took : 0.690 Second(s) [0000002B2h (690) tick(s)] [499 of 573 scan(s)
done]
--- snip ---

The app hangs on startup and eventually times out when trying to reach now
defunct softwrap.com server(s).

--- snip ---
$ WINEDEBUG=+tid,+seh,+relay wine ./A51.exe >>log.txt 2>&1
...
0027:Call wininet.InternetConnectA(00000001,0032dca9
"www.softwrap.com",003201bb,0049e4bd "",0049e4bd "",00000003,00000000,00000000)
ret=00461aa5 
...
0027:Ret  wininet.InternetConnectA() retval=00000002 ret=00461aa5
0027:Call wininet.HttpOpenRequestA(00000002,004a97d0 "POST",0032dc29
"CountryLookupService/CountryLookupService.asmx/CountryStatusLookup",004a9bfc
"HTTP/1.1",0049e4bd "",00000000,04c01000,00000000) ret=0046392e 
...
0027:Ret  wininet.HttpOpenRequestA() retval=00000003 ret=0046392e
0027:Call wininet.HttpSendRequestA(00000003,0032d38c "Host:
www.softwrap.com:443\r\nContent-Type:
application/x-www-form-urlencoded\r\n",0000004d,0032dfcc,0000002d) ret=00463a36 
...
0027:Call KERNEL32.InitOnceExecuteOnce(7e1dca20,7e1a20c5,00000000,00000000)
ret=7e1a2189
0027:Call ws2_32.WSAStartup(00000101,0032bc44) ret=7e1a20ef
0027:Ret  ws2_32.WSAStartup() retval=00000000 ret=7e1a20ef
0027:Ret  KERNEL32.InitOnceExecuteOnce() retval=00000001 ret=7e1a2189
0027:Call ws2_32.socket(00000002,00000001,00000000) ret=7e1a2235
0027:Ret  ws2_32.socket() retval=0000007c ret=7e1a2235
0027:Call ws2_32.connect(0000007c,00150c88,00000010) ret=7e1a2288
...
0027:Ret  ws2_32.connect() retval=ffffffff ret=7e1a2288
0027:Call ws2_32.WSAGetLastError() ret=7e1a229d
0027:Ret  ws2_32.WSAGetLastError() retval=0000274c ret=7e1a229d
...
0027:err:wininet:open_http_connection create_netconn failed: 12029
...
0027:Ret  wininet.HttpSendRequestA() retval=00000000 ret=00463a36 
...
0027:Call user32.CreateWindowExW(00000000,004a3260 L"SWMARCLASS",004a324c
L"SWOFTWRAP",00cf0000,00000064,00000064,0000000a,0000000a,00010020,00000000,00400000,00000000)
ret=0041ffb9 
...
0027:Call KERNEL32.CreateFileA(005951f8 "C:\\Program Files\\Midway Home
Entertainment\\AREA-51\\html\\NoInternet.htm",80000000,00000000,00000000,00000003,00000000,00000000)
ret=00413a24 
...
--- snip ---

$ sha1sum midway_area51.exe 
8822a64b128ffd95f43d63537c0d11392c23d6b7  midway_area51.exe

$ du -sh midway_area51.exe 
2.0G    midway_area51.exe

$ wine --version
wine-1.7.49-41-g36a39ce

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list