[Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (Promon Shield DRM needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Jul 10 18:42:23 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=37449

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
      Fixed by SHA1|                            |e3503799d975a0adfcad2ef961e
                   |                            |c8989a68492f2
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
            Summary|Lexware Quicken 2014 Deluxe |Lexware Quicken 2014 Deluxe
                   |reports error 0x0000054f on |reports error 0x0000054f on
                   |startup (needs              |startup (Promon Shield DRM
                   |RtlDecompressBuffer with    |needs RtlDecompressBuffer
                   |COMPRESSION_FORMAT_LZNT1    |with
                   |support)                    |COMPRESSION_FORMAT_LZNT1
                   |                            |support)

--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

this is fixed by commit
https://source.winehq.org/git/wine.git/commitdiff/e3503799d975a0adfcad2ef961ec8989a68492f2

Thanks Sebastian

--- snip ---
...
002d:Ret  wintrust.WinVerifyTrust() retval=00000000 ret=10001929
002d:Call KERNEL32.LocalAlloc(00000040,0004d600) ret=1000140b
002d:Ret  KERNEL32.LocalAlloc() retval=00786f58 ret=1000140b
002d:Call
ntdll.RtlDecompressBuffer(00000002,00786f58,0004d600,100111b0,00032039,0032f608)
ret=1000142d
002d:trace:ntdll:RtlDecompressBuffer 0x0002, 0x786f58, 316928, 0x100111b0,
204857, 0x32f608
002d:trace:ntdll:RtlDecompressFragment 0x0002, 0x786f58, 316928, 0x100111b0,
204857, 0, 0x32f608, (nil)
002d:Ret  ntdll.RtlDecompressBuffer() retval=00000000 ret=1000142d
002d:Call ntdll.memset(100438ec,00000000,00000034) ret=1000c4b3
002d:Ret  ntdll.memset() retval=100438ec ret=1000c4b3
002d:Call ntdll.NtCreateEvent(100438f8,00100003,00000000,00000001,00000000)
ret=10003fcd
002d:Ret  ntdll.NtCreateEvent() retval=00000000 ret=10003fcd
002d:Call ntdll.NtCreateSemaphore(10043908,00100003,00000000,00000000,7fffffff)
ret=1000c4e4
002d:Ret  ntdll.NtCreateSemaphore() retval=00000000 ret=1000c4e4
002d:Call ntdll.NtCreateSemaphore(1004390c,00100003,00000000,00000000,7fffffff)
ret=1000c4fa
002d:Ret  ntdll.NtCreateSemaphore() retval=00000000 ret=1000c4fa
002d:Call ntdll.wcsstr(1000e2fc L"kernel32.dll",1000e2e8 L"ntdll.dll")
ret=10004580
002d:Ret  ntdll.wcsstr() retval=00000000 ret=10004580
002d:Call ntdll.RtlInitUnicodeString(0032f580,1000e2fc L"kernel32.dll")
ret=100045ba
002d:Ret  ntdll.RtlInitUnicodeString() retval=0032f580 ret=100045ba
002d:Call ntdll.LdrGetDllHandle(00000000,00000000,0032f580,0032f588)
ret=1000464c
002d:Ret  ntdll.LdrGetDllHandle() retval=00000000 ret=1000464c
002d:Call ntdll.LdrFindEntryForAddress(7b820000,0032f5b8) ret=10004889
002d:Ret  ntdll.LdrFindEntryForAddress() retval=00000000 ret=10004889
...
--- snip ---

The PE (dll) is successfully uncompressed to memory.
I dumped the buffer from memory to disk.

--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> Z:\home\focht\Downloads\promon-shield-dumped.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 316929 (04D601h)
Byte(s)
Compilation TimeStamp : 0x503F76CA -> Thu 30th Aug 2012 14:20:58 (GMT)
[TimeStamp] 0x503F76CA -> Thu 30th Aug 2012 14:20:58 (GMT) | PE Header | - |
Offset: 0x000000E8 | VA: 0x100000E8 | -
[TimeStamp] 0x503F76CA -> Thu 30th Aug 2012 14:20:58 (GMT) | DebugDirectory | -
| Offset: 0x00028EE4 | VA: 0x1002A4E4 | -
[File Heuristics] -> Flag #1 : 00000100000001001101000000000000 (0x0404D000)
[Entrypoint Section Entropy] : 6.69 (section #0) ".text   " | Size : 0x28564
(165220) byte(s)
[DllCharacteristics] -> Flag : (0x0140) -> ASLR | DEP
[SectionCount] 5 (0x5) | ImageSize 0x59000 (364544) byte(s)
[Debug Info] (record 1 of 1) (file offset 0x28EE0)
Characteristics : 0x0 | TimeDateStamp : 0x503F76CA (Thu 30th Aug 2012 14:20:58
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x59 (89) 
AddressOfRawData : 0x3B520 | PointerToRawData : 0x39F20
CvSig : 0x53445352 | SigGuid 3F4A4B99-C516-4F0B-916D806598EC9BE2
Age : 0x1 | Pdb :
d:\dev\shield\2.3-win8\src\shield-core\release\promon-shield.pdb
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.406 Second(s) [000000196h (406) tick(s)] [244 of 573 scan(s)
done]
--- snip ---

The error message "Quicken 2014 konnte nicht gestartet werden! (Fehler:
0x0000054f)" following is a different issue.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list